Skip to main content
Version: On prem: 15.0.0

Upgrade steps

info

Before upgrading, make sure that you have followed all required procedures described in the Upgrade guides section.

Upgrade software on all servers where Omada Identity is installed.

Upgrade Omada Identity Enterprise Server portal

To upgrade Omada Identity Enterprise Server:

  1. Uninstall the old version of Omada Identity Enterprise Server first, and then install the new version of Enterprise Server. After installation is completed, select the Show the Windows Installer log option and if necessary, save the log file.

  2. Run the Omada Enterprise Configuration Utility.

    • When you are prompted, enter the connection string that you saved. Then, click OK.

    • Click OK again to upgrade the database, then when the Setup complete message appears, click OK, and close the configuration utility.

      info

      At this point, in the Windows registry, ensure you enter the PswEncryptionKey that you copied.

note

If you have modified the web.config file, it won't be updated during the upgrade of Enterprise Server. In consequence, the Omada Identity application may not start or you may see the following error(s):

Could not load file or assembly 'Microsoft.Owin, Version=2.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies.The located assembly's manifest definition does not match the assembly reference.(Exception from HRESULT: 0x80131040)

To fix the problem, go to C:\Program Files\Omada Identity Suite\Enterprise Server\website\web.config and replace the content of <configuration><runtime><assemblyBinding> with the following <dependentAssembly> elements:

dependentAssembly elements
<configuration>
<runtime>
 	<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
 	
	<dependentAssembly>
		<assemblyIdentity name="Newtonsoft.Json" 
						  publicKeyToken="30ad4fe6b2a6aeed" 
						  culture="neutral"/>
		<bindingRedirect oldVersion="0.0.0.0-13.0.0.0" 
						 newVersion="13.0.0.0" />
	</dependentAssembly>
 
 	<dependentAssembly>
 		<assemblyIdentity name="System.Web.Http" 
 						  publicKeyToken="31bf3856ad364e35" 
 					      culture="neutral"/>
 		<bindingRedirect oldVersion="0.0.0.0-5.2.7.0" 
 						 newVersion="5.2.7.0"/>
 	</dependentAssembly>
 
 	<dependentAssembly>
 		<assemblyIdentity name="System.Net.Http.Formatting" 
 						  publicKeyToken="31bf3856ad364e35" 
 					      culture="neutral"/>
 		<bindingRedirect oldVersion="0.0.0.0-5.2.7.0" 
 					     newVersion="5.2.7.0"/>
 	</dependentAssembly>
 
 	<dependentAssembly>
 		<assemblyIdentity name="Microsoft.Owin" 
 						  publicKeyToken="31bf3856ad364e35" 
 						  culture="neutral"/>
		<bindingRedirect oldVersion="0.0.0.0-4.1.1.0" 
						 newVersion="4.1.1.0"/>
 	</dependentAssembly>
 
 	<dependentAssembly>
 		<assemblyIdentity name="Microsoft.Owin.Security" 
 						  publicKeyToken="31bf3856ad364e35" 
 						  culture="neutral"/>
 		<bindingRedirect oldVersion="0.0.0.0-4.1.1.0" 
 						 newVersion="4.1.1.0"/>
 	</dependentAssembly>
 
 	<dependentAssembly>
 		<assemblyIdentity name="Microsoft.ApplicationInsights" 
 						  publicKeyToken="31bf3856ad364e35"
 					      culture="neutral"/>
 		<bindingRedirect oldVersion="2.6.4.0" 
 					     newVersion="2.8.1.0"/> 
 	</dependentAssembly>
 
 	<dependentAssembly>
 		<assemblyIdentity name="System.Net.Http" 
 						  publicKeyToken="b03f5f7f11d50a3a" 
 						  culture="neutral"/>
 		<bindingRedirect oldVersion="0.0.0.0-4.2.0.0" 
 					     newVersion="4.2.0.0"/>
 	</dependentAssembly>
 
 	<dependentAssembly>
 		<assemblyIdentity name="Microsoft.IdentityModel.Clients.ActiveDirectory" 
 						  publicKeyToken="31bf3856ad364e35"  
 						  culture="neutral"/>
 		<bindingRedirect oldVersion="0.0.0.0-5.2.8.0" 
 						 newVersion="5.2.8.0"/>
 	</dependentAssembly>
 
 	<dependentAssembly>
 		<assemblyIdentity name="Microsoft.IdentityModel.Tokens" 
 						  publicKeyToken="31bf3856ad364e35"
 						  culture="neutral"/>
 		<bindingRedirect oldVersion="0.0.0.0-6.12.0.0" 
 						 newVersion="6.12.0.0"/>
 	</dependentAssembly>
 
 	<dependentAssembly>
 		<assemblyIdentity name="Microsoft.IdentityModel.Logging" 
 						  publicKeyToken="31bf3856ad364e35"
 						  culture="neutral"/>
 		<bindingRedirect oldVersion="0.0.0.0-6.12.0.0" 
 					     newVersion="6.12.0.0"/>
 	</dependentAssembly>
 
 	<dependentAssembly>
 		<assemblyIdentity name="System.Diagnostics.DiagnosticSource" 
 						  culture="neutral"
 						  publicKeyToken="cc7b13ffcd2ddd51"/>
 		<bindingRedirect oldVersion="0.0.0.0-5.0.0.0" 
 					     newVersion="5.0.0.0"/>
 	</dependentAssembly>
 
 	<dependentAssembly>
 		<assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" 
 						  culture="neutral"
 					      publicKeyToken="b03f5f7f11d50a3a"/>
 		<bindingRedirect oldVersion="0.0.0.0-5.0.0.0"
 						 newVersion="5.0.0.0"/>
 	</dependentAssembly>
 
 	<dependentAssembly>
 		<assemblyIdentity name="Microsoft.Extensions.DependencyInjection.Abstractions" 
 						  publicKeyToken="ADB9793829DDAE60"
 						  culture="neutral"/>
 		<bindingRedirect oldVersion="0.0.0.0-5.0.0.0" 
 						 newVersion="5.0.0.0"/>
 	</dependentAssembly>
 
 	<dependentAssembly>
 		<assemblyIdentity name="Microsoft.Extensions.DependencyInjection" 
 						  publicKeyToken="ADB9793829DDAE60"
 						  culture="neutral"/>
 		<bindingRedirect oldVersion="0.0.0.0-5.0.0.1" 
 						 newVersion="5.0.0.1"/>
 	</dependentAssembly>
 
 	<dependentAssembly>
 		<assemblyIdentity name="Microsoft.Bcl.AsyncInterfaces" 
 						  culture="neutral"
 						  publicKeyToken="cc7b13ffcd2ddd51"/>
 		<bindingRedirect oldVersion="0.0.0.0-5.0.0.0" 
 					     newVersion="5.0.0.0"/>
 	</dependentAssembly>
 
 	<dependentAssembly>
 		<assemblyIdentity name="System.Threading.Tasks.Extensions" 
 						  publicKeyToken="CC7B13FFCD2DDD51"
 						  culture="neutral"/>
 		<bindingRedirect oldVersion="0.0.0.0-4.2.0.1" 
 						 newVersion="4.2.0.1"/>
 	</dependentAssembly>
 
 	<dependentAssembly>
 		<assemblyIdentity name="System.Buffers" 
 						  publicKeyToken="CC7B13FFCD2DDD51"
 						  culture="neutral"/>
 		<bindingRedirect oldVersion="0.0.0.0-4.0.3.0" 
 						 newVersion="4.0.3.0"/>
 	</dependentAssembly>
 
 	<dependentAssembly>
 		<assemblyIdentity name="Omada.Identity.Integration.Model" 
 						  publicKeyToken="fd90371937d85573"
 						  culture="neutral"/>
 		<bindingRedirect oldVersion="0.0.0.0-14.0.82.0" 
 						 newVersion="14.0.82.0"/>
 	</dependentAssembly>
 
 	<dependentAssembly>
 		<assemblyIdentity name="Omada.Identity.Integration.Common" 
 						  publicKeyToken="fd90371937d85573"
 						  culture="neutral"/>
 		<bindingRedirect oldVersion="0.0.0.0-14.0.82.0" 
 						 newVersion="14.0.82.0"/>
 	</dependentAssembly>
 
 	<dependentAssembly>
		<assemblyIdentity name="System.ComponentModel.Annotations" 
						  culture="neutral" 
						  publicKeyToken="b03f5f7f11d50a3a" />
		<bindingRedirect oldVersion="0.0.0.0-4.2.1.0" 
						 newVersion="4.2.1.0" />
 	</dependentAssembly>
 
 	<dependentAssembly>
		<assemblyIdentity name="System.ValueTuple" 
					      culture="neutral" 
						  publicKeyToken="cc7b13ffcd2ddd51" />
		<bindingRedirect oldVersion="0.0.0.0-4.0.3.0" 
						 newVersion="4.0.3.0" />
 	</dependentAssembly>
 
 	</assemblyBinding>
 
 </runtime>
 </configuration>

Upgrade Omada Data Warehouse

  1. Create a backup of the files Omada ODW WebService.dtsConfig and Omada ODW ConnectionString.dtsConfig.
  2. Start the Omada Data Warehouse.x64 SQL 20xx installer.
  3. Follow the upgrade steps in the installation wizard.
  4. Reapply the previously backed-up files Omada ODW WebService.dtsConfig and Omada ODW ConnectionString.dtsConfig.

Upgrade Omada Role and Policy Engine

  1. Uninstall the old version of Omada Identity Role and Policy Engine.
  2. Install the new version.
  3. Compare the RoPE C:\Program Files\Omada Identity Suite\Role and Policy Engine\Service\ConfigFiles file with the previous version. This is necessary because the file can be altered by the code extension update.
info

If you have any custom RoPE extensions, you must remove or manually upgrade those before starting Omada Role and Policy Engine Service.

example

In the version 14.0.11, the CalculationAffectingEventsResolver item has been updated with a new key SelfManagementExplicitOwners to ensure that new or removed manual owners are correctly recalculated:

<add type="Omada.RoPE.Controller.OISX.Extensions.CalculationAffectingEventsResolver, Omada.RoPE.Controller.OISX" >
        <settings>
        ...
          <add key="DOT#Resource" value="CHILDROLES,ACCOUNTTYPE,EXPLICITOWNER,MANUALOWNER,ATTRIBVALUES,SKIPPROVISIONING,VALIDFROM,VALIDTO,CLT_TAGS"/>
          <add key="DOT#ResourceFolder" value="EXPLICITOWNER,MANUALOWNER,CLT_TAGS"/>
        ...
          <add key="SelfManagementExplicitOwners" value="EXPLICITOWNER,MANUALOWNER"/>

Upgrade Omada Provisioning Service

Before running the OPS installer, please make a backup copy of the config file C:\Program Files\Omada Identity Suite\Provisioning Service\Omada.OPS.Service.exe.config. After the update process is finished, you need to make sure that any custom changes you have made to this file are retained.

Search for the <service> element with the name "Omada.OPS.Service.WCF.Impl.AllWcfServices" and add the "gateway" endpoint (marked in bold):

<service name="Omada.OPS.Service.WCF.Impl.AllWcfServices" behaviorConfiguration="ProvisioningServiceServiceBehaviorSecure">
<host>
	<baseAddresses>
	<add baseAddress="http://localhost:8000/ProvisioningService/service"/>
	</baseAddresses>
</host>
	<endpoint address="" binding="wsHttpBinding" bindingConfiguration="WindowsSecurity" contract="Omada.OPS.Service.WCF.Interface.IProvisioningService"/>
	<endpoint address="configuration" binding="wsHttpBinding" bindingConfiguration="WindowsSecurity" contract="Omada.OPS.Service.WCF.Interface.Configuration.IProvisioningConfigurator"/>
	<endpoint address="monitoring" binding="wsHttpBinding" bindingConfiguration="WindowsSecurity" contract="Omada.OPS.Service.WCF.Interface.Monitoring.IProvisioningMonitor"/>
	<endpoint address="gateway" binding="wsHttpBinding" bindingConfiguration="WindowsSecurity" contract="Omada.OPS.Service.Gateway.Interfaces.WCF.IGateway" />
	<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
	<endpoint address="basic" binding="basicHttpBinding" contract="IMetadataExchange"/>
</service>

After running the OPS installer, you need to open the Omada.OPS.Service.exe.config and manually add the new endpoint to the OPS WCF service called gateway.

  1. Install the new version of Omada Provisioning Service. Use the same service account and password, and point the installer towards the existing database
  2. Compare the C:\Program Files\Omada Identity Suite\Provisioning Service\Omada.OPS.Service.exe.config file with the previous version. You must compare the contents of the file. Comparing timestamps is not enough.
info

The Omada Provisioning Service is using a new Windows service name. Please make sure to update any custom scripts interacting with the service.

It is not necessary to upgrade the custom extensions.

Upgrade Omada Data Preview

  1. Start the Omada Preview Service installer. Run the installer as an Administrator.
  2. Follow the upgrade steps in the installation wizard.

Verify installed applications (optional)

  1. Open the control panel on the server.

  2. Select Uninstall program.

  3. Verify that all Omada applications are in the appropriate, most current version.

Start the application

info

During the first startup of the application, a set of update actions are executed. If the first startup of the application is the website, there can be a timeout challenge when applying update actions depending on the amount of data being updated. As such, it it recommended to run the ChangeSetImportUtil.exe command line utility with the -K parameter before starting up the website as it will install all core packages/changesets and apply update actions.

Start ODW

  1. In the ES Audit database, reapply the script CreateObjects.OISAudit.sql located in C:\Program Files\Omada Identity Suite\Datawarehouse\Support files.

    note

    If you used SQL server authentication for the ODW connection strings in the dtsConfig file, you need to encrypt the connection strings first. However, it is recommended that you switch to integrated security instead.

  2. Start the Import configuration import profile, either from the ES portal or by using the PowerShell script C:\Program Files\Omada Identity Suite\Datawarehouse\Support Files\ImportConfiguration.ps1.

  3. Wait until the configuration import finalizes.

Start the Enterprise Server

  1. Start the ES portal and application pool.

  2. Open the ES portal.

    Please allow the required time for the portal to apply automatic updates.

  3. The Provisioning service integration package is mandatory for some of the connected packages to work correctly. Please enable this package before updating any other packages. To do so, go to Setup > Administration > Configuration Management > Installed packages.

  4. Apply package updates by selecting the link in the notification bar and follow the process.

note

After upgrading, you must update all Standard Application packages that are already installed to the newest version. If you do not do this, the application will not work as expected. You can update the packages directly from the web UI.

The total number of changes in the upgrade and the number of successfully imported packages may differ, since some of the changes are discarded during the upgrade.

Start Omada Identity Windows services

  • Omada Provisioning Service

    • Check the event log for errors.

    • From the Enterprise Server Portal, go to any system or dashboard where provisioning using Omada Provisioning Service is enabled, and select Commit setting.

      note

      The way OPS represents the connector data model in the OPS database has changed. The changes are made to avoid clashes on object type and property types.

  • Omada Identity Suite Timer Service

    • Check the event log for errors.

Start Omada Role and Policy Engine Service

  • Check the event log for errors.