Before Starting the Upgrade

Take Preparatory Steps

Before you start the upgrade, it is strongly recommended taking the following steps:

  1. If your Netwrix Auditor Server is running on Windows Server 2008 or 2008 R2, you must upgrade its OS to a supported version before upgrading Netwrix Auditor itself.

  2. Check that the account under which you plan to run Netwrix Auditor setup has the local Administrator rights.
  3. Back up Netwrix databases – these are all Audit databases, Integration API database, and others (their default names start with Netwrix). For that:
    1. Start Microsoft SQL Server Management Studio and connect to SQL Server instance hosting these databases.
    2. In Object Explorer, right-click each Netwrix database and select Tasks Back Up.
    3. Wait for the process to complete.
  4. Back up the Long-Term Archive folder, by default located at C:\ProgramData\Netwrix Auditor\Data. You can, for example, copy and archive this folder manually, or use your preferred backup routine.
  5. If you can capture a snapshot of the server where Netwrix Auditor Server resides, Netwrix recommends doing so.
  6. Finally, close Netwrix Auditor console.

General Considerations and Known Issues

During the seamless upgrade from previous versions, Netwrix Auditor preserves its configuration, so you will be able to continue auditing right after finishing the upgrade. However, there are some considerations you should examine - they refer to the upgrade process and post-upgrade product operation. The issues listed below apply to upgrade from 9.95 and 9.9.

  1. After the upgrade you may receive temporary data collection errors – they occur when the program tries to upload collected data to the Audit Database before the database upgrade is finished.
  2. Starting with version 9.9, Netwrix Auditor provides limited support of Oracle Database 11g and trail audit. See Data Collection from Oracle Database for more information.

  3. Netwrix Auditor for Oracle Database. If you use the following combination of the audit settings: Mixed Mode + Fine Grained Auditing, please check your configuration. You may need to re-configure your audit since the Oracle Database data collection mechanism was changed. Refer to Supported Data Sources and Verify Your Oracle Database Audit Settings sections.
  4. The reports on state-in-time data may show incorrect data within 24 hours after the upgrade. Once the product stores a historical snapshot, the reports will contain accurate data. This relates to the following reports:

    • Active DirectoryUser Accounts - Attributes
    • File Servers:

      • Excessive Access Permissions with Account Details
      • Folder and File Permissions with Account Details
      • Folder Permissions with Account Details
  5. During the initial data collection, the product automatically upgrades services responsible for Windows Server and SharePoint network traffic compression. Consider the following:

    • During the Netwrix Auditor for SharePoint Core Service upgrade, your SharePoint sites will be temporarily unavailable. The duration of the upgrade depends on your SharePoint Farms size and usually it takes a few minutes. For bigger SharePoint farms, consider up to 10 minutes for a successful service upgrade and the same for the rollback in case of an upgrade failure.
    • During the Netwrix Auditor for Windows Server Compression Service upgrade you may see the following errors: "The Compression Service has encountered an internal error: Unable to update the Compression Service on the following server: <server name>". Ignore these errors and wait up to one hour for the upgrade completes.
  6. Activity Records for VMware and EMC VNX/VNXe/Unity will be unavailable until the product completes initial data collection.
  7. For the User Password Changes report to function properly after the upgrade, you need to comment out or delete the "*.PasswordChanged" line in the omitproplist.txt file again.
  8. For Exchange Online, the "Who" field in search, reports, Activity Summary emails, etc., shows User Principal Name (UPN) instead of Display Name.