3. Upgrade WAPT Server

If your WAPT Server is a virtual host, take a snapshot of the VM. This way, you will be able to go back easily in the rare case that the update fails.

Attention

After each WAPT Server update, update your WAPT Console, then regenerate the WAPT Agent.

Before upgrading WAPT Server, please refer to the following upgrading compatibility chart:

Available WAPT Upgrade paths

To WAPT 2.5

From WAPT 1.8.2

Feature available

From WAPT 2.0

Feature available

From WAPT 2.1

Feature available

From WAPT 2.2

Feature available

From WAPT 2.3

Feature available

From WAPT 2.4

Feature available

Warning

If upgrading from a version older than WAPT 2.1, the licence activation process has changed.

3.1. Switching of WAPT Edition (Community, Discovery, Enterprise)

WAPT Community is no longer supported. If you want to upgrade from WAPT 1.8.2 Community you can upgrade to WAPT Discovery or WAPT Enterprise. Please note that WAPT Discovery is limited to 300 clients.

To upgrade from a WAPT Community setup to WAPT Discovery or Enterprise follow the standard 1.8.2 to 2.5 upgrade documentation.

The WAPT Server will make the appropriate changes.

To upgrade WAPT Discovery to WAPT Enterprise simply upload a valid licence to the WAPT Server from the WAPT Console.

If your Enteprise licence expire, it will fall back on the Discovery Edition. If you are running WAPT Discovery and you have more that 300 client computers in your inventory, the WAPT Console will stop working and will only give you the option to delete computer entries from the inventory. The WAPT Console will return to working condition when the inventory returns below the 300 computer limit.

3.2. Minor upgrade

3.2.1. Upgrading from version 2.5 to latest 2.5

To do a minor upgrade please follow the procedure corresponding to your server operating system.

Attention

Due to a bug in the check of signature of waptsetup during upgrade from wapt 2.5.3 to latest 2.5.4 version, it is necessary to download the waptsetup.exe file throught a webbrower and install it locally. Please use the corresponding button in the waptconsole when seeing the popup below. It is not necessary for upgrade from wapt 2.5.4 to later version.

Screen capture of the WAPT Console showing the "Open the download url of the waptsetup in the brower" button

Attention

If you use WAPT Deploy in a GPO, when upgrading from WAPT 2.5.3 or lower, you need to update your GPO with the lastest waptdeploy.exe binary.

  • Update the underlying distribution and upgrade WAPT Server.

export DEBIAN_FRONTEND=noninteractive
apt update && apt upgrade -y
apt install tis-waptserver tis-waptsetup -y
unset DEBIAN_FRONTEND

3.2.2. Upgrading from version 2.x to 2.5

Note

Before upgrading, ensure that installation requirements are met.

WAPT 2.5 needs PostgreSQL 10 or above. If you have upgraded from an older Debian or Ubuntu version with PostgreSQL 9.6, be sure to follow the OS documentation to upgrade PostgreSQL to its latest version.

If you are using WAPT WADS, please note that WAPT 2.x WADS WinPE and WAPT 2.5 WADS WinPE are not compatible. You need to recreate the WinPE File using the upload WinPE button in the OS Deployment tab.

If you use WAPT Deploy in a GPO, then you need to update your GPO with the lastest waptdeploy.exe binary.

Attention

The websocket protocol having changed between versions 2.X and 2.5, WAPT Agents will appear as DISCONNECTED until they have upgraded to version 2.5.

The WAPT Agent upgrade task may be delayed for up to 2 hours.

To insure that the WAPT Agent upgrade task happens in the shortest delay, the most recent waptupgrade package must be deployed using your WAPT 2.5 Console or using a GPO. The waptupgrade package contains a configuration that will trigger the forced installation of the newest WAPT Agent. So make sure that you tick the Install waptupgrade package as soon as agent sees it checkbox, as in the screen capture below.

Screen capture of the WAPT Console showing the "Install waptupgrade package as soon as agent sees it" checkbox

Attention

The WAPT Server 2.5 is using client SSL authentication to authenticate the client WAPT Agents. Thus it is required for the WAPT Server to do the TLS termination itself. The use of WAF or reverse proxy that do TLS interception and terminaison is thus not supported.

It is possible to use a reverse proxy in “stream” mode if supported, like in Nginx stream module or HAProxy TLS Passthrough module. Please refer to the corresponding documentation for details.

Attention

After upgrading the WAPT Server from 2.x to 2.5, you MUST upgrade the WAPT Console / WAPT Agent on the administation computer right after. If the WAPT console has NOT YET been upgraded, it will show a licence error message on startup because it won’t be able to check the licence. You can ignore the licence message if you have not yet upgraded the WAPT Console. The console will switch to Discovery Edition, and switch back to Enterprise Edition once it has been upgraded.

Note : if you try to re-upload the licence BEFORE upgrading to 2.5, it will fail also.

Attention

Due to a bug in the check of signature of waptsetup during upgrade from wapt 2.5.3 or lower or wapt 2.4.0 or lower to latest 2.5.4 version, it is necessary to download the waptsetup.exe file throught a webbrower and install it locally. Please use the corresponding button in the waptconsole when seeing the popup below.

Screen capture of the WAPT Console showing the "Open the download url of the waptsetup in the brower" button
  • First of all, update the underlying distribution and install the WAPT Server packages.

apt update && apt upgrade -y
apt install apt-transport-https lsb-release gnupg
  • Then update the package repository and import the GPG key from the repository.

wget -O - https://wapt.tranquil.it/$(lsb_release -is)/tiswapt-pub.gpg | apt-key add -
echo "deb https://wapt.tranquil.it/$(lsb_release -is)/wapt-2.5/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list
  • Update the repository and install the packages.

export DEBIAN_FRONTEND=noninteractive
apt update
apt install tis-waptserver tis-waptsetup -y
unset DEBIAN_FRONTEND

3.3. Upgrading from version 1.8.2 to 2.5

The changement between WAPT 1.8.2 (not possible from a older version, please upgrade to 1.8.2 beforehand) and 2.5 are numerous. First of all, 1.8.2 was in Python2, we changed to Python3. A lot of new features are available too (essentially in Enterprise version).

3.3.1. Before upgrading

Ensure that installation requirements are met.

Backup your WAPT Private and Public certificates used to deploy your WAPTAgent and packages. Usually, it is located in C:\private on your computer where the WAPT Console is set. If you do not remember what this key is please refer to the documentation on generating the Administrator’s certificate for signing WAPT packages.

In this documentation, your WAPT certificate’s name will be wapt-private.crt.

3.3.2. Upgrading

Note

If you are running on Debian9 Stretch, you have first to upgrade to Debian10 or Debian11 before upgrading to WAPT 2.x. The WAPT Server 2.x is not available for Debian9.

It is even recommended to upgrade to Debian 11 Bullseye. In this case, upgrade from Debian 9 => Debian 10 => Debian 11.

  • First of all, update the underlying distribution and install the WAPT Server packages.

apt update && apt upgrade -y
apt install apt-transport-https lsb-release gnupg
  • Then update the package repository and import the GPG key from the repository.

wget -O - https://wapt.tranquil.it/$(lsb_release -is)/tiswapt-pub.gpg | apt-key add -
echo "deb https://wapt.tranquil.it/$(lsb_release -is)/wapt-2.5/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list
  • Update the repository and install the packages.

export DEBIAN_FRONTEND=noninteractive
apt update
apt install tis-waptserver tis-waptsetup -y
unset DEBIAN_FRONTEND

Your WAPT Server is now ready.

3.3.3. The WAPT management Console

3.3.3.1. Configuring the WAPT Console connection

  • If it’s the first time your start WAPT Console, the Configuration window open it automaticaly.

    The WAPT Console configuration window

    The WAPT Console configuration window

  • Set the WAPTServer adress, then click on Check and Set. You must have an error.

    The WAPT Console configuration TLS error.

    The WAPT Console configuration TLS error.

  • Click on Get Server https Certificate. You must have a green check for URL to the main repository and WAPT Server URL. Also check the WAPT Server SSL certificate is correct before continue.

    The WAPT Server SSL Certificate

    The WAPT Server SSL Certificate

    The WAPT Console configuration SSL OK

    The WAPT Console configuration SSL OK

  • Then if all is OK, click on Save. Log into the WAPT Console with the SuperAdmin login and password.

    The WAPT Console authentication window

    The WAPT Console authentication window

If you have any issue logging into the WAPT Console, please refer to the FAQ: Error message when opening the WAPT Console.

It is recommended to launch the WAPT Console with a Local Administrator account to enable local debugging of WAPT packages.

For Enterprise version, it is possible to authenticate with Active Directory.

Danger

After the upgrade, please be sure your certificate (in this documentation wapt-private.crt) is still present at your WAPT install location : C:\Program File (x86)\wapt\ssl

Since you come from WAPT 1.8.2 which was in python2, you will have to re-sign all your WAPT Packages using the WAPT Console, or using the command line (only if you encounter package size issue with the WAPT Console way).

3.3.4. Re-signing Host packages

This method for re-signing all host packages is useful when the underlying cryptographic method or library changes, as this is the case when upgrading from WAPT 1.8.2 (Python 2.7 based) to WAPT >= 2.0 (Python 3.x based).

Use the Administrator’s certificate for re-signing packages.

  • Select all host.

  • Right-click on the selected hosts.

Host configuration menu list in the WAPT Console
  • Select Re-sign Host packages.

  • Confirm re-signing the selected hosts.

Modal window for confirming re-signing the selection of hosts

Modal window for confirming re-signing the selection of hosts

  • Then, enter your private key password.

Entering the password for unlocking the private key in the WAPT Console

Entering the password for unlocking the private key in the WAPT Console

  • The selected WAPT host packages are now all re-signed using the new cryptographic method required with Python3.

3.3.5. Re-signing other types of WAPT package

  • Open the repositories in your WAPT Console.

Window showing the repositories available on the WAPT Console

Window showing the repositories available on the WAPT Console

  • Select all packages in the repository, then right-click on the selection.

Menu options for repositories

Menu options for repositories

  • Select Re-sign packages.

  • To launch the signature process, click on Re-sign packages.

Window for re-signing WAPT packages

Window for re-signing WAPT packages

  • After processing, which may take some time, all WAPT packages will have been re-signed.

Signature processing has ended successfully

Signature processing has ended successfully

Attention

Signature processing has not ended successfully

If the error Access violation appear it may mean that the WAPT package is too big.

You can re-sign this packages using the command line.

And if it is still not working, you can manually edit the package and visit this procedure for signing large WAPT packages.