3. Upgrade WAPT Server

If your WAPT Server is a virtual host, take a snapshot of the VM. This way, you will be able to go back easily in the rare case that the update fails.

Warning

After each WAPT Server update, update your WAPT Console, then regenerate the WAPT Agent.

Before upgrading WAPT Server, please refer to the following upgrading compatibility chart:

Available WAPT Upgrade paths

To WAPT 2.6

From WAPT 2.0

Feature available

From WAPT 2.1

Feature available

From WAPT 2.2

Feature available

From WAPT 2.3

Feature available

From WAPT 2.4

Feature available

From WAPT 2.5

Feature available

Warning

If upgrading from a version older than WAPT 2.1, the licence activation process has changed.

3.1. Switching of WAPT Edition (Community, Discovery, Enterprise)

WAPT Community is no longer supported. If you want to upgrade from WAPT 1.8.2 Community you can upgrade to WAPT Discovery or WAPT Enterprise. Please note that WAPT Discovery is limited to 300 clients.

To upgrade from a WAPT Community setup to WAPT Discovery or Enterprise follow the standard 1.8.2 to 2.5 upgrade documentation.

The WAPT Server will make the appropriate changes.

To upgrade WAPT Discovery to WAPT Enterprise simply upload a valid licence to the WAPT Server from the WAPT Console.

If your Enteprise licence expire, it will fall back on the Discovery Edition. If you are running WAPT Discovery and you have more that 300 client computers in your inventory, the WAPT Console will stop working and will only give you the option to delete computer entries from the inventory. The WAPT Console will return to working condition when the inventory returns below the 300 computer limit.

3.2. Minor upgrade

3.2.1. Upgrading from version 2.6 to latest 2.6

To do a minor upgrade please follow the procedure corresponding to your server operating system.

  • Update the underlying distribution and upgrade WAPT Server.

export DEBIAN_FRONTEND=noninteractive
apt update && apt upgrade -y
apt install tis-waptserver tis-waptsetup -y
unset DEBIAN_FRONTEND

3.2.2. Upgrading from version 2.5 to 2.6

Note

Before upgrading, ensure that installation requirements are met.

If you are using WAPT WADS, please note that older WADS WinPE and WAPT 2.6 WADS WinPE are not compatible. You need to recreate the WinPE File using the upload WinPE button in the OS Deployment tab.

If you use WAPT Deploy in a GPO, then you need to update your GPO with the lastest waptdeploy.exe binary.

  • First of all, update the underlying distribution and install the WAPT Server packages.

apt update && apt upgrade -y
apt install apt-transport-https lsb-release gnupg

  • Then update the package repository and import the GPG key from the repository.

wget -O - https://wapt.tranquil.it/$(lsb_release -is)/tiswapt-pub.gpg | apt-key add -
echo "deb https://wapt.tranquil.it/$(lsb_release -is)/wapt-2.6/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list

  • Update the repository and install the packages.

export DEBIAN_FRONTEND=noninteractive
apt update
apt install tis-waptserver tis-waptsetup -y
unset DEBIAN_FRONTEND

  • Launch the post-configuration step post-configuration step.

  • At last, launch the following script testing-ldap-connectivity.sh (/opt/wapt/waptserver/scripts/testing-ldap-connectivity.sh). Identifying an AD account and an associated group. if the feedback is "ALL GOOD" then the upgrade has been successfully completed and you can launch the wapt console

Warning

With version 2.6 of wapt. Kerberos is automatically activated. It is therefore necessary to make the following two changes:

  • In /etc/krb5.conf, the file should look like this.

[libdefaults]
  default_realm = MYDOMAIN.LAN
  dns_lookup_kdc = true
  dns_lookup_realm = true

If you want to disable DNS lookup for KDCs, you need to modify the file as follows.

[libdefaults]
  default_realm = MYDOMAIN.LAN
  dns_lookup_kdc = false
  dns_lookup_realm=false
[realms]
  MYDOMAIN.LAN = {
  kdc = 192.168.1.13
  kdc = 192.168.1.12
  }

  • The setting ldap_auth_server in the waptserver.ini, should contain the name server and not an IP address.

ldap_auth_server = server.mydomain.lan

3.2.3. Upgrading from version 2.0, 2.1, 2.2, 2.3, 2.4 to 2.6

Note

Before upgrading, ensure that installation requirements are met.

WAPT 2.6 needs PostgreSQL 10 or above. If you have upgraded from an older Debian or Ubuntu version with PostgreSQL 9.6, be sure to follow the OS documentation to upgrade PostgreSQL to its latest version.

If you are using WAPT WADS, please note that WAPT 2.x WADS WinPE and WAPT 2.5 WADS WinPE are not compatible. You need to recreate the WinPE File using the upload WinPE button in the OS Deployment tab.

If you use WAPT Deploy in a GPO, then you need to update your GPO with the lastest waptdeploy.exe binary.

Warning

The websocket protocol having changed between versions 2.X and 2.5, WAPT Agents will appear as DISCONNECTED until they have upgraded to version 2.5.

The WAPT Agent upgrade task may be delayed for up to 2 hours.

To insure that the WAPT Agent upgrade task happens in the shortest delay, the most recent waptupgrade package must be deployed using your WAPT 2.5 Console or using a GPO. The waptupgrade package contains a configuration that will trigger the forced installation of the newest WAPT Agent. So make sure that you tick the Install waptupgrade package as soon as agent sees it checkbox, as in the screen capture below.

Screen capture of the WAPT Console showing the "Install waptupgrade package as soon as agent sees it" checkbox

Warning

The WAPT Server 2.5 is using client SSL authentication to authenticate the client WAPT Agents. Thus it is required for the WAPT Server to do the TLS termination itself. The use of WAF or reverse proxy that do TLS interception and terminaison is thus not supported.

It is possible to use a reverse proxy in “stream” mode if supported, like in Nginx stream module or HAProxy TLS Passthrough module. Please refer to the corresponding documentation for details.

Warning

After upgrading the WAPT Server from 2.x to 2.5, you MUST upgrade the WAPT Console / WAPT Agent on the administation computer right after. If the WAPT console has NOT YET been upgraded, it will show a licence error message on startup because it won’t be able to check the licence. You can ignore the licence message if you have not yet upgraded the WAPT Console. The console will switch to Discovery Edition, and switch back to Enterprise Edition once it has been upgraded.

Note : if you try to re-upload the licence BEFORE upgrading to 2.5, it will fail also.

Warning

Due to a bug in the check of signature of waptsetup during upgrade from wapt 2.5.3 or lower or wapt 2.4.0 or lower to latest 2.5.4 version, it is necessary to download the waptsetup.exe file throught a webbrower and install it locally. Please use the corresponding button in the waptconsole when seeing the popup below.

Screen capture of the WAPT Console showing the "Open the download url of the waptsetup in the brower" button

  • First of all, update the underlying distribution and install the WAPT Server packages.

apt update && apt upgrade -y
apt install apt-transport-https lsb-release gnupg

  • Then update the package repository and import the GPG key from the repository.

wget -O - https://wapt.tranquil.it/$(lsb_release -is)/tiswapt-pub.gpg | apt-key add -
echo "deb https://wapt.tranquil.it/$(lsb_release -is)/wapt-2.6/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list

  • Update the repository and install the packages.

export DEBIAN_FRONTEND=noninteractive
apt update
apt install tis-waptserver tis-waptsetup -y
unset DEBIAN_FRONTEND