Migrating the collection database component

Applies To: Forefront Client Security

Checklist

The following is a checklist of the high-level tasks required for you to successfully migrate the Client Security collection database server component. This checklist is included to help you perform the migration procedures. Detailed steps follow the checklist.

Before moving the collection database component, you must first prepare the target computer and the other dependent Client Security components.

Preparing the target server

All MOM 2005 or System Center Operations Manager 2007 agents must be uninstalled from the target server prior to installing the collection database component. To preserve the existing Management Group information, you must record the current MOM Management Group name prior to uninstalling the agent.

To find the management group name

1. On the target collection database server, in Add or Remove Programs, select either Microsoft Operations Manager 2005 Agent or System Center Operations Manager 2007 Agent and click Change.

2. In the Agent Setup wizard, click Next.

3. Verify Modify is selected, and then click Next.

4. The current Management Group for this computer is listed on the Manage Agent Management Groups page, in the Remove Management Group and Modify Management Group list boxes. Record these values.

Once you have completed recording the existing management groups, you must uninstall all MOM or System Center Operations Manager components, including agents.

To uninstall MOM or System Center Operations Manager components

1. On the target collection database server, in Add or Remove Programs, find either Microsoft Operations Manager 2005 Agent or System Center Operations Manager 2007 Agent and click Remove.

2. In the Add or Remove Programs dialog box, click Yes.

3. Click Finish.

4. In Add or Remove Programs, remove any other MOM or System Center Operations Manager components.

You must install SQL Server 2005 on the target collection database server.

To install SQL Server 2005 on the target server

• Follow the instructions in the topic "Install SQL Server 2005 with SP2 or SP1" in Installing the software prerequisites on the collection database server.

The last step in preparing the target system is to install the Client Security collection database component on the target server.

To install the Client Security collection database component on the target server

1. Follow the instructions about installing the Client Security collection database component in "To install Client Security on the collection database server" in Installing Client Security on a six-server topology.

2. During the installation of the Client Security collection database component, when prompted for locations of the other Client Security components, enter the planned locations based on the target topology.

Preparing the Client Security management server for the move of the collection database

To prepare the Client Security management server for the move of the collection database, perform the following steps:

To prepare the management server

1. To ensure the management server does not have open connections to the collection database, close all Client Security consoles and MOM consoles.

2. In Administrative Tools, start the Services console, right-click the Microsoft Forefront Client Security Management service and choose Stop.

Preparing the collection server

To prepare the collection server, you must stop MOM services.

To stop services

1. Close any MOM consoles that are open.

2. In Administrative Tools, start the Services console and stop the any of the following services:

   • MOM service

   • MOM-to-MOM Product Connector

To configure the collection database on the target server, you need to know the Client Security DAS account. If this has not been previously recorded, you must look up this account in Component Services.

To find the DAS account

1. On the collection server, in Administrative Tools, open Component Services.

2. In the tree, expand Component Services, expand Computers, expand My Computer, and then click COM+ Applications.

3. In the right pane, right-click Microsoft Operations Manager Data Access Server, and then click Properties.

4. Click the Identity tab and record the value in the User text box. This is the Client Security DAS account.

Transferring the collection database

Once the preceding steps have been completed, you are ready to begin the transfer of the collection database. The transfer involves backing up the database on the source server, changing the DTS job to use the new collection database server as the source server for its functions, restoring the source collection database to the target server, and configuring permissions for the DAS account and the DTS account.

The first step is to backup the source collection database, listed in the SQL Server Management Studio as the OnePoint database.

To backup the collection database

1. On the source collection database server, open the Microsoft SQL Server Management Studio, and then in Object Explorer expand Databases.

2. Right-click OnePoint, point to Tasks and select Back Up.

3. On the General page of the Back Up Database - OnePoint, under Destination, for Back up to, select the appropriate destination media,

4. Click a back up path in the text box below Destination, or click Add and type a destination for the database back up, if it does not exist. This location must be accessible to the target computer.

5. Click the Options page, and under Reliability, select the checkboxes next to Verify backup when finished and Perform checksum before writing to media, and then click OK.

6. The database is immediately backed up. Click OK when it is complete.

On the server running the Client Security reporting database component, you must modify the settings of the Client Security DTS job to use the target collection database server as the source server.

To change the DTS job settings

1. On the Client Security reporting database server, in Control Panel, open Scheduled Tasks.

2. Right-click SystemCenterDTSPackageTask and click Properties.

3. In the Run text box, locate the text /srcserver: and change the value after the colon to the name of the target collection database server, or servername\instancename if using a SQL Server named instance.

4. Record the value in the Run as text box. This is the DTS account.

5. Click OK and enter the password for the DTS account in the Password and Confirm password text boxes, and then click OK.

On the target collection database server, restore the collection database back up from the source collection database server.

To restore the collection database back up

1. On the target collection database server, open the Microsoft SQL Server Management Studio, and then in Object Explorer, expand Databases.

2. Right-click OnePoint, point to Tasks, point to Restore, and then select Database.

3. On the General page of the Restore Database - OnePoint dialog box, under Source for restore, select From device and click the ellipsis (…) button.

4. In the Specify Backup dialog box, in the Backup media list, verify the appropriate media type is selected, and then click Add.

5. In the Locate Backup File dialog box, browse to the location of the collection database back up, select the backup file, and then click OK.

6. Click OK in the Specify Backup dialog box.

7. Under Select the backup sets to restore, select the checkbox under the Restore column for the back up you are restoring.

8. Click the Options page, and under Restore options select the checkbox for Overwrite the existing database, and then click OK.

9. The restore of the collection database begins immediately. Click OK when it is complete.

Next, grant the DAS account appropriate permissions to the newly-restored OnePoint database on the target collection database server.

To grant the DAS account SQL Server permissions

1. On the target collection database server, open the Microsoft SQL Server Management Studio, and in Object Explorer expand Security, and then expand Logins.

2. Right-click on the DAS account recorded in Preparing the collection server and choose Properties.

3. On the Login Properties dialog box, under Select a page, click User Mapping.

4. Under Users mapped to this login, select OnePoint.

5. Under Database role membership for: OnePoint, ensure the checkbox is selected for db_owner, and then click OK.

Finally, you must configure the DTS account for the new collection database server.

To configure the DTS account

1. On the target collection database server, open the Microsoft SQL Server Management Studio, and in Object Explorer expand Databases, expand OnePoint, expand Security, and then expand Users.

2. Ensure that a user named targetservername**\SC DW DTS** exists. If it doesn't, create the user.

   1. In Object Explorer, right-click Users and choose New User.

   2. In the User name text box, type SC DW DTS.

   3. Under Schemas owned by this user, select sourceservername**\SC DW DTS**.

   4. Under Database role membership, select the SC DW DTS role, and then click OK.

3. Once the properties have been set and verified, right-click the sourceservername**\SC DW DTS** user and choose Delete.

4. On the source collection database server, in Administrative Tools, click Computer Management, expand Local Users and Groups, and then select Groups.

5. Right-click the SC DW DTS group and choose Properties, and then record the accounts listed under Members.

6. On the target collection database server, in Administrative Tools, start Computer Management, expand Local Users and Groups, and then select Groups. Ensure the accounts listed match the listed accounts in the SC DW DTS group on the source collection database server.

Configuring the collection server

Once the database transfer is complete, you must point the Client Security collection server to the new collection database server. This procedure involves editing the registry on the collection server to point to the new collection database server.

To configure the collection server

1. On the collection server, click Start, click Run, type regedit, and then click OK.

2. Browse to the following location in the registry: HKEY_LOCAL_MACHINE\Software\MissionCriticalSoftware\DASServer.

3. In the right pane, double-click DataSource.

4. In the Edit String dialog box, in the Value Data box, enter the new collection database server name (or the servername\instancename if not using a default SQL Server instance), and then click OK.

5. Browse to the following location in the registry: HKEY_LOCAL_MACHINE\Software\MissionCriticalSoftware\OnePoint\Configurations\managementgroupname\Operations.

6. In the right pane, double-click Database.

7. In the Edit String dialog box, in the Value Data box, enter the new collection database server name (or the servername\instancename if not using a default SQL Server instance), and then click OK.

8. In Administrative Tools, start Services.

9. In the service listing, right-click MOM and choose Start.

10. If the MOM-to-MOM Product Connector is listed, right-click it and choose Start.

Configuring the management server

The Client Security management server must be informed of the location of the new collection database server. This is done by running the Client Security Configuration wizard.

Configuring the management server

1. On the management server, in the Client Security console, click Action and then click Configure.

2. On the Before You Begin page, click Next.

3. On the Collection Server and Database page, in the Collection database text box, enter the name of the new collection database server (or servername\instancename if you are not using a default SQL Server instance), and then click Next.

4. On the Reporting Database page, do the following:

   1. In the Reporting database box, verify that the name of the reporting database server is correct, and, if necessary, the SQL Server instance name is correct.

   2. In the Reporting account box, enter the user name and password for the reporting account.

   3. Click Next.

5. On the Reporting Server page, do the following:

   1. In the Reporting server box, ensure that the name of the reporting server is correct.

   2. In the URL for Report Server and URL for Report Manager boxes, ensure the default values are entered.

   3. Click Next.

6. On the Verifying Settings and Requirements page, verify your system requirements, and then click Next. If you receive an error, you cannot continue configuring Client Security. If you receive a warning or error, see the following resources for more information:

   • Configuration log file. (To view, click View Log.) For more information about the configuration log file, see Overview of log files (https://go.microsoft.com/fwlink/?LinkId=82466) in the Troubleshooting Guide.

   • Setup issues (https://go.microsoft.com/fwlink/?LinkID=86102) in the Troubleshooting Guide.

7. On the Completing the Configuration Wizard page, verify that you have successfully configured Client Security, and then click Close. If you receive an error, you cannot continue configuring Client Security. If you receive a warning or error, see the following resources for more information:

   • Configuration log file. (To view, click View Log.) For more information about the configuration log file, see Overview of log files (https://go.microsoft.com/fwlink/?LinkId=82466) in the Troubleshooting Guide.

   • Setup issues (https://go.microsoft.com/fwlink/?LinkID=86102) in the Troubleshooting Guide.

8. In Administrative Tools, click Services.

9. In the service listing, right-click Microsoft Forefront Client Security Management Service, and then click Start.

To verify that the management server can communicate with the new collection database server, perform the following procedure.

To verify communication

1. Start the Client Security console, and then click Scan Now.

2. Select Scan a specific computer, and then enter the name of a managed computer in the Name box.

1. Select the type of scan you want to perform: Quick scan or Full scan.

2. Click the Scan Now button.

3. After the scan has completed, start Internet Explorer and browse to https://reportservername/Reports

4. On the SQL Server Reporting Services Home page, click Microsoft Operations Manager Reporting, click Microsoft Forefront Client Security, and then click Computer Detail.

5. In the Computer Name text box, type the name of the computer you just scanned, and then click View Report.

If any of the verifying communication steps fail, verify you have performed all previous steps. If communications continue to fail, contact Microsoft product support.

The final step in the migration of the Client Security collection database component is to uninstall the collection database component from the source server. This should be done only after successful verification of communication.

To uninstall the collection database and the collection server components

• Follow the instructions for uninstalling the collection database component in Removing an existing installation of Client Security.

If the source collection database server will continue to host the Client Security management server component, you must reinstall the MOM Server portion of the management component.

To reinstall MOM Server for the management component

1. Click Start, click Run, and then type the following command:

   Msiexec /i sourcefilelocation\server\momserver.msi

2. In the Microsoft Operations Manager 2005 Setup wizard, click Next.

3. Accept the terms in the license agreement, and then click Next.

4. On the Product Registration screen, click Next.

5. On the Installation Options page, select Custom, and then click Next.

6. In the list, click all options except MOM 2005 User Interfaces, select This component will not be available, and then click Next.

7. On the Prerequisite Check Passed screen, click Next.

8. When the installation is completed, click Finish.

To uninstall the collection database component without removing the collection server component

1. On the collection server, in Administrative Tools, open Component Services.

2. In the tree, expand Component Services, expand Computers, expand My Computer, and then click COM+ Applications.

3. In the right pane, right-click Microsoft Operations Manager Data Access Server, and then click Properties.

4. Click the Identity tab and record the value in the User text box. This is the Client Security DAS account.

5. On the source collection server, click Start, click Run, type regedit, and then click OK.

6. Browse to the following location in the registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Forefront\Client Security\1.0\Config\MOMServer

7. In the right pane, find the GroupName value and record the data for it. This is the Management Group Name.

8. In the Run dialog box, type cmd, and then click OK.

9. In the Command Prompt window, change to the following directory:

   % installationdirectory %\Server\Microsoft Operations Manager 2005

10. In the Command Prompt window, type the following command, and then press ENTER:

SetActionAccount.exe *groupname * -query

Where *groupname* is the MOM Management Group name.

11. The command outputs the MOM Action account value. Record this account name.

12. Reinstall the Client Security collection server component. For instructions on installing the Client Security collection server component, see "To install Client Security on the collection server" in Installing Client Security on a six-server topology.

13. During the installation of the Client Security collection server component, specify the existing collection database server and reporting database.

14. When asked for the DAS account and the MOM Action account information, specify the information gathered from the source collection server.

Once you have reinstalled the MOM Server and uninstalled the collection database component, return to the "To verify communication" procedure under "Configuring the management server."