Follow

How to: Apply a Venafi Patch

Installing Updates

Venafi will occasionally release patches during a product’s lifecycle to address defects and/or security vulnerabilities. For critical patches, Venafi Customer Support will provide notifications to customers of an available update / patch.

These updates are not to be confused with product upgrades, which often introduce new features in addition to bug fixes. Product upgrades require additional processes, and are typically documented with the installation files. An overview of a typical upgrade process is also included within this document.

Pre-requisite

In order to successfully apply a patch you need:

- Local Administrator privileges on the Venafi Server

- A Venafi Local Master Admin account

- If using Windows Authentication against the database, Read / Write permissions against the Venafi database for the current logged on user

Downloading Update Packages

To download the Venafi software packages and updates, please use https://download.venafi.com with the Venafi account login credentials. Customer Support (support@venafi.com) can provide assistance with login credentials if needed.  Updates are distributed as "VUPKG" or (more commonly as) "ZIP files" are typically found within the specific product version on the download site.

Venafi will only keep the latest patch for each supported version, all our patches are cumulative.

If you cannot see your version, and the version is still under support, check the Current for current release, and Previous folder for previous releases.  Venafi patches can contain an Agent Upgrade package, and/or a Trust Protection Platform upgrade package. The upgrade package may also contain one or more SQL scripts that must be run prior to installing the TPP patch.  Because all Venafi Patches are roll-up, or stand alone patches, you never need to install any intermediate patches when upgrading to the latest version.

 

For example, if you were on 17.2.3, and were planning to upgrade to 17.3, you would install the base 17.3 release, then download and install the 17.3.5 (currently latest) patch.  This patch contains SQL scripts last released with the 17.3.2 patch, and are thus named with that version. 

Screen_Shot_2019-01-03_at_2.59.56_PM.png

Patches that contain SQL scripts will also have a KB article released with them at the same time to give specific details on how to execute the SQL scripts.  Another example is that the latest 18.2 patch is 18.2.2 which contains an Agent Upgrade package as well as a TPP upgrade package.  Agent Upgrade packages also contain instructions for how to properly install them.

Another example, the latest patch for Trust Protection Platform 18.3 is available at:

\Trust Protection Platform\Previous\18.3.x\ where x is the latest version

 

Screen_Shot_2019-01-03_at_2.38.12_PM.png 

Once the update package (zip) file is downloaded and unzipped, the .vupkg file must be moved to the [Venafi Install Location]\Packages directory on the server to be able to be installed with the VenafiUpdater tool.

 

Backing up your Venafi Database

It is suggested that before apply any patch in production, that you ensure that you have a recent backup of your database.  In worse case scenarios, this backup can be used to fall back from a failed upgrade.

Performing Update

NOTE: Only update one Venafi Trust Protection Platform (TPP) server at a time.  Attempting to apply an update to more than one TPP simultaneously may cause an update to fail.  Most updates require that the Venafi services are stopped before performing the update.

To perform the update, launch VenafiUpdater.exe with Administrative privileges. (i.e. Right-Click and Run As Administrator)

3.png

Venafi Updater will show the list of patches from the Venafi\Packages folder which are available for install. Release notes are displayed in the bottom window.

Screen_Shot_2019-01-03_at_3.24.49_PM.png

Highlight the desired package, and click "Install".

Install_Button.png

Since 17.1, all Venafi TPP patches have required that you enter your Venafi local master admin account details, and click "Ok".  This is required because the patch will add a new attribute to the database indicating the version installed.

Screen_Shot_2019-01-03_at_3.47.25_PM.png

Successful installation of the patch will remove the patch from the list.

Screen_Shot_2019-01-03_at_3.58.06_PM.png

This process needs to be repeated on each Venafi Platform server.

After installation, you can check what patches are installed, and when they were installed.  The default view in VenafiUpdater is the 'Available' patches view shown earlier, but you can also select the 'Installed' patches view, which will show all currently installed patches, and the log file from when it was installed.

Screen_Shot_2019-01-04_at_8.32.38_AM.png

 

If you get an Error

It is common to get an error such as: 

"The process cannot access the file {File Specified} because it is being used by another process.Error encountered during installation; rolling back install actions"

If you get this error, please stop IIS and make sure that the Windows Administration Console is closed down for all users logged onto the machine.  Make sure to restart IIS after the patch successfully installs

 

Related Articles

How To: Check Current Director Version And Installed Patches

How To: Uninstall Venafi Patch

How To: Reapply a patch for Trust Protection Platform

Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request

Comments