Vault upgrade to new hardware location

[behold]

We would like to install the web portion and the database portion of Vault on different servers from the ones they are currently installed on. I was planning on restoring from a Vault backup to bring the new database installation up to date. Would there be any problems with this or is there a better way to populate the new Vault installation with current data.

[Beth]

What you will want to do is restore a backup of your database to the new location, then install Vault on the machine you want it on.
Here are a couple of KB articles that should help:
Moving Vault to a new machine.
Moving the Vault Database to a new SQL Server
Moving Vault when you have Shadow Folders

[behold]

Our current version is 3.1.2. When we were going to update in place, it was recommended that we upgrade to an interium version (3.1.9) before installing the latest version. Does this still apply now that we are going to install the latest version to a new location? Do we still need to upgrade our current version to 3.1.9?

[Beth]

Yes, it is best if you perform the extra upgrade. That will make sure that any critical updates to the database are in place.

[behold]

I have many users who have their projects bound to Vault from Visual Studio. Should I ask them to remove these project bindings before the upgrade?

[Beth]

You don't have to before the upgrade. Afterwards, if there are errors opening, then one user will unbind and rebind their entire solution and check it into Vault. Other users can then perform a fresh Open from Vault.

[behold]

We have performed our upgrade from 3.1.2->3.1.9 ->4.1.4 with some success. We are still trying to get active directory authetication to work in the Client application. If we change to a vault stored password, the user can login. However, in the admin tool, I cannot change a user from a vault stored password back to active directory. It is greyed out. Why?

OS: MS Windows Server 2003
IIS: 6.0

[behold]

Additional infomation related to the previous post from our web guy and his question.

Here are the sections of code we added to integrate the active directory in the new installation of Vault Login mechanism to use the ActiviDirectory login and passwords:


<connectionStrings>
</connectionStrings>

<membership attributeMapUsername="sAMAccountName">
<providers>
<add
name="ADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionPassword="xxxxxxxxxxxxxx"/>
</providers>
</membership>

Even after adding these the website doesn’t seem to identify that it is looking into active directory to validate the user. We are getting “Login Failed: The username or password supplied is invalid.” error. I would like to know what else we need to add to the config files to integrate ActiveDirectory authentication.

[Beth]

When you installed, did you use the Custom Process Model for the IIS Process Model? Also, did you use an Active Directory user for that process model?

You shouldn't need to add any code at all. So that I can help you troubleshoot this, could you remove that portion of code? I want to make sure there are no conflicts with it.

After the install has been done with an AD user, then in the admin web page you need to point it to your domain in the Advanced Settings link.

[behold]

We used Machine IIS Process model and installed the software using the domain admin account. Then we went and added the mentioned active directory config code to the web.config pages and then encrypted these sections using DPAPI. Currently this configuration is working okay and we are able to authenticate the Active Directory user from Vault Client as well as the Web Pages.

If we would have used the custom IIS process model this would have had a same impact on the web.config correct?
Do you suggest that we need to use the custom IIS process now or can we continue to use the mechanism we are currently using to authenticate uses?

[Beth]

The route you went sounds acceptable to me. Try out your shadow folders page to make sure that works. You might need to make the same changes there as well.

The custom IIS process model would take a domain user, but it would place it in the web.config in plain text. If you are working with it encrypted, then that sounds like a good way to go.