All upgrade channel, all the time

Leave a reply

I recently completed a minor upgrade to a mid-sized messaging installation:

Java Messaging Server 6.1 to 6.2 (patch 118207-58)
Java Directory 5.2 (patch 115614-26)
Symantec Brightmail 6.0.0.123 to 6.0.4

prerequisites:
Java Admin Server 115610-23
LDAP JDK 118615-01

The infrastructure consists of 4 mtas (Sun 280Rs), 4 mail stores (v880s) clustered with Veritas. LDAP is on separate hosts, 280Rs.

Brightmail scanners are installed on the MTAs.

The upgrade consists mostly of reading the patch READMEs and following the instructions. It’s surprisingly complicated logistically.

Symantec support is broken out into at least 2 tiers: Gold and Platinum. Gold support knows nothing of their enterprise products. It is impossible to be passed to platinum support from gold. The gold support people are also unaware that Brightmail suports Sun Java Messaging Server.

We originally had a contract problem that prevented us from getting to platinum support. Once we resolved that it took Symantec platinum support the better part of a day to discover that we needed their Brightmail software development kit (SDK) to integrate with Java Messaging Server. In retrospect Sun documents the process pretty completely in their how-to. You will need to get the SDK from Symantec.

Be sure to read the release notes for Brightmail 6.0.4. The install guide indicates that you can upgrade from version 6.0.x. You cannot upgrade from 6.0.0.x. You can install 6.0.4 over 6.0.0.123 but it will not scan properly. You need to completely uninstall, rm -r /opt/brightmail and install 6.0.4. from scratch. We probably re-installed about a dozen times until all the pieces were working properly. I do not think we did anything wrong.

The post-install instructions for 115610 call for running mpsadminserver sync-cds:


usr/sbin/mpsadmserver sync-cds
Admin Id: admin
Admin Password:
Error: Ldap authentication failed (151:Unknown error.).
Do you want to try again ? [y/n]:

A look at the LDAP logs indicated authentication problems. It turned out the admin server ldap configuration was misconfigured. It always takes me a long time to figure this out so I’m writing it down. The admin server ldap configuration is stored in 2 places:
/var/opt/mps/serverroot/shared/config/dbswitch.conf
/var/opt/mps/serverroot/admin-serv/config/adm.conf

Update those two files and the mpsadmserver sync-cds will complete correctly.

Have a happy thanksgiving weekend. I’m just about finished visiting family in the south. I found out that in Georgia ‘dressing’ isn’t something you put on salad and crazy family gatherings are much less fun sober. They should really consider serving liquor to the guests. We fly home early tomorrow. I’m sure the airline industry is carefully preparing a miserable trip for us both as I type..

This entry was posted in Directory/LDAP, Java Enterprise System, JES, Messaging, Travel on by .

About morgan

Morgan is a freelance IT consultant living in Philadelphia. He lives with his girlfriend in an old house in Fishtown that they may never finish renovating. His focus is enterprise Messaging (think email) and Directory. Many of his customers are education, school districts and Universities. He also gets involved with most aspects of enterprise Linux and UNIX (mostly Solaris) administration, Perl, hopefully Ruby, PHP, some Java and C programming. He holds a romantic attachment to software development though he spends most of his time making software work rather than making software. He rides motorcycles both on and off the track, reads literature with vague thoughts of giving up IT to teach English literature.

Leave a Reply

Your email address will not be published. Required fields are marked *