Prior to running the framework upgrade tool you must close all opened files in the DualShield installation folder. If you are using remote desktop to access the DualShield machine, make sure there is no other people (session) connected to the same server. If possible, backup up the system before upgrading.  For instance, take a snapshot if the machine is a VM.

The upgrade tool actually does the following things

  • Check if it needs to upgrade;

  • Stop DualShield service;

  • Backup the existing tomcat folder to tomcat6_$day_of_upgrade;

  • Copy server.xml and context.xml (under tomcat/conf) to new folder “critical”;

  • Copy the new tomcat (version 8.0.24) to tomcat folder (overwrite the existing files);

  • Copy lib\security\cacerts to critical folder;

  • Rename the jre folder to jre_$day_of_upgrade;

  • Copy new JRE 7 to jre folder;

  • Copy the unlimited JCE Policy files;

  • Copy back the server.xml and context.xml, then modify them accordingly.

  • Modify cacerts in new JRE 7;

  • Modify DualShield service in Registry;

  • Restart DualShield service.

If you don’t see any RED message before “Upgrade Finished. Please check Performance in the started Task Manager and wait the service fully started, then check if everything is OK.”, then upgrade itself should be successful. If you can’t access the upgraded DualShield service, check the tomcat logs for details.

If you do see some RED message during the upgrade, it may indicate the upgrade somehow failed. Please take a picture of upgrade window, then send it to our support email account for help.

The solution to the upgrade failure varies, it depends on which stage it failed at. For instance, if you see the upgrade failed at renaming jre folder (it may be caused by a opened Windows Prompt while the current folder is jre something), then the rollback procedure is simple, just remove the tomcat folder and rename tomcat6_$day_of_upgrade back to tomcat.

Appendix: the powershell script for upgrade

Framework Upgrade
#This script is going to upgrade DualShield tomcat & Java version
 
#Developed by NANOART
 
#you may need to Set-ExecutionPolicy Unrestricted
If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{    
 
 Echo "This script needs to be run As Admin"
 
 Exit
}
 
 
$newVerJava = "7.0.800.15" #the file version of new java
 
$newVerTomcat = "8.0.24" # tomcat Server version: Apache Tomcat/6.0.29
 
 
Write-Host "We are going to upgrade the components"
 
Write-Host "Please close any opened files which are under DualShield installation folder!!!"
Write-Host -NoNewLine 'Press any key to continue...';
 
$null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown');
 
Write-Host 'Please wait it to finish';
$step = 1
 
$total = 9
write-progress -activity "Upgrade Progress" -status "Step $step of $total : Locate where DualShield is installed" -percentcomplete (($step / $total)*100)
$key = 'HKLM:\SYSTEM\CurrentControlSet\Services\DualShield'
 
$dualservice = Get-ItemProperty -Path $key
 
if(!$dualservice)
{
 
 Write-Host "No DualShield service found on this machine!"
 
 Write-Host -NoNewLine 'Press any key to continue...';
 
 $null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown');
 
 Exit
}
$dualimagepath = (Get-ItemProperty -Path $key).ImagePath
 
$pos = $dualimagepath.IndexOf('\tomcat')
 
#result will contain trailing backslash
 
$dualpath = $dualimagepath.SubString(1,$pos)
$step++
write-progress -activity "Upgrade Progress" -status "Step $step of $total : Check the current installation to see if it is necessary to upgrade the components" -percentcomplete (($step / $total)*100)
$upgradejava = $FALSE
 
$upgradetomcat = $FALSE
# #java.exe -cp lib\catalina.jar org.apache.catalina.util.ServerInfo, amd64
 
$cmdOutput = & (Join-Path $dualpath "jre\bin\java.exe") -cp (Join-Path $dualpath "tomcat\lib\catalina.jar") org.apache.catalina.util.ServerInfo 2>&1
 
$serverVersion = $cmdOutput -match "Apache Tomcat/" #return an object
 
$pos = ([string]$serverVersion).IndexOf('/')
 
$curVerTomcat = ([string]$serverVersion).substring($pos+1)
 
#write-host $curVerTomcat
 
if($curVerTomcat -lt $newVerTomcat)
{
 
 $upgradetomcat = $TRUE
 
 $app64 = $cmdOutput -match 'amd64'
 
 if($app64 -ne $null) # don't use contains
 
{
 
# write-host "64bit tomcat"            
 
  $srcFolderTomcat = ".\data\win\64\tomcat"
 
}
 
 else
 
{
 
# write-host "32 bit tomcat"            
 
  $srcFolderTomcat = ".\data\win\32\tomcat"
 
}}
$javaversion = (Get-Item (Join-Path $dualpath "jre\bin\java.exe")).VersionInfo.FileVersion            
 
           
if($javaversion -lt $newVerJava){            
 
 $upgradejava = $true
 
 
 $runjava = Join-Path $dualpath "jre\bin\java.exe"
 
 $cmdOutput = & $runjava -version 2>&1
 
 
 $app64 = $cmdOutput -match '64-Bit'
 
 if ($app64 -ne $null)
 
{
 
#  write-host "64 bit jre"
 
  $srcFolderJava = ".\data\win\64\jre" 
 
}
 
 else
 
{
 
#  write-host "32 bit jre"  
 
  $srcFolderJava = ".\data\win\32\jre"
 
} 
 
}
if(!($upgradetomcat -OR $upgradejava))
{
 
 write-host "Nothing needs to change"
 
 Write-Host -NoNewLine 'Press any key to continue...';
 
 $null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown');
 
 
 Exit
}
$critical = Join-Path $dualpath "critical"
 
if ((Test-Path $critical) -ne $True)
{
 
 New-Item $critical -type directory | Out-Null
}
$step++
write-progress -activity "Upgrade Progress" -status "Step $step of $total : Stop DualShield service" -percentcomplete (($step / $total)*100)
$ServiceName = "DualShield"
 
Stop-Service $ServiceName
 
$step++
write-progress -activity "Upgrade Progress" -status "Step $step of $total : Backup the existing Tomcat and upgrade it" -percentcomplete (($step / $total)*100)
 
$arrService = Get-Service -Name $ServiceName
while($arrService.Status -ne "Stopped")
{
 
 Write-Host "Wait a number of 10 seconds for the service to be stopped. if it is not done, you may need to stop it manually."
 
 Start-Sleep -s 10
}
$dayupgrade = get-date -UFormat "%Y_%m_%d"
if($upgradetomcat)
{
 
 #backup the existing tomcat
 
 $from = Join-Path $dualpath "tomcat"
 
 $to = Join-Path $dualpath "tomcat6_$dayupgrade"
 
 $backuptomcat = $to
 
 Copy-Item $from $to -recurse
 Copy-Item (Join-Path $from "conf\server.xml") $critical
 
       Copy-Item (Join-Path $from "conf\context.xml") $critical 
 #copy the new components
 
 $from = $srcFolderTomcat
 
 $to = $dualpath
 
 Copy-Item $from $to -recurse -force
 
 
 #remove some confusing files
 
 Remove-Item (Join-Path $to "tomcat\bin\tomcat6.exe")
 
 Remove-Item (Join-Path $to "tomcat\bin\tomcat6w.exe")
 
 Remove-Item (Join-Path $to "tomcat\bin\tcnative-1.dll")
 
}
 
$step++
write-progress -activity "Upgrade Progress" -status "Step $step of $total : Backup the existing JRE and upgrade it" -percentcomplete (($step / $total)*100)
 
if($upgradejava)
{
 
#rename the existing one, we don't need to duplicate java
 
 $from = Join-Path $dualpath "jre" 
 
 $to = Join-Path $dualpath "jre6_$dayupgrade"
 
       Copy-Item (Join-Path $from "lib\security\cacerts") $critical
 $backupjre = $to
 
 Rename-Item $from $to
# copy new JRE
 
 $to = Join-Path $dualpath "jre"
 
 Copy-Item $srcFolderJava $to -recurse
 
 
#copy unlimiteJCEPolicy
 
 $to = Join-Path $dualpath "jre\lib\security\" 
 
 Copy-Item  ".\data\UnlimitedJCEPolicyJDK7\local_policy.jar" $to
 
 Copy-Item  ".\data\UnlimitedJCEPolicyJDK7\US_export_policy.jar" $to
 
}
 
$step++
write-progress -activity "Upgrade Progress" -status "Step $step of $total : Modify server.xml" -percentcomplete (($step / $total)*100)
$from = Join-Path $backuptomcat "webapps\ROOT\favicon.ico"
 
$to=Join-Path $dualpath "tomcat\webapps\ROOT\favicon.ico"
 
Copy-Item $from $to
$from = Join-Path $backuptomcat "conf\server.xml"
 
$to=Join-Path $dualpath "tomcat\conf\server.xml"
 
Copy-Item $from $to
$from = Join-Path $backuptomcat "conf\context.xml"
 
$to=Join-Path $dualpath "tomcat\conf\context.xml"
 
Copy-Item $from $to
#modify xml file, or just delete line
 
#try to delete the line <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
 
#  <Listener className="org.apache.catalina.core.JasperListener" />
 
$from = Join-Path $dualpath "tomcat\conf\server.xml"
 
$to = Join-Path $dualpath "tomcat\conf\servernew.xml"
 
Get-Content $from | Where{ $_ -notmatch "ServerLifecycleListener" -And $_ -notmatch "JasperListener"} | Set-Content $to
Remove-Item $from
 
Rename-Item $to $from
 
$step++
write-progress -activity "Upgrade Progress" -status "Step $step of $total : Transfer dualultimate CA" -percentcomplete (($step / $total)*100)
$from = Join-Path $backupjre "lib\security\cacerts"
 
$to = Join-Path $dualpath "jre\lib\security\cacerts"
 
$keytool = Join-Path $dualpath "jre\bin\keytool.exe"
& $keytool -importkeystore -srckeystore $from -destkeystore $to -srcstoretype JKS -deststoretype JKS -srcstorepass changeit -deststorepass changeit -srcalias dualultimateca -destalias dualultimateca -srckeypass changeit -destkeypass changeit -noprompt
 
#when and in which version deepnetownca is introduced?, just cert no key
 
& $keytool -importkeystore -srckeystore $from -destkeystore $to -srcstoretype JKS -deststoretype JKS -srcstorepass changeit -deststorepass changeit -srcalias deepnetownca -destalias deepnetownca -noprompt
$step++
write-progress -activity "Upgrade Progress" -status "Step $step of $total : Install new Tomcat service" -percentcomplete (($step / $total)*100)
#install new tomcat service, only need to modify registry
 
# "C:\Program Files\Deepnet DualShield\tomcat\bin\tomcat6.exe" //RS//DualShield
 
$dualimagepath=$dualimagepath.Replace("tomcat6.exe","tomcat8.exe")
 
Set-ItemProperty -Path $key -Name "ImagePath" -Value $dualimagepath -Force
$step++
write-progress -activity "Upgrade Progress" -status "Step $step of $total : Start the renewed DualShield service" -percentcomplete (($step / $total)*100)
Start-Service $ServiceName
Write-Host "Upgrade Finished. Please check Performance in the started Task Manager and wait the service fully started, then check if everything is OK."
 
Start-Process Taskmgr.exe
Write-Host "If you have upgrade problem, do NOT run this script any more!!! Check our WIKI for how to roll back, or contact our support team."
Write-Host -NoNewLine 'Press any key to continue...';
 
$null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown');