How to migrate NoSpamProxy version 14.x

NOTE: This information only refers to versions 14.x. Instructions for migrating versions 12.x and 13.x can be found under How to migrate NoSpamProxy version 12.x or 13.x.

Migrating version 14.x to another server

NOTE: These instructions do not apply to multitenant environments.

Preparations

  • Make sure that you have not installed a NoSpamProxy instance on the target system.
  • Install Microsoft SQL Server on the target system or use an already existing Microsoft SQL Server.
  • Install the SQL Server Management Studio and enable access to the database server.
  • Export your DKIM keys from the old environment.
  • Have the sensitive data protection password ready from the old environment.
  • Have the respective certificate and the corresponding private key for the NoSpamProxy Web App as well as for the TLS encryption from the old environment ready.
  • Make sure that you have imported all necessary TLS certificates to the target system.

Procedure

  1. Import the certificate for the NoSpamProxy Web App as well as the TLS certificates into the Microsoft certificate store on the target system
  2. Copy the following files from the source system to the target system:

    NOTE: You must create the corresponding folders manually.

    •  Template files
      • Updated versions 13.2 or lower: from C:\Program Files\Net at Work Mail Gateway\Intranet Role\Templates on the source system to C:\Program Files\NoSpamProxy\Intranet Role\Templates on the target system.
      • New installations Version 14: from C:\Program Files\NoSpamProxy\Intranet Role\Templates on the source system to C:\Program Files\NoSpamProxy\Intranet Role\Templates on the target system.
    • Template customizations (if any):
      • C:\ProgramData\Net at Work Mail Gateway\Templates Customizations\ (same path on the target system)
    • Logos:
      • C:\ProgramData\Net at Work Mail Gateway\Intranet\ (same path on the target system)
    • Your NoSpamProxy licence:

      • C:\ProgramData\Net at Work Mail Gateway\Configuration\License.xml (same path on the target system)

    • Configuration file of the NoSpamProxy Web App:
      • C:\ProgramData\Net at Work Mail Gateway\Configuration\webapi-config.json (same path on the target system)
    • Configuration file of the Intranet Role
      • C:\ProgramData\Net at Work Mail Gateway\Configuration\Intranet Role.config (same path on the target system)
  3. On the target system, open the configuration file Intranet Role.config with administrator rights in an editor.
  4. Adjust the configuration file Intranet Role.config as follows:

    Search for the following entry:
    <connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">
    <EncryptedData>
    <CipherData>
    <CipherValue>AQAAANCMnd...==</CipherValue>
    </CipherData>
    </EncryptedData>
    </connectionStrings>
    Change it so that it looks like this:
    <connectionStrings>
    </connectionStrings>
    Search the whole file for
    encryptedPassword=
    and change the occurrences that look something like
    encryptedPassword="AQAAANCM...W9b17"
    in
    encryptedPassword=""
    Follow the same procedure for all occurrences of
    tlsCertificatePin="AQAAANCM...W9b17".
    and
    tlsCertificateThumbprint="AQAAANCM...W9b17"
    and
    password="AQAAANCM...W9b17"
    .
    If De-Mail was configured, please search for
    certificatePin="AQKLM....D87W"
    and change the entry to
    certifcatePin=""
    .

  5. Save the file.
  6. Stop the service of the Intranet Role on the source system.
  7. Perform one of the following two options:

    In SQL Management Studio, first create a backup of the SQL database NoSpamProxyAddressSynchronization on the source system:

    1. Select Task/Backupfrom the context menu of the named database.
    2. In the lower section, add a disc and the corresponding path to the backup file.
    3. Start the backup.
    4. Copy the created backup file to the target system.
    5. Perform a restore by selecting Restore Database from the context menu of Databases in the SQL Management Studio of the target server.
    6. Select Device in the following dialog and add a new file (the backup file) in the following dialog.
    7. Start the recovery.
    1. Move the database files to the new directory and mount them on the SQL server. The SQL database files are usually located at C:\Program Files (x86)\Microsoft SQL Server\MSSQL.XXXX\MSSQL\Data or C:\Program Files\Microsoft SQL Server\MSSQL.XXXX\MSSQL\Data. You can recognise it by its name, which begins with NoSpamProxy.
    2. Copy the files NoSpamProxyAddressSynchronization.mdf and NoSpamProxyAddressSynchronization.ldf to the target system.
    3. Move the database files to the desired directory. This does not necessarily have to be the default directory of the SQL server.
    4. Open the SQL Management Studio.
    5. After logging on to the server, choose Attach from the context menu of databases.
    6. In the following dialog, add the first database file from the desired directory. The associated log file is automatically recognized.

  8. (If you have a database environment consisting of version 13.2 or lower) Rename the databases as follows:

    • NoSpamProxyAddressSynchronization > NoSpamProxyIntranetRole
    • NoSpamProxyDB > NoSpamProxyGatewayRole
    • enQsigPortal > NoSpamProxyWebPortal
  9. Run the NoSpamProxy setup on the target system.

    NOTE: Make sure that you start the setup in the same version that is installed on the source system. Select that an SQL server is already installed and set the corresponding connection parameters. The setup then recognizes all further configuration files and adapts them.

  10. Adjust the SIDs in the database so that the new local NoSpamProxy user groups are authorised to log on to the NoSpamProxy Command Center. To do this, first execute the following command via PowerShell:

    Foreach ($group in Get-LocalGroup -Name "NoSpamProxy*")

    {

    $sid = $group.sid

    $name = $group.name

    Write-Host "UPDATE [NoSpamProxyIntranetRole].[Configuration].[TenantRoleAssignment] SET IdentitySid ='$sid' WHERE TenantId = 0 AND [Identity] like '$name'"

    }

    As a result, four SQL statements are issued, which change the SIDs in the database and can be executed in the SQL Management Studio.

After migration

  1. Open the NoSpamProxy Command Center on the target system.

    NOTE: If the NoSpamProxy Command Center cannot connect to the Intranet Role, please check if all NoSpamProxy services are started. In addition, use PowerShell to check whether the certificate for the NoSpamProxy Web App is assigned to the correct port. Enter the following command: netsh http show sslcert. If this is not the case, enter the following command: netsh http add sslcert ipport=0.0.0.0:6061 "appid={6D46C289-5847-4017-BCEF-72920BD7E01F}" certhash=<<yourcertificate-hashvalue>> certstorename=my.

  2. Delete existing DKIM keys.
  3. Set the sensitive data protection password from the source system on the target system.
  4. Import the new DKIM keys.
  5. Check whether you have activated DKIM for your domain.
  6. Check your user imports and adjust them if necessary.

    NOTE: For user imports, the parameter Password does no longer exist with version 14.

  7. Remove the old Gateway Roles and connect the new Gateway Roles one after the other.
    • Assign the connectors to the corresponding Gateway Roles (if necessary).
    • After connecting a Gateway Role, reassign the corresponding TLS certificates.

      NOTE: This is only possible after the Gateway Roles have been connected.

    • Check the event log for problems with the previously connected Gateway Role.

Migrating the NoSpamProxy Web Portal

If the NoSpamProxy Web Portal is in use and it is to be migrated to another server, there are two different ways of doing this, which are described below:

Migration by installing another Web Portal

  1. Install the NoSpamProxy Web Portal on the new server including a new database and set it up according to the installation instructions.
  2. Integrate the new Web Portal into the NoSpamProxy console parallel to the existing Web Portal under Configuration > NoSpamProxy Components > Web Portal.
  3. Configure the accessibility of the Web Portal from outside so that the standard link points to the new Web Portal. This way, only this can be addressed from the outside/by the Gateway Role. This means that all files are exchanged between the Web Portals via the NoSpamProxy - FileSynchronizationService service.
  4. After the set storage time period under Configuration > NoSpamProxy Components > Web Portal > Web Portal Settings > Edit on the Large Files tab, the old Web Portal can then be switched off, as no new files have been stored there or all existing files have expired.

NOTE: If you switch off the system with the old Web Portal, also remove it under Configuration > NoSpamProxy Components > Web Portal, otherwise the Intranet Role will continue to try to communicate with the Web Portal, which may trigger a database overflow.

Migration by moving the data

  1. Install the NoSpamProxy Web Portal on the new server including a new database and set it up according to the installation instructions.
  2. Stop the NoSpamProxy - FileSynchronizationService service via the Windows computer management (Windows services) and the Internet Information Service (IIS) via the command line with CMD> iisreset /stop to prevent access to the database and entries in the Web Portal database.
  3. Do one of the following:
    1. Create a backup of the SQL database enQsigPortal on the source server using the SQL Management Studio. To do this, select Task/Backupin the context menu of the database.
    2. Add a disc and the corresponding path of the backup file in the lower section of the following dialog.
    3. Start the backup.
    4. Copy the resulting backup file to the target server.
    5. Perform a restore by selecting Restore Database in the context menu of Databases in the SQL Management Studio of the target server.
    6. Select Device in the following dialog and add a new file (the copied backup file) in the following dialog.
    7. Start the recovery.
    1. Go to C:\Program Files (x86)\Microsoft SQL Server\MSSQL.XXXX\MSSQL\Data or C:\Program Files\Microsoft SQL Server\MSSQL.XXXX\MSSQL\Data.
    2. Copy the files enQsigPortal.mdf and enQsigPortal.ldf to the target server.
    3. Move the database files to the desired directory. This does not necessarily have to be the default directory of the SQL server.
    4. In SQL Management Studio, choose Appendfrom the context menu of databases.
    5. In the following dialog, add the first database file from the desired directory. The corresponding log file is automatically recognized.
    6. Copy the storage folder of the files from the source server to the target server. You can see where the files are stored on the source server in the NoSpamProxy console under Configuration > NoSpamProxy Components >Web Portal in the integrated Web Portal. Note the folder structure and place the files on the target server where they are to be stored in the future.
    7. Install the Web Portal on the target server and set up access in IIS according to your environment.

      NOTE: Make sure that you select the already existing instance of SQL Server and do not install a new instance.

    8. Remove the old Web Portal from the Intranet Role and add the new Web Portal under Configuration > NoSpamProxy Components > Web Portal.

      NOTE: After adding, adjust the location accordingly.

    9. If access to the new Web portal works and your users can also download the files, check under Monitoring > Suspended Emails to seewhether any emails have accumulated there in the meantime that are still waiting to be processed by the content filter. To do this, start processing again.

Notes

NOTE: All certificates that can be found under Identities > Certificates are in the database and are automatically moved by moving the Intranet Role database NoSpamProxyIntranetRole during a migration.

NOTE: The Gateway Role obtains all information from the Intranet Role. Therefore, it is simply reinstalled during an upcoming migration.

NOTE: If template adjustments were made manually, you must transfer the changed templates to the target system.

NOTE: If NoSpamProxy disclaimer is licensed and configured, also copy the templates for the disclaimer from the directory C:\ProgramData\Net at Work Mail Gateway\Intranet\Templates to the target system.