AI Docs

Upgrading the Windows operating system of a Certero Platform server

4 min read

image-20260121-091533.png

We are occasionally asked if it is safe to perform an in-place upgrade of the Windows operating system of a Certero server. i.e. Upgrading from Windows Server 2016 to Windows Server 2019 or 2022. For this article we will assume this is the Certero Platform server and is therefore running:

  • the Certero Provisioning Service and website

  • the Certero Platform Controller and website

  • the default Certero Endpoint server services

In place upgrades of the Windows operating system running Certero have been performed. Both by Certero and some of our customers. But we strongly recommend performing the following tasks before commencing the upgrade process.

  1. Perform a backup of the Certero Tenant using Certero Provisioning.

  2. Perform a backup of the Tenant encryption Key. The program to do this is called Certero.Provisioning.Tools.ProvCmd.exe and is found in the Certero\Provisioning Services folder. The parameters for the program are:
    -a Action [BackupTenantKey/RestoreTenantKey]
    -f Backup file
    -t Tenant ID (required for backup/restore of tenant keys)
    -q Quiet mode (no confirmation prompt)
    -help Prints the help screen.

    Running from an administrator command prompt, an example would be:
    Certero.Provisioning.Tools.ProvCmd.exe -a BackupTenantKey -f MyTenant.key -t <Tenant ID>
    then choose Y to perform the backup
    E.G.

    image-20260120-112919.png


    The Tenant encryption Key is now stored in the MyTenant.key file.

  3. The backup file can be downloaded from Certero Provisioning - Backups. The Tenant encryption Key can be copied from the Provisioning Services folder. Both files should be copied to another server/device. In the event of a disaster these files contain all your Tenant specific data required to restore your Certero platform.

If you have multiple Tenants running on your Certero platform server, then you will need to a backup file and a Tenant encryption key file from each Certero Tenant.

  1. If your Certero Server is a virtual machine (VM), then perform a snapshot/checkpoint of the server as a secondary recovery point.

  2. We recommend stopping the Certero tenant before the operating system upgrade. This allows any post upgrade operating system issues to be identified and resolved before the Certero tenant is started again. i.e. We want to ensure the operating system upgrade is completely successful before restarting Certero.
    Within Provisioning - Tenants choose

    image-20260120-114151.png

    and select Yes to stop tenant services.
    Then choose Actions menu

    image-20260120-114447.png

    and Configure. Change the Start Type from Automatic to Manual

    image-20260120-114535.png

    Click Save.
    The prevents the Tenant from starting Automatically when the server is rebooted.

  3. We also want to stop Certero Provisioning itself from running / starting. Within Services, looking for the Services called Certero …
    Stop the Certero Provisioning Service then change its startup type to Manual.
    The list of Services should now look like this:

    image-20260120-115345.png


The Certero Tenant and Provisioning Service are now all stopped and will not automatically start when the server is restarted.

Your in-place upgrade of the Windows operating system can now be started. Please follow any Microsoft technical advice for performing the upgrade. Once the upgrade has completed, ensure that everything required by Certero is as before:

  • Are all correct data drives still visible and accessible on the server?

  • Is a remote SQL database server accessible or are the local SQL services running and the Certero SQL databases visible?

If you are sure the operating system upgrade was completely successful, follow these remaining steps to restart Certero.

  1. Within Services, change the Startup Type of the Certero Provisioning Service back to Automatic. Then Start the service and ensure the Status shows as Running.

  2. Your Certero Provisioning website will now be accessible again. Log in to your Certero Provisioning dashboard (https://localhost:9000)
    Choose Tenants, then choose Actions

    image-20260120-114447.png

    and Configure. Change the Start Type from Manual to back to Automatic.

    image-20260120-120808.png

    Click Save.

  3. Within Provisioning - Tenants choose

    image-20260120-130215.png

and select Yes to start tenant services.

  1. The Certero Tenant website will be available again. Login and check that your Certero data looks as before. Client inventory, connector data will start to update once again.

 

If you are unsure about any of the steps in this article or have any further questions, then please contact us.