Input required for upgrading identityIQ from 8.3p4 to 8.4p3

Which IIQ version are you inquiring about?

[8.3P4]

Please share any images or screenshots, if relevant.

[Please insert images here, otherwise delete this section]

Please share any other relevant files that may be required (for example, logs).

[Please insert files here, otherwise delete this section]

Share all details about your problem, including any error messages you may have received.

Hi Team,

We are planning to upgrade our IIQ environment from current version of 8.3 P4 to 8.4P3.

Please suggest if any of you have confronted any issues or any specific suggestion which should be followed while upgrading to 8.4.

Thanks in advance!

Hi @mayamis1703eq

The upgrade must first be performed in the lower environment.

The path is: Upgrade from 8.3p4 to 8.4, and then apply the 8.4 P3 patch.

Be aware that 8.4 introduces a new database for Access History; please ensure it is created and configured correctly.

Note: Take necessary backups (e.g., the application deployment folder and database) prior to the upgrade.

Please refer to the official SailPoint document: 8.4_IdentityIQ_Installation_Guide for more details.

I am assuming you must have looked at the 8.4 release notes. Access history was introduced in 8.4 so you need to decide if you are going to enable that feature. There are few task specific to this feature that are run during upgrade, that can take time as the new schema has to be prepared etc.

Also check and compare the support matrix for both version to see if you need to upgrade any of the pre-requisite (java, tomcat, OS etc)

Hi Pattabhi,

I went to your other comments as well like bewlo:
Still facing issue in migration/upgradation? recently we have completed migration to 8.4 came across similar issues but resolved it successfully.
the sql driver which we have used is: mssql-jdbc-12.6.3.jre11.jar let me know if you need any help.

Step-by-Step: Best Practices for IdentityIQ 7.1p6 to 8.4p2 Upgradation - Content / Blog Drafts - SailPoint Developer Community

But this link is not opening.

We are getting below error while upgrading:

Invalid object name ‘identityiqah.spt_hist_database_version’.
Msg 208, Level 16, State 1, Line 1625
Invalid object name ‘identityiqah.spt_hist_database_version’

Please suggest if we have to run the script to create the new DB as well.

Thank you!

Hi @mayamis1703eq

I assume the Access History database has been created.

Could you please provide the DB upgrade script you used? The creation script for the new Access History DB should be visible starting around line 399.

This issue indicates either an incomplete creation of the Access History DB or an incomplete execution of the overall upgrade script.

Please ensure the following lines of code executed successfully:

line number: 1621 to Line number 1642

This is necessary to maintain the schema version. DO NOT REMOVE

insert into identityiqah.spt_hist_database_version (system_version,name) values ('8.4-00','main');

update identityiqah.spt_hist_database_version set schema_version='8.4-87' where name='main';

use identityiq
update identityiq.spt_database_version set schema_version='8.4-87' where name='main'

Please check the output of the following queries to verify the successful execution of the DB script and the iiq upgrade command:

select * from identityiq.spt_database_version;
select * from identityiqah.spt_hist_database_version;

note:
The schema_version is updated after a successful schema upgrade, and the system_version is updated after a successful iiq upgrade.

The identityiqah database must be created as part of the installation, even if you do not intend to use the Access History feature.

in both the scenario’s access history database script is present inside the same database script.

for example SQL Server db script:
new installation(create_identityiq_tables-8.4.sqlserver) – line number 56

in case of upgrade:
upgrade_identityiq_tables.sqlserver – line number around 399

--
-- make sure the identityiqah database and identityiqah user exist.
--

CREATE DATABASE identityiqah
GO
CREATE LOGIN [identityiqah] WITH PASSWORD='identityiqah',
DEFAULT_DATABASE=identityiqah
GO
USE identityiqah
GO

Hi @pattabhi : Getting below error while running iiq console cmd:

WARN main springframework.context.support.ClassPathXmlApplicationContext:559 - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name ‘versionChecker’ defined in class path resource [configBeans.xml]: Invocation of init method failed; nested exception is java.lang.RuntimeException: Unable to check IdentityIQ database version: Unable to connect to: jdbc:sqlserver://;databaseName=identityiqah;
org.springframework.beans.factory.BeanCreationException: Error creating bean with name ‘versionChecker’ defined in class path resource [configBeans.xml]: Invocation of init method failed; nested exception is java.lang.RuntimeException: Unable to check IdentityIQ database version: Unable to connect to: jdbc:sqlserver://;databaseName=identityiqah

Hi @mayamis1703eq

During upgrade process you won’t be able to connect to iiq console
Did you complete iiq upgrade from ../WEB-INF/bin as part of migration process?

Could you please give me the output of following 2 queries?

select * from identityiq.spt_database_version;
select * from identityiqah.spt_hist_database_version;

Cross verify the identityiqah connection details in iiq.properties file, as I see there is possible wrong syntax, as per traces provided by you.

dataSourceAccessHistory.url=jdbc:sqlserver://hostname:port;databaseName=identityiqah;MultiSubnetFailover=true;encrypt=false
dataSourceAccessHistory.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver
sessionFactoryAccessHistory.hibernateProperties.hibernate.dialect=sailpoint.persistence.SQLServerUnicodeDialect

Look at the database properties.

Security – > Users – > right click on “Access History database name” select properties → General

verify the User name, Login name and Default schema

or

Security – > Logins → right click on “Access History database name” select properties – > User Mapping and Status

Verify the User and Default Schema

Thank you so much @pattabhi for your prompt responses.
It’s working now. Below 3 changes i have done:

1. my syntax wrong for “dataSourceAccessHistory.url”

2. i tried to deploy the latest jar for JDBC but it was not working. So i replaced my previous 9.x version which also supports java 11 and above.

3. changed identityiqah as default schema for identityiqah.

Above 3 changes were made and upgrade to 8.4 is working fine now.

Will now proceed to 8.4P3 and let you know if i confront any errors.

Thanks again!

Hi @pattabhi : We are getting below error while testing our Linux application:

ConnectionFailedException ] [ Possible suggestions ] a) Check UNIX host is up and running. b) Make sure there is a smooth connectivity between Identity Server and UNIX host. [ Error details ] Login failed. Error while connecting to the host no such algorithm: X25519 for provider BC

Please suggest

pls check this thread : Linux application connection issues with newer version of IdentityIQ - 8.4p1 - IdentityIQ (IIQ) / IIQ Discussion and Questions - SailPoint Developer Community

also here you can find the well documented steps :

IIQ Upgrade from 8.3 to 8.4 - IdentityIQ (IIQ) / IIQ Discussion and Questions - SailPoint Developer Community

also this doc is more useful for me all time when i do upgrade

IdentityIQ Upgrade Plan document template - Compass

pls let us know if you able to fix the problem.

Hi @pravin_ranjan : Thank you for your email.

I have already referred all the mentioned documents, but still there is no concrete solution to my issue.

I have raised case with SailPoint support as well.

Please let me know if you anything else on this issue.

Thank you so much for your prompt response.

Hi Team,

Getting below error while clicking on Sort the WorkItem:

image1614×676 46.9 KB