For each node in the cluster, you upgrade VMware Identity Manager for Windows. Expect some downtime during the upgrade and plan the timing of your upgrade accordingly.

Important: If you used the embedded connector for a version of VMware Identity Manager earlier than and are now upgrading to version or later, after the upgrade you must install the VMware Identity Manager connector on a Windows system. To decrease the amount of information you provide manually during the Windows-based connector installation, during this VMware Identity Manager upgrade, allow VMware Identity Manager to save the embedded-connector configuration for export.



  1. Download the VMware Identity Manager SVA Installer for Windows from the My VMware site at
  2. Double-click the VMware Identity Manager installer.
    Run the installer from an account with administrator privileges.
    After a wait of up to several minutes, a dialog box appears explaining that the embedded connector is no longer available.

    The installer downloads the migrateEmbeddedConnector migration script to the Install-Folder\VMwareIdentityManager\support folder. If you follow the option to save the embedded-connector configuration for export, the installer runs the migration script for you.

  3. Click the appropriate response to continue with the upgrade or to save the embedded-connector configuration.
    Option Description
    Yes To continue the upgrade without saving the embedded-connector configuration.
    Caution: If you continue with the upgrade, the installer permanently deletes the embedded-connector configuration. You cannot retrieve the configuration later.
    If you were not using the embedded connector before this upgrade or were using the embedded connector but have already saved the embedded-connector configuration for export, click Yes.
    No To discontinue the upgrade and save the embedded-connector configuration instead. If you were using the embedded connector before this upgrade and have not exported the embedded connector yet, click No to save the embedded-connector configuration to a file.

    VMware Identity Manager runs the migrateEmbeddedConnector migration script and prompts you to export the embedded-connector configuration, starting with a prompt for a configuration-package file password.

    1. In the Password text box, enter a password of your own creation for the configuration-package file and click Export.

      A message appears informing you that the export process completed successfully.

    2. Click OK.

      The process generates the configuration-package file, names the file cluster-host-domain-conn-timestamp.enc, and saves the file to the Install-Folder\VMwareIdentityManager folder.

    3. Click Exit, Yes, and Finish to exit the export process.
    4. Run the installer again.
  4. To continue the upgrade, click Next.
  5. Accept the End User License Agreement (EULA), then click Next.
  6. If the Customer Experience Improvement Program is not enabled, you are asked to participate in the program. On the Customer Experience Improvement Program dialog box, the default action is set to Yes.
    This product participates in VMware's Customer Experience Improvement Program ("CEIP"). Details regarding the data collected through CEIP and the purposes for which it is used by VMware are provided at the Trust & Assurance Center at If you prefer not to participate in VMware's CEIP for this product, deselect the box.
    You can also join or leave the CEIP for this product at any time after installation.
    Note: If your network is configured to access the Internet through HTTP proxy, to send the data collected through CEIP to VMware you must adjust the proxy settings in the VMware Identity Manager host.
  7. The VMware Identity Manager Prerequisites are listed. The installer checks for the required modules. You are prompted to install any missing modules.
  8. Select the directory in which to install the VMware Identity Manager service.
  9. In the VMware Identity Manager Service Account dialog box, select the check box if you want to run the service as a Windows domain user and enter the user name and password of the domain account to use. The user name must be in the form DOMAIN\Username.
    Run the service as a domain user in the following cases.
    • If you plan to connect to Active Directory (Integrated Windows Authentication).
    • If you plan to use Kerberos authentication with the company's KDC.
    • If you plan to integrate Horizon (View) with VMware Identity Manager and want to use the Perform Directory Sync.
    If you do not use a domain user account, the service is run as local system.
  10. Click Install to begin the upgrade.
    During the upgrade, the following actions are performed.
    • The files in that directory are upgraded to latest version of VMware Identity Manager.
  11. Click Finish.

What to do next

Upgrade the other nodes in the cluster.

If you disabled SQL Server availability groups, re-enable the availability groups. See Re-Enable AlwaysOn Availability Groups After Upgrade

If you added the db_owner role for the upgrade, you can disable this role. See Change Database-Level Roles After Upgrade

Perform post-upgrade steps. See Post-Upgrade Configuration.