Before you upgrade the VMware Identity Manager 19.03 virtual appliance offline, perform these prerequisite tasks.

Important: Citrix, Horizon Connection Server, and ThinApp integrations are not available with the Workspace ONE Access 20.01 connector.
  • To use ThinApp packaged applications, use the VMware Identity Manager connector (Linux) version 2018.8.1.0.
  • To use other Virtual Apps, such Horizon desktops and applications or Citrix published resources, use the VMware Identity Manager connector (Windows) version 19.03.
  • Take a snapshot of your virtual appliance to back it up. For information about how to take snapshots, see the vSphere documentation.
  • To ensure that Elasticsearch data is not deleted, prepare Elasticsearch for the upgrade.
    • Determine if multiple instances of Elasticsearch have ever run on any of the VMware Identity Manager service nodes and, if so, consolidate the data directories of the multiple instances.
      1. View the contents of the /db/elasticsearch/horizon/nodes directory.

        The goal is for one subdirectory named 0 to exist. If only the 0 subdirectory exists, you do not need to consolidate directories.

        If a second copy of Elasticsearch has run at any time, a second directory named 1 also exists. Continue with the steps to consolidate directories.

      2. If multiple Elasticsearch instances exist, stop Elasticsearch and verify all processes are stopped.

        For example, to stop Elasticsearch, run the following command.

        service elasticsearch stop

        For example, to verify all Elasticsearch processes are stopped, run the following command.

        ps -ef | grep elasticsearch

        If the grep command shows that additional Elasticsearch processes are running, kill those processes.

      3. To determine which directory within each node contains the data, search for the data in the indices directory of each node, such as the following directory: /db/elasticsearch/horizon/nodes/1/indices/.
      4. Remove the directory that does not contain the data and, if necessary, rename the remaining directory.

        If the 0 directory contains the data, remove the 1 directory.

        If the 1 directory contains the data, remove the 0 directory and rename the 1 directory 0.

      5. Restart Elasticsearch.
        service elasticsearch start
      6. Search the /opt/vmware/elasticsearch/logs/horizon.log for a message like the following:

        recovered xx indices into cluster_state

        The message indicates that the system can read the renamed data directory, where xx represents the number of directories, or indices, in the /db/elasticsearch/horizon/nodes/0/indices/ directory.

    • Remove sysconfig.cloneprep and sysconfig.iamaclone files from all cloned service nodes.
      For example, log into each service node and run the following commands as root.
      rm -f /usr/local/horizon/conf/flags/sysconfig.cloneprep
      rm -f /usr/local/horizon/conf/flags/sysconfig.iamaclone
  • If you revoked the db_owner role on the Microsoft SQL database, as described in, you must add it back before performing the upgrade, otherwise upgrade will fail.

    Add the db_owner role to the same user that was used during installation:

    1. Log in to the Microsoft SQL Server Management Studio as a user with sysadmin privileges.
    2. Connect to the database instance for VMware Identity Manager 19.03.
    3. Enter the following commands.

      If you are using Windows Authentication mode, use the following commands:

      USE <saasdb>;
      ALTER ROLE db_owner ADD MEMBER <domain\username>; GO 

      Make sure that you replace <saasdb> with your database name and <domain\username> with the relevant domain and username.

      If you are using SQL Server Authentication mode, use the following commands:
      USE <saasdb>;
      ALTER ROLE db_owner ADD MEMBER <loginusername>; GO 

      Make sure that you replace <saasdb> with your database name and <loginusername> with the relevant username.

  • Take a snapshot or backup of the external database.
  • Verify that VMware Identity Manager is properly configured.
  • Confirm that a Workspace ONE Access upgrade exists. Check the My VMware site at for upgrades.
  • If you are upgrading using the updateoffline.hzn script and your deployment includes a proxy server, disable the proxy server.
    Disable the proxy server from the command line.
    1. Run the following command.

      The YaST2 Control Center dialog box opens.

    2. Select Network services.
    3. Select Proxy.

      The Proxy Configuration dialog box opens.

    4. If selected, deselect Enable proxy.
    5. Quit the YaST2 utility.

    After a successful upgrade, enable the proxy server again.