To upgrade Windows-based Workspace ONE Access Connector 20.01.x to version 20.10, you download the new installer from My VMware to your connector server and run the installer. You do not need to uninstall the old version of the connector.

You do not need to obtain a new es-config.json configuration file from the Workspace ONE Access console to establish the connection between the Workspace ONE Access service and the connector. The upgraded connector uses the same configuration file that is being used by the existing connector.

During upgrade, the Directory Sync, User Auth, and Kerberos Auth services are suspended. The services are restarted automatically after upgrade finishes.


  • Review Upgrading to VMware Workspace ONE Access Connector 20.10.
  • If your connector installation is on a virtual Windows server, take a snapshot of the virtual machine before upgrading.
  • If you have configured a directory of type Active Directory over Integrated Windows Authentication (IWA), disable the STARTTLS option in the directory configuration in the Workspace ONE Access console before upgrading to the 20.10 connector. After upgrade, the functionality of Active Directory over IWA will be incompatible with the STARTTLS option.

    To edit the directory configuration, navigate to the Identity & Access Management > Manage > Directories page, select the directory, deselect the This directory requires all connections to use STARTTLS check box, and click Save.

    Note: If you applied the hotfix described in Knowledge Base article 77158 to connector 20.01 or upgraded to connector, you might have already disabled the STARTTLS option for Active Directory over IWA. Verify that the setting is disabled.
  • You need the following account information:
    • My VMware credentials
    • If the Kerberos Auth service is installed, the domain user credentials that are being used to run the service


  1. Download Workspace ONE Access Connector from My VMware.
    1. Log in to
    2. Navigate to the VMware Workspace ONE Access 20.10 Download page.
    3. Download Workspace ONE Access Connector 20.10.
  2. Save the installer file on the Windows server on which the earlier version of the connector is installed.
  3. Double-click the Workspace One Access Connector Installer.exe file to run the installer.
    The installer detects that an upgrade is needed and guides you through the upgrade process. The wizard displays an upgrade page.
  4. Follow the wizard to upgrade the connector.
    While upgrading, keep the following in mind:
    • During upgrade, if the installer detects an earlier version of the Java Runtime Environment (JRE) on the Windows server than the one packaged with the installer, you are prompted to install the new JRE version.
    • During upgrade, you can modify any of the settings for existing services. You can also install additional services. For example, if your existing installation includes only the Directory Sync service, you can install the User Auth service and Kerberos Auth service during upgrade.

      See Installing the Workspace ONE Access in Installing VMware Workspace ONE Access Connector 20.10 for information about installation and settings.

    • With the 20.10 connector, you can specify multiple external syslog servers to store application-level event messages, instead of being limited to one server. You can enter the syslog servers on the Specify Syslog Server Information page of the wizard during upgrade.

      Use the following format:


      where host is the fully qualified domain name or IP address of the syslog server and port is the port number. For example:,,

  5. After upgrade finishes successfully, verify that the upgraded services are running on the Windows server.
    The connector services have the following names:
    • VMware Directory Sync Service
    • VMware User Auth Service
    • VMware Kerberos Auth Service
  6. If JRE was upgraded during the connector upgrade, restart the Windows server after the upgrade finishes.
    Restarting the server sets the JAVA_HOME variable to the latest JRE that is installed with the upgrade, enabling the connector to use the latest JRE.


The connector upgrade is complete. You can verify that the new version of the connector is installed by navigating to Control Panel > Programs > Programs & Features on the Windows server and checking the connector version listed.

What to do next

  • In the Workspace ONE Access console, click the refresh icon on the Identity & Access Management > Setup > Connectors page and verify that the upgraded services are active and the health status is OK.
    For example:
    The Workspace ONE Access service console shows that the services are running and that their health is OK.
  • If you have a directory of type Active Directory over IWA, do not enable the STARTTLS option for the directory in the Workspace ONE Access console after installing or upgrading to the 20.10 connector. Active Directory over IWA does not work with the STARTTLS option.