If your Workspace ONE Access 21.08.X virtual appliance cannot connect to the Internet for upgrade, you can perform an offline upgrade.

Two options are available for offline upgrade. You can set up an upgrade repository on a local Web server and configure the appliance to use the local Web server for upgrade. Or you can download the upgrade package to the Workspace ONE Access 21.08.X server and use the updateoffline.hzn script to upgrade.

Prerequisites for a Workspace ONE Access Offline Upgrade

Before you upgrade the 21.08.X virtual appliance to 22.09 offline, perform these prerequisite tasks.

  • Take a snapshot of your virtual appliance to back it up. For information about how to take snapshots. See KB article 2032907, Managing snapshots in vSphere Web Client.
  • Verify the health of the Elasticsearch service. Go to the System Diagnostic Dashboard in the Workspace ONE Access console and review the Integrated Components section. Confirm that the values for the Elasticsearch items are green. If the state displays as red, fix the Elasticsearch issues before upgrading. See the Troubleshooting Elasticsearch Cluster Health: VMware Workspace ONE Access Operational Tutorial guide.

    When you upgrade to Workspace ONE Access 22.09, Elasticsearch is migrated to OpenSearch version 1.3.5 which is embedded in the Workspace ONE appliance for auditing, reports, and directory sync logs. During the migration all closed indices, search indices (which will be rebuilt) and Elasticsearch version 5.6.15 audit indices containing multiple document types, which are not supported in OpenSearch, are deleted.

  • Microsoft SQL server 2014 updated with the Microsoft SQL patch to support TLS 1.2.
  • If you revoked the db_owner role on the Microsoft SQL database, you must add it back before performing the upgrade, otherwise the upgrade fails. Add the db_owner role to the same user that was used during installation:
    1. Log in to the Microsoft SQL Server Management Studio as a user with sysadmin privileges.
    2. Connect to the database instance for Workspace ONE Access 20.10.X
    3. Enter the following commands.

      If you are using Windows Authentication mode, use the following commands:

      USE <saasdb>;
      ALTER ROLE db_owner ADD MEMBER <domain\username>; GO 

      Make sure that you replace <saasdb> with your database name and <domain\username> with the relevant domain and username.

      If you are using SQL Server Authentication mode, use the following commands:
      USE <saasdb>;
      ALTER ROLE db_owner ADD MEMBER <loginusername>; GO 

      Make sure that you replace <saasdb> with your database name and <loginusername> with the relevant username.

    For information about revoking the database-level role, see Change Database-Level Roles After Upgrade to Workspace ONE Access
  • Take a snapshot or backup of the external database.
  • Verify that Workspace ONE Access is properly configured.
  • Confirm that a Workspace ONE Access upgrade exists. Check the My VMware site at my.vmware.com for upgrades.
  • If you are upgrading using the updateoffline.hzn script and your deployment includes a proxy server, deactivate the proxy server.

    Deactivate the proxy server from the Workspace ONE Access console.

    1. Log in to the Workspace ONE Access console and navigate to the Monitor > Resiliency page.
    2. Select the appliance and click VA Configuration.
    3. Click Manage Configuration, log in with the admin user password, and click Proxy Configuration.
    4. Deactivate Proxy.
    5. Click Save.

    After a successful upgrade, enable the proxy server again.

  • Before you run the upgrade, download the update-fix.tgz file from the MyVMware Downloads site at my.vmware.com and copy the file to the appliance, extract the file, and set the permissions.
    • Use the scp command to copy the update-fix.tgz file to the appliance's /tmp location.
    • Run tar -xvzf update-fix.tgz to extract the files.
    • Run the following command to copy the extracted file.
      cp configureupdate.hzn /usr/local/horizon/update/configureupdate.hzn
    • Change permissions and ownership of the files.
      chmod 500 /usr/local/horizon/update/configureupdate.hzn 
      chown root:root /usr/local/horizon/update/configureupdate.hzn
  • Ensure that following directory space requirements are met.
    Directory Minimum Available Space
    / 4 GB
    Directory where you download the offline upgrade package, identity-manager- 2 GB