Hi,

I am trying to upgrade my BixFix 10.0.9.21 to BixFix 11.0.0.175.
When running the pre-upgrade check, I got this message which I dont know how to fix. Any help would be appreciated.

Note: we are running on Windows with a remote Microsoft SQL Database instance. We use integrated security; the computer account running bigfix has sysadmin role (temporary) but also our service account and the account we are using to start the upgrade have sysadmin privileges.

======================================
Check SHA1 signatures digest is disabled.
------------------------------------ 
Error: You must enable Enhanced Security (ES) in your environment before upgrading. Use BESAdmin to enable it and then start again the upgrade process. If you are in a Distributed Systems Architecture (DSA) environment, ensure that you enable ES on the primary server, then verify the successful replication on the secondary server and the propagation of the masthead file.

Hello Sander,

I think that the upgrade message which you've got is self-explanatory.
SHA-1 is no longer supported by BigFix platform.
You must enable Enhanced Security to force the SHA-1->SHA-256 conversion in advance of the upgrade process.

Actually all v11 upgrade considerations are thoroughly described in the following guideline :
https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Installation/c_overview.html

------------------------------
Thank you,
Oktawian

Oktawian Powązka, L3 Support
IBM License Metric Tool

Original Message:
Sent: Fri October 20, 2023 09:11 AM
From: Sander Knijn
Subject: Pre-upgrade check BigFix 11.0: Check SHA1 signatures digest is disabled.

Hi,

I am trying to upgrade my BixFix 10.0.9.21 to BixFix 11.0.0.175.
When running the pre-upgrade check, I got this message which I dont know how to fix. Any help would be appreciated.

Note: we are running on Windows with a remote Microsoft SQL Database instance. We use integrated security; the computer account running bigfix has sysadmin role (temporary) but also our service account and the account we are using to start the upgrade have sysadmin privileges.

======================================
Check SHA1 signatures digest is disabled.
------------------------------------ 
Error: You must enable Enhanced Security (ES) in your environment before upgrading. Use BESAdmin to enable it and then start again the upgrade process. If you are in a Distributed Systems Architecture (DSA) environment, ensure that you enable ES on the primary server, then verify the successful replication on the secondary server and the propagation of the masthead file.

------------------------------
Sander Knijn
------------------------------

Thank you for the link.

After the upgrade I could not login to  with my local admin account.
I removed the (new?) password complexity rules using besadmin.exe and restarted the BES Root server after which I could login again. I dont know if the complexity rule was the issue or the restart fixed it.

I got one more question.
After upgrading I noticed some Critical fixlets and they talk about installing console/relay and portal plugin on our clients.
We want that component only running on the BigFix server.
I don't understand why I get this recommendation? Any idea why all my servers need this installed, why are they in "applicable computers" ? 

Task names:
"Install BigFix Console (Version 11.0.0)"
"Install BigFix Plugin Portal (Version 11.0.0)"
"Install BigFix Relay  (Version 11.0.0)"
"Install BigFix WebUI Service  (Version 11.0.0)"

------------------------------
Sander Knijn

Original Message:
Sent: Sat October 21, 2023 04:28 AM
From: Oktawian Powązka
Subject: Pre-upgrade check BigFix 11.0: Check SHA1 signatures digest is disabled.

Hello Sander,

I think that the upgrade message which you've got is self-explanatory.
SHA-1 is no longer supported by BigFix platform.
You must enable Enhanced Security to force the SHA-1->SHA-256 conversion in advance of the upgrade process.

Actually all v11 upgrade considerations are thoroughly described in the following guideline :
https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Installation/c_overview.html

------------------------------
Thank you,
Oktawian

Oktawian Powązka, L3 Support
IBM License Metric Tool

Original Message:
Sent: Fri October 20, 2023 09:11 AM
From: Sander Knijn
Subject: Pre-upgrade check BigFix 11.0: Check SHA1 signatures digest is disabled.

Hi,

I am trying to upgrade my BixFix 10.0.9.21 to BixFix 11.0.0.175.
When running the pre-upgrade check, I got this message which I dont know how to fix. Any help would be appreciated.

Note: we are running on Windows with a remote Microsoft SQL Database instance. We use integrated security; the computer account running bigfix has sysadmin role (temporary) but also our service account and the account we are using to start the upgrade have sysadmin privileges.

======================================
Check SHA1 signatures digest is disabled.
------------------------------------ 
Error: You must enable Enhanced Security (ES) in your environment before upgrading. Use BESAdmin to enable it and then start again the upgrade process. If you are in a Distributed Systems Architecture (DSA) environment, ensure that you enable ES on the primary server, then verify the successful replication on the secondary server and the propagation of the masthead file.

------------------------------
Sander Knijn
------------------------------