How to migrate NoSpamProxy version 12.x or 13.x

Important: This article refers only to version 12.x and 13.x! For a migration of Version 14 we can’t offer a manual currently.

To move version 12.x or 13.x to another computer, proceed as follows:

1. Export and delete existing DKIM keys on the source server if necessary (only available with NoSpamProxy Protection).
2. Copy your own stored logo image files to the new computer
3. Copy the files Intranet Role.config and license.xml from the directory C:\ProgramData\Net at Work Mail Gateway\Configuration to the new computer.
4. Create the directory “C:\ProgramData\Net at Work Mail Gateway\Configuration” on the target server and copy Intranet Role.config and license.xml into it.
5. Customize the Intranet Role.config.
6. Install the SQL server.
7. Stop the Intranet Role service.
8. a) Back up the database files and restore them to the target SQL server.
   OR
   b) Move the database files to the new directory and mount them in the SQL server.
9. Execute the NoSpamProxy Setup on the target server.
10. Connect the Intranet role to the Gateway role.
11. Then check all previously set passwords and certificates and reassign the connectors.
12. Import the DKIM keys exported in step 1) to the target server.

The steps in detail

1. Export and delete existing DKIM keys on the source server.
2. In the NoSpamProxy Management Console, go to People and Identities > DKIM Keys and export existing DKIM Keys (if any) and delete them afterwards.
3. Copy your own, stored logo image files to the new computer
   You can find the logo image file under the name Logo.png on the Intranet Role in the directory “C:\ProgramData\Net at Work Mail Gateway\Intranet\Theme\”. Create this directory on the new computer and place the file Logo.png in it.
4. Copy the Intranet Role.config and license.xml to the new computer.
   First stop all NoSpamProxy services on the source computer and then stop the SQL database instance. This is usually found under the Windows services under the name “SQL Server (NOSPAMPROXY)”.
   Now copy the Intranet Role.config and license.xml from the directory “C:\ProgramData\Net at Work Mail Gateway\Configuration” to the target computer.
   Please copy ONLY the mentioned files from the directories, otherwise problems could occur during installation.
5. Create the directory “C:\ProgramData\Net at Work Mail Gateway\Configuration” on the target server and copy Intranet Role.config and license.xml into it.
6. Edit the Intranet Role.config
   Open the file with an editor, such as Notepad, and search for the following entry:
   <connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">
<EncryptedData>
<CipherData>
<CipherValue>AQAAANCMnd...==</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
   Change it to look like this at the end:
   <connectionStrings>
</connectionStrings>
   Search the entire file for
   encryptedPassword=
   and change the occurrences that look similar to
   encryptedPassword="AQAAANCM...W9b17"inencryptedPassword=""Do the same for all occurrences oftlsCertificatePin="AQAAANCM...W9b17" andtlsCertificateThumbprint="AQAAANCM...W9b17"as well as

   password="AQAAANCM...W9b17".

   If De-Mail was configured, please search for

   certificatePin="AQKLM....D87W"

   and change the entry in

   certifcatePin="".

   Finally, search for any DKIM keys that may be available. Search for the following entry:

   <dkimKeys>
<key domain="example.com" selector="key1" privateKey="AAAAcVARJk3pG0SsnJkmR2FK..." />
</dkimKeys>

   Change the entry so that it looks like this:

   <dkimKeys>
</dkimKeys>

   Now save the file.

7. Install the SQL Server.
   Now install the SQL Server in the version you want starting with SQL Server 2008 R2.
   Do not forget to install the administration tools, in particular SQL Management Studio.
8. Stop the Intranet Role Service
   Stop the Intranet roles service via the NoSpamProxy console or via the Windows services to exclude access to the database and entries in the database of the Intranet role.
9. a) Back up the database files and restore them to the target SQL server.
   With the help of SQL Management Studio you first create a backup of the SQL database “NoSpamProxyAddressSynchronization” on the source server.
   Right-click on the database and select “Task / Backup”. A dialog opens. Leave everything there as it is in the standard system and simply add a “disk” and the corresponding path to the backup file in the lower section.
   Then start the backup.
   Copy the resulting backup file to the target server and restore it.
   To do this, right-click on “Databases” in the SQL Management Studio of the target server and select “Restore Database”. A dialog opens.
   First select “Device” and add a new “File” in the dialog that appears. This file is the currently copied backup file.
   Now start the recovery.
   OR
   b) Move the database files to the new directory and mount them in the SQL server.
   The SQL database files are usually located in the path “C:\Program Files (x86)\Microsoft SQL Server\MSSQL.XXXX\MSSQL\Data” or “C:\Program Files\Microsoft SQL Server\MSSQL.XXXX\MSSQL\Data”. You can recognize them by the name that begins with NoSpamProxy.
   Copy both the NoSpamProxyAddressSynchronization.mdf and NoSpamProxyAddressSynchronization.ldf files to the target computer and move the database files to the desired directory. This does not necessarily have to be the default directory of the SQL server.
   Then open SQL Management Studio. After logging on to the server, right-click Databases and select Add (or Databases and Attach).
   In the following dialog, add the first database file from the desired directory. The associated log file is automatically recognized.
10. Execute the NoSpamProxy Setup for the same version.
    Now start the setup of the NoSpamProxy. Make sure to select Advanced Installation.
    In the query which SQL Server is used, select that a SQL Server is already installed and set the corresponding connection parameters. The setup then recognizes all further configuration files and adapts them.
11. Connect the Intranet role to the Gateway role.
    As soon as the setup has been completed successfully, reconnect the intranet role under Gateway Components with the gateway role and, if necessary, the web portal.
    To do this, delete the existing connections, then restart the Intranet role and reconnect it.
12. Then check all previously set passwords and certificates and reassign the connectors.
    With the conversion, the device-dependent encrypted passwords were deleted or can no longer be decrypted. This applies in particular to the password for protecting sensitive data, with which the private keys of S/MIME and PGP are protected.
    In the interface, set the old password again to restore access.
    The same applies to any SSL certificates configured in the receive connector.
    Therefore, check all passwords and SSL certificates that were previously stored and reset them.
    In addition, the send and receive connectors must be reassigned to corresponding gateway roles.
13. Import the DKIM keys exported in step 1) to the target server.

Migration of the NoSpamProxy Web Portal

If the NoSpamProxy WebPortal is in use and this is to be migrated to another server, there are two different ways of doing this which are described below:

Migration by installing another Web Portal

1. Install the NoSpamProxy Web Portal on the new server including a new database and set it up according to the installation instructions.
2. Include the new Web Portal parallel to the existing WebPortal in the NoSpamProxy console under Configuration > NoSpamProxy Components > Web Portal.
3. Change the accessibility of the Web Portal from the outside so that the standard link points to the new Web Portal, so that only this can be addressed from the outside / from the gateway role. Thus all files are exchanged between the Web Portals via the service “NoSpamProxy – FileSynchronizationService”.
4. After the set storage time period under Configuration > NoSpamProxy Components > Web Portal > Web Portal Settings > Modify on the  Large Files tab, the old Web Portal can then be switched off because no new files have been stored there or all existing files have expired.

Please note: If you switch off the system with the old WebPortal, also remove it under Configuration > NoSpamProxy Components > WebPortal, otherwise the Intranet role will still try to communicate with the Web Portal, resulting in memory overflow of the database.

Migration by relocation of the data

1. Install the SQL Server in the version you want starting from SQL Server 2012. Do not forget to install the management tools, especially SQL Management Studio.
2. Stop the “NoSpamProxy – FileSynchronizationService” service via the Windows computer administration (Windows services) and the Internet Information Service (IIS) via the command line “CMD> iisreset /stop” to exclude access to the database and entries in the database of the web portal.
3. a) Back up the database files and restore them to the target SQL server.
   Using the SQL Management Studio, you first create a backup of the SQL database “enQsigPortal” on the source server. To do this, right-click on the database and select “Task / Backup”. A dialog opens. Leave everything there as it is in the standard system and simply add a “disk” and the corresponding path to the backup file in the lower section. Then start the backup. Copy the resulting backup file to the target server and restore it.
   To do this, right-click on “Databases” in the SQL Management Studio of the target server and select “Restore Database”. A dialog opens.
   First select “Device” and add a new “File” in the dialog that appears. This file is the currently copied backup file. Now start the recovery.
   OR
   b) Move the database files to the new directory and mount them in the SQL server.
   The SQL database files are usually located under “C:\Program Files (x86)\Microsoft SQL Server\MSSQL.XXXX\MSSQL\Data” or “C:\Program Files\Microsoft SQL Server\MSSQL.XXXX\MSSQL\Data”. You can recognize them by the name “enQsigPortal”. Copy both the enQsigPortal.mdf and enQsigPortal.ldf file to the target computer. Now move the database files to the desired directory. This does not necessarily have to be the default directory of the SQL server. Then open SQL Management Studio. After logging on to the server, right-click Databases and select Add (or Databases and Attach). In the following dialog, add the first database file from the desired directory. The associated log file is automatically recognized.
4. Copy the storage folder of the files from the source server to the destination server. Where the files are stored on the source server can be found in the NoSpamProxy console under Configuration > NoSpamProxy Components > Web Portal in the integrated WebPortal. Please note the folder structure and store the files on the target server where they should be stored in the future.
5. Install the WebPortal on the target server and set up the access in IIS according to your environment. Make sure that you select the existing instance on the SQL Server and do NOT install a new instance!
6. Remove the old WebPortal from the Intranet role and add the new WebPortal accordingly in the NoSpamProxy console under “Configuration > NoSpamProxy Components > WebPortal”.
   After inserting the components, make sure that you adjust the storage location accordingly!
   If the access to the new WebPortal works and your users can also download the files, you can still see in the NoSpamProxy console under “Monitoring > Suspended e-mails” whether there in the meantime have accumulated e-mails that are still waiting for processing by the content filter. To do this, restart the processing.

Notes

• All certificates that can be found in the console under “People and Identities > Certificates” are in the database and are automatically moved by the relocation of the intranet roles database “NoSpamProxyAddressSynchronization” during a migration.
• The gateway role gets all information from the intranet role. Therefore this role is simply reinstalled during an upcoming migration.
• If template adjustments were made manually, you must copy the changed templates to the target system.
• If the disclaimer is licensed and configured, please note the following Knowledge Base article How to modify SSL certificates to access the disclaimer page and copy the templates for the disclaimer from the directory “C:\ProgramData\Net at Work Mail Gateway\Intranet\Templates” to the target system