Updating the TS Agent

This section explains how to update the TS Agent, either manually or through a Microsoft GPO.

Updating the TS Agent from version 1.0.3 or lower

Before updating the TS Agent to version 1.0.5 or higher, you need to fully uninstall 1.0.3 or other lower versions with a script provided by Stormshield.

IMPORTANT

Even if you have used the TS Agent uninstall program in version 1.0.3 or lower, you must follow this procedure to fully uninstall the version.

In your MyStormshield personal area, go to Downloads > Downloads.
Select Stormshield Network Security > TS Agent from the suggested categories.
Click on the uninstall script (.ps1 file) to download it.
Copy the script on each RDS or Citrix server on which a TS Agent has been installed.
Run the script as an administrator.
When the script is being executed, errors may appear if files from the previous installation have already been deleted.

Updating the TS Agent manually

Open an administrator session on the server on which the TS Agent will be updated.
Upload the .msi installation file of the new version that was downloaded earlier.
Double-click on this file to run the update.
Click on Next.
In the installation program, in the Account type window, select the account used to run this service (Local system account or Account dedicated to the service).
In the Encryption key window, select the checkbox Use existing configuration to keep the pre-shared key and any custom values in settings from the version of TS Agent that is already installed on the server.
In the Ready to install Stormshield TS Agent window, click on Install.
The server has to be restarted to finalize the installation of the new TS Agent version. If you do not restart the server immediately, remember to schedule it in order to apply the new driver that was installed.

NOTE
Before restarting the server, you can run a script, which analyzes any ports that may be in conflict with the TS Agent, and which adds them to its settings to reserve them for system operations. As such, these ports cannot be assigned to any user. This script can be used later, but the server will need to be restarted again. For further information, refer to the section Appendix: Using script to configure ports that are reserved for system operations

Updating the TS Agent through a Microsoft GPO

In a Microsoft Active Directory environment, the TS Agent update can be automatically deployed through a GPO (Group Policy Objects). This deployment is a two-step process.

Creating an MST package containing the arguments required for deploying the new version of the TS Agent

An MST package must first be created to include the following arguments required for deploying the new version of the TS Agent:

PKEY_VALUE, which specifies the pre-shared key (PSK) required for communication between the TS Agent the and the firewall,
REBOOT, set to Force to restart the server at the end of the installation.

A third-party tool has to be used to create the MST package. The procedure described below uses the Microsoft Orca tool available in the components of the Microsoft Windows Installer software development kit (SDK).

Copy the TS Agent installation program (.msi file) in a shared folder that can be accessed by the Microsoft Active Directory domain controller and the RDS/Citrix servers.
On a machine equipped with the Microsoft Orca tool (administrator workstation, Microsoft Active Directory controller, etc.) and which can access the shared folder, right-click on the TS Agent's MSI package, and select Edit with Orca.
Click on Transform > New transform and select the TS Agent's msi package.
Select the Property table.
To specify the pre-shared key required for communication between the TS Agent and the SNS firewall:
1. Right-click and choose Add Row.
2. In the Property field, enter PKEY_VALUE.
3. In the Value field, indicate the value of the pre-shared key.
4. Click on OK.
To restart the server when the installation of the TS Agent is complete:
1. Right-click and choose Add Row.
2. In the Property field, enter REBOOT.
3. In the Value field, enter Force.
4. Click on OK.
Click on Transform > Generate Transform.
Choose a name for the MST package and save it in the same folder as the TS Agent MSI installation package.
Close the Orca editor by clicking on File > Exit.

Editing the GPO to deploy TS Agent MSI and MST packages

As soon as the MST package is created, you can edit the GPO to deploy TS Agent MSI and MST packages.

On the Microsoft Active Directory domain controller:

Run the server manager.
In the upper menu bar, click on Tools, then on Group Policy Management.
In the list on the left, right-click on the name of the GPO in question and select Edit.
The GPO editing window opens.
In the menu to the left of the GPO, expand the menu Computer Configuration > Policies > Software Settings.
Right-click on Software installation and select New > Package. Select the new TS Agent MSI installation package.
Select Advanced mode and click on OK.
The GPO editing window opens.
Rename this installation instance if necessary, by adding the TS Agent version number, for example.
In the Changes tab, click on Add..., select the mst package that was created earlier and click on Open. The selected MST package is now associated with the TS Agent's update installation GPO.
In the Upgrades tab, the installation instance of the previous TS Agent package is shown with the caption Upgrade. Select it and click on Remove. This property must be edited in order for the TS Agent to be upgraded properly.
Click on Add..., select the update package, then select the option Uninstall the existing package, then install the upgrade package.
Confirm by clicking on OK.
In the Upgrades tab, the installation instance of the previous TS Agent package is now associated with the Replace operation.
Confirm by clicking on OK.

The TS Agent update package is now ready to be deployed on machines in the Microsoft Active Directory domain.

The GPO will apply the next time the machines in question are restarted (RDS/Citrix servers).