Identity IQ Patch Upgrade

Patching an IIQ Installation may sometimes be a difficult job.Use the below steps after an assessment of your environment.

Things to keep in mind before upgrade:-

  1. Check if its a patch upgrade or a major version upgrade.Steps will differ accordingly.
  2. Check on any customizations in your environment.
  3. Check if there are other components like IQService or a Connector gateway that need to considered during upgrade.
  4. Ensure your backout strategy is in place, in case upgrade fails.
  5. Ensure backups before starting upgrade.
  6. Check on any eFixes in place
Steps Team Task Name Detailed Steps
1 DB Team DB Backup   DB team can take the backup of the DB in advance
2 Upgrade Team Application Server and current WAR file deployment directory backup Backup Existing WAR file deployment directory and Complete Application Server Deployment Directory.Store it in a seprate location for restoration purposes
3 Upgrade Team Prepare new WAR file Any Task ServerThis activity is to be done only once per environment and the resulting file can be used to be deployed on each server.This task aims to update the current WAR file with contents of patch Jar file.1. Take the currently deployed WAR file deployment directory file. Place it in a temporary directory ‘tempdir’.
2. Take the provided identityiq-6.XpY.jar file and place it in a subfolder of temporary directory.
3. Using CMD prompt go to this location and run the command
jar -xvf identityiq-6.XpY.jar
This will extract all folders inside the temporary directory.
4. Go inside this directory and delete the jar 6.XpY jar file. ENSURE this is done
5. Using CMD prompt go to  the location where jar file was extracted
6. Run the command
jar uf ..\identityiq.war *
7. This will update the current WAR file with the contents of 6.XpY jar file. Notice the change in size of the WAR file deployment directory file.
8. Our WAR file deployment directory file is updated with 6.XpY is ready for deployment.
4 Upgrade Team Deploy updated WAR file All Task Servers and
Presentation Servers.This activity is to be done on all task and presentation servers.This task aims to deploy the upgraded 6.XpY WAR file on all servers.
1.Stop the IIQ Application Server Service on all presentation and task servers.
2. Perform a WAR file deployment directory file deployment but DO NOT Start the IIQ Application Server service.
3. You will not be able to open and run the iiq console until you run the DB upgrade script and iiq patch command mentioned in the next sections
4. Check the file for correct DB connection details if wrong.
5   DB Team Run the DB update script. This task aims to upgrade the Database Version and update DB schema as per the IIQ 6.XpY.DBA may need to change the db and schema name in the queries as per the environment1.   DB team to run the below command before and after the script is executed.
SELECT * FROM [spt_database_version];
2.Copy the contents of script provided and run on the DB. The script should run successfully without errors.
3. Verify the result of the above two steps before and after running the upgrade script.
6 Upgrade Team Run IIQ Patch Command Each Presentation Server\
Task ServerThis has to be only once the DB team has run the upgrade script1. Using cmd prompt go to bin directory
\deployments\identityiq.WAR file deployment directory\WEB-INF\bin
2. Go to bin and apply the patch by using the command
iiq patch 6.XpY
3. The command should run successfully giving a successful message – Patch 6.XpY Applied Successfully
10 Upgrade Team Start the IIQ Application Server Services All Task Servers and Presentation ServersStart Task Servers First and then Presentation ServersStart the IIQ Application Server Services on all servers. Make Sure to stop the DR servers after the health check.
Make sure it’s a clean start.
Check service on each box by hitting IIQ Application URL on each server.

Screenshots for sample DB upgrade Script:- 

DB upgrade script


Results from spt_database version table

Before DB Script Run:-


After the DB script:-


IIQ Patch Command:-


One Response to“Identity IQ Patch Upgrade”

  1. January 5, 2017 at 4:05 PM #

    Hi Everyone,

    I am currently looking for Expert Sailpoint Consultants for a very exciting remote opportunity with one of my clients! This is a full time position with CTI Global, a leader in IT Security and Governance solutions since 1998! I am looking for a Senior Technical Consultant who is a SailPoint Identity Management-Governance Specialist. This is a very exciting position with the industry leader in IT Security and Governance complete with an excellent salary and bonus opportunities! Based on your resume, I think you would be perfect for it! If this opportunity interests you, please feel free to reach out by phone at 303-968-1312, or by email at

    Job Description:

    CTI has been a leader in IT Security and Governance solutions since 1998.We are currently looking for senior consultants and engineers to join our growing Professional Services team to implement advanced SailPoint software product based solutions for large customers in the Aerospace, Financial, Healthcare, Pharmaceutical, Insurance, Education and Government sectors.

    Main responsibilities will include:
    • Discovering, refining and analyzing customer requirements
    • Planning SailPoint product deployment
    • Determining optimal SailPoint solution design
    • Building, testing and supporting solution
    • Delivering knowledge transfer to customer staff

    Applicants MUST have solid (a minimum of 12 months experience) with:
    • SailPoint IIQ software product (CM and/or LCM)

    Applicants should additionally have at least 3 years of focused experience working in a large-enterprise setting with any two of the following technologies:
    • Access Certification / Compliance processes
    • User Account Provisioning
    • Password Management
    • Access Management / Single Sign On (SSO)
    • Federation / SAML
    • Data Synchronization or Virtualization
    • Directory Services (LDAP – compliant, Active Directory)

    Desired Technical Skill-sets
    • Java software development
    • Scripting (Beanshell)
    • Database (Oracle, MS SQL Server, etc.)
    • Application Server(s), such as WebLogic, Apache Tomcat or IBM WebSphere
    • Unix (preferred: Linux)
    • Microsoft Windows Server 20XX

    • CTI provides a dynamic, professional career path to its full-time field consultant staff which includes continual technical / product training. A highly competitive base salary and full benefits package, with the opportunity to participate in an incentive bonus plan and continual professional development are offered.

    Other Points:
    • 4-year college degree in engineering or computer science is preferred (graduate degree or graduate work a big plus)
    • Any base location in the continental US
    • Customer sites throughout the US
    • Opportunity to work from home office or a CTI office
    • Travel averaging 40-50% per year, with 2-3 week bursts, is possible

    Thanks for your time,

    Michael Hull
    National Talent Sourcer
    T: 303-968-1312

Leave a Reply

Your email address will not be published. Required fields are marked *


Proudly powered by WordPress   Premium Style Theme by