Migrating Netwrix Auditor to a New Server

Setup and Configuration
Netwrix Auditor migration
Copy Article URL Copied

Planning the Migration

Moving Netwrix Auditor to a new server requires the consideration and execution of the following items (In order).

  • Installing Netwrix Auditor on the new server
  • Exporting & Importing Netwrix Auditor Configuration
  • Migrating the Long-Term Archive
  • Migrating SQL Databases
    • Migrating SQL Databases is not required if you plan to keep SQL hosted on the original Netwrix Auditor Server or if SQL is already hosted remotely.

Please continue to view in-depth instructions for performing a Netwrix Auditor migration.

Installing Netwrix Auditor on the New Server

When moving Netwrix Auditor to a new server, make sure the version and build of Netwrix Auditor installed on the new server is the same as the version and build running on the old server.

Confirm that the new server meets the Software Requirements and Hardware Requirements.

Exporting and Importing the Configuration

Return to the original instance of Netwrix Auditor. Stop and disable all Netwrix Auditor Services Except for the Netwrix Auditor Configuration Server Service and the Netwrix Auditor Core Service. This prevents Netwrix Auditor from running collections during the migration. Next, disable any Netwrix Scheduled Tasks. You will have scheduled tasks if you have ever created monitoring plans for Password Expiration Notifier, Inactive User Tracker, or Event Log Manager.

Now we can safely export the configuration by doing the following:

Launch Command Prompt as Administrator

Execute: cd C:\Program Files (x86)\Netwrix Auditor\Audit Core
Execute: configserverDbProcessor.exe export -target "C:\Backup\naconfig.xml"

Note: The target path can be wherever you choose to export the file. Make sure you include the file name “naconfig.xml” at the end of whatever path you choose to be the destination of the export.

You have now successfully exported the configuration file. Navigate to where it was exported and copy it to the new server. We will import it to the new Netwrix Auditor instance towards the end of the migration process.

Long-Term Archive

By default, the Long-Term Archive is located at “C:\ProgramData\Netwrix Auditor\Data”. If you have relocated your Long-Term Archive, you can find the location under Netwrix Auditor Settings > Long-Term Archive.

Navigate to your Long-Term Archive and copy the entire folder. Proceed by pasting the Long-Term Archive to the new Netwrix Auditor server. While you can choose to paste it to the respective location, we suggest taking this opportunity to place the Long-Term Archive on a separate drive on the server. This prevents dynamic growth on the C drive. Take note of where you have placed the Long-Term Archive on the new Netwrix Auditor server.

You have successfully migrated the Long-Term Archive.

SQL Databases

It is also important to decide if you are going to migrate your SQL Databases or leave them on their current SQL Server instance. If you will be migrating your SQL databases, click here for instructions. After SQL Migration, you will need to deploy a new Report Server Database

Final Steps

All further steps will be conducted on the new Netwrix Auditor server. All elements are staged for completing the migration. Continue with the steps below to piece everything back together.

First, stop all Netwrix Services on the new Netwrix Auditor server Except for the Netwrix Auditor Configuration Server Service and the Netwrix Auditor Core Service.

Now we can import the naconfig.xml file.

Launch Command Prompt as Administrator

Execute: cd C:\Program Files (x86)\Netwrix Auditor\Audit Core
Execute: configserverDbProcessor.exe import -source "PATH_OF_EXPORTED_NACONFIG.XML" -target "C:\ProgramData\Netwrix Auditor\AuditCore\ConfigServer\Configuration.xml"

The configuration has been successfully imported.

Open a PowerShell window as Administrator and execute the following (Starts all Netwrix Auditor Services):

 Start-Service -Displayname -Netwrix* 

Launch Netwrix Auditor and immediately go to Settings > Long-Term Archive. Change the path for the Long-Term Archive to reflect where the migrated Long-Term Archive has been placed on the new Netwrix Auditor server.

If you had to move your SQL databases, continue reading – Otherwise, skip to the Validation Checklist section below. We will need to point Netwrix Auditor at the new SQL Server Instance. To do so, begin with gathering the Instance name. This can be found by launching SQL Server Management Studio.

Enter the instance name and the account used to write data to SQL into the text field below. If the account has changed, review SQL permissions here.

Migration Summary

We have now migrated the Long-Term Archive, the Netwrix Auditor Configuration File, and possibly the SQL Databases. We imported the Configuration file and pointed Netwrix Auditor to the new Long-Term Archive Location (and the new SQL instance, if applicable.)

NOTE: If you had configured any of the omit lists, you will need to either copy the contents of them or copy the files themselves to the new server. A list of all omit lists and their locations can be found here.

NOTE: Password Expiration Notifier, Inactive User Tracker, and Event Log Manager do not have the ability to be migrated. Please remember to manually copy their configurations over to the new server. Do not worry about losing any data, as Password Expiration Notifier and Inactive User Tracker do not store data – Instead, their reports are sent daily via email. Event Log Manager data will be migrated if you had to migrate SQL Databases.

Validation Checklist

Test the following functions in your freshly migrated instance of Netwrix Auditor

  • Run a search with blank parameters (An open search)
  • Run a report on a data source that you are auditing
  • Confirm that your Monitoring Plans have carried over

Finally, monitor the system over the next few days to confirm the changes are stable. As long as the system is operable and you can view migrated data, you may choose to delete all traces of Netwrix Auditor, including uninstalling the software, on the former server.

Go Up