How to upgrade JDK to the latest version on PIM Management Servers

Document ID : KB000009862
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

This guide describes how to upgrade Java 1.8 by stopping services and uninstalling the exiting JDK and JRE and then install and configure the new version on Windows. 

Background:

You can download the latest JDK from the Oracle website. PIM 12.9.1 and 12.9.2 support any version of the JDK 1.8. 

Environment:
Windows Enterprise Manager (including Load Balancing Enterprise Manager) 12.9.x and Windows Distribution Server 12.9.x
Instructions:

These instructions cover both Enterprise Manager and Distribution Server where the only difference is that not all services are present on the Distribution Server. 

  1. Stop All PIM Services:
    1. JBoss Application Server 4.2.3
    2. GUACD
    3. Apache Tomcat 7.0.54
    4. CA ProxyManager
    5. CA Privileged Identity Manager Message Queue
    6. CA Privileged Identity Manager Connector Server (Java)
    7. CA Privileged Identity Manager Event Forwarder (Java)
    8. CA Access Control Web Service
    9. Open a command prompt and stop core PIM via secons -S

  2. Uninstall from Programs and Features the old JRE and then JDK:
    1. Uninstall Java 8 Update 51 (64-bit) 
    2. Uninstall Java SE Development Kit 8 Update 51 (64-bit)

  3. Install the latest 64bit JDK 8 version with the following options: 
    1. The first install path is the JDK and this MUST match the current install directory of JDK. By default PIM uses C:\jdk1.8.0. You can verify this in the product configuration by viewing C:\jboss-4.2.3.GA\bin\run_idm.bat and checking JAVA_HOME. 
      JDK_Path1.png
    2. The second install path is the JRE and you can accept the default path from the installer.
      JRE_Path2.png
  4. Once the installer completes modify C:\jdk1.8.0\jre\lib\security\java.security
    Find Line: jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
    Replace with: jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768

  5. Start All PIM Services:
    1. CA Privileged Identity Manager Message Queue
    2. JBoss Application Server 4.2.3
    3. GUACD
    4. Apache Tomcat 7.0.54
    5. CA ProxyManager
    6. CA Privileged Identity Manager Connector Server (Java)
    7. CA Privileged Identity Manager Event Forwarder (Java)
    8. CA Access Control Web Service
    9. Open a command prompt and start PIM via seosd -start 
Additional Information:

If you have followed TEC1847189 you may not be able to upgrade this method. Java 1.8 added an automatic upgrade procedure and when this occurs it doesn't keep the default directory. That KB describes how to change our configuration files to point to the newly updated JDK path which if you uninstall that JDK version our services will not start.