VMware Workspace ONE Community
btrabue
Enthusiast
Enthusiast

Upgraded to SEG V2 and lost connectivity between AirWatch and SEG

I recently upgraded to AirWatch 9.0.3 and at the same time I also upgraded to the latest SEG V2.  After making the configuration changes in the console I downloaded the SEG installer and installed it on the SEG server.  I performed a test connection and it was unsuccessful.  The ' Connectivity between AirWatch & SEG'  was lost.  I tried several things but they were all unsuccessful.  My only other option that I could see was to install the Classic version of the SEG.  After configuring that and installing the classic version on the SEG all email functions were restored.  My understanding is that this was supposed to be an easy migration.  So far, it has been far from easy.  Has this happened to anyone else and if so, can you please let me know what was done to resolve the issue?  Thank you
Labels (1)
65 Replies
ThomasCheng
Enthusiast
Enthusiast

Casper, believe it or not, I had the same issue in QA one day in 9.1 for no obvious reason. Neither support nor I could easily identify the issue, and support suggested to move forward with the upgrade and troubleshoot again if needed. And guess what, the issue just went away after I upgraded to 9.6 without doing anything else.
Reply
0 Kudos
yajimad
Enthusiast
Enthusiast

Hi, I was able to resolve my problem similar to this forum.
In my case, the function for setting SSL certificate of SEG v2 was a root cause.
' Upload rocally'  function of SEG v2 configuration page did not work. I uploaded SSL certificate to the console and downloaded SEG v2 installer.
Then re-installed SEG v2. Finally SEG v2 started to work.
Hope this helps...
Reply
0 Kudos
JoeTingley
Enthusiast
Enthusiast

Hey folks - We're in the process of trying to migrate to SEG v2. We're editing our existing MEM configuration on the console, going through the SEG v2 config, making it to the end and getting a non-descriptive error ' Save Failed - An error has occurred. This error has automatically been saved for further analysis. Please contact technical support.'   Console version 9.6.0.8, nothing major changing. Same Exchange environment, same SEG url.  I've logged a ticket, but figured I'd run it by you folks to see if you had any insight as well.
Reply
0 Kudos
TommyEng
Contributor
Contributor

Hey Joe!  Why not just make a new configuration, won't that save either? There is noe problem having two different MEM configs
Reply
0 Kudos
JoeTingley
Enthusiast
Enthusiast

Tommy, we considered it, but there is more setup when changing the URL that we were trying to avoid.

At the end of the day, we realized that SEG v2 (using REST and taking over requests from IIS) can't sit on the DS server like we have it today since those services all require IIS. It works now because SEG Classic uses IIS. It seems so obvious in retrospect but it didn't even occur to me since the documentation didn't mention it at all as a potential hurdle and I kept thinking ' This upgrade seems too easy!' . We'll likely have to spin up a new VM for SEG V2 service at some point.
Reply
0 Kudos
T070118
Contributor
Contributor

Hi Joe, I am about to attempt same but I have a separate SEG server already.  Did support say it was possible to just edit the existing config to use v2?
Reply
0 Kudos
JoeTingley
Enthusiast
Enthusiast

Absolutely. You can edit the existing profile and upgrade it to V2 with no impact to the environment and SEG Classic will continue to function normally. I actually changed our profile over to V2 and we're still on Classic for now.
Reply
0 Kudos
T070118
Contributor
Contributor

Thanks Joe, I will give it a go so.
Reply
0 Kudos
KonstantinosLei
Contributor
Contributor

Joe T: ' At the end of the day, we realized that SEG v2 (using REST and taking over requests from IIS) can't sit on the DS server like we have it today since those services all require IIS'  < Our SEG runs on the same server as DS and reading this thread from the beginning, this was what was bugging me too! So in essence, we will need to set up a new server just for SEG v2... It would be nice to see UAG functioning as the SEG v2 but... oh well...


So did you end up setting up a new Windows server just for SEG v2 or have you found a workaround to install it on the DS server?


K

Reply
0 Kudos
JoeTingley
Enthusiast
Enthusiast

Konstantinos - That's our plan, but I haven't done it yet. Vacation preparations take precedence!
Reply
0 Kudos
chengtmskcc
Expert
Expert

I once had SEG installed on the DS server, and it was such a bad idea that I couldn't wait to separate them when we upgraded to Exchange 2013.
Reply
0 Kudos
KonstantinosLei
Contributor
Contributor

Unless you thought forward when you first set the SEG up on the DS server to use a host name alias (i.e. seg.acme.com) for its configuration and the Boxer app configuration and instead used the DS server host name (i.e. mdm.acme.com), you must have had to also change those as well. How did you pull that off? Was there any end-user impact?
Reply
0 Kudos
chengtmskcc
Expert
Expert

Assuming that question is for me, I moved users to the new mail profile pointing to the separate SEG (thus new URL) soon after their mailboxes were migrated from Exchange 2010 to 2013.
Reply
0 Kudos
KonstantinosLei
Contributor
Contributor

Hey Thomas, yes, this makes total sense. So at some point you had two SEGs running in parallel and then you just pushed a new profile pointing to the new one for the ones who were getting their mailboxes moved to the 2013 server? Do you think having two SEGs, one Classic and one V2 pointing to the same Exchange server at the same time and then pushing the new profiles to users? I am just trying to figure out a good way to migrate from Classic to V2 with the same Exchange server.
Reply
0 Kudos
chengtmskcc
Expert
Expert

I'm still researching and will be migrating in our UAT environment early next week. From what I gather thus far, I will be creating a new email configuration and installing SEG v2 on the same SEG server. Then, I will turn off IIS and let V2 handles the email proxy workload. From end user's standpoint, it's the same public URL so they shouldn't be affected at all and there will be no need to push a new or re-push an existing email profile.
Reply
0 Kudos
KonstantinosLei
Contributor
Contributor

Ah lucky you... your SEG is not the same server as DS and the host name will remain the same. Oh well... Good luck with the migration 🙂
Reply
0 Kudos
Stansfield
Enthusiast
Enthusiast

Per our experience I would reboot after you disable IIS, and before you install the v2 seg the instructions say you do not have to but are wrong, otherwise IIS keeps grabbing the traffic
Reply
0 Kudos
chengtmskcc
Expert
Expert

Konstantlnos, I started with SEG on the same box as DS and it was not fun when issue arised with email and we had to take down the host which affected normal MDM function. Since separating it from DS, it was pure joy. In my new role, our DS and CS are hosted and I only have SEG and other on-premises components to worry about.

I'm sure you would already expect a blog post from me once I finish with the migration to V2.

Stephen, thank YOU for the golden tip. I will add it to my steps to follow.
Reply
0 Kudos
KonstantinosLei
Contributor
Contributor

I think we should hold a monthly AirWatch admins session on Google Hangouts to talk about stuff... Who is in?
Reply
0 Kudos
chengtmskcc
Expert
Expert

Best Practices When Migrating from SEG Classic to SEG v2
https://support.workspaceone.com/solutions/SOL-19769
Reply
0 Kudos