IBM Support

Detected msdos partition table during upgrade

Troubleshooting


Problem

During an upgrade, you received the following error: "ERROR: Detected msdos partition table. Due to known issues with upgrading msdos partition tables, the upgrade cannot continue." QRadar V7.2.8 to V7.3 upgrades that use Red Hat Enterprise Linux (RHEL) V7.X do not support msdos partition tables.

Resolving The Problem

If you encountered this error with an msdos partition that is less than 2 TB, you can resolve this issue either by backing up your configuration and data to a server that has enough disk space and reinstall RHEL V6.8 and QRadar before you continue the upgrade, or by migrating to other hardware. For backing up and reinstalling the data, follow the steps below. For migrating to other hardware, see QRadar SIEM hardware migration scenarios (https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/c_qradar_hardware_migration.html).

Before you begin

There are steps that you must take before you can start to resolve the partition problem.

  • If you encountered this error on a Console, create a configuration backup archive, and copy the configuration backup archive off the server. For more information, see Creating an on-demand configuration backup archive (https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/t_qradar_adm_creat_on_dmd_conf_bkup_arch.html).
  • If you encountered this error on a high-availability (HA) system, disconnect the HA cluster. Create a configuration backup archive and copy the configuration backup archive off the server, unless you encountered the error on the secondary HA host. For more information, see Disconnecting an HA cluster (https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/t_qradar_ha_disconnect_cluster.html).
  • If you encountered this error on a managed host, remove the managed host from your deployment. For more information, see Removing a managed host https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/t_qradar_adm_remove_mnged_host.html).
  • Back up your data by using either rsync or SCP to complete the data transfer. These commands might require the root user to accept SSH keys and provide the root password for the target server. The length of this process depends on how much data needs to be transferred.
    1. Log in to your QRadar appliance by using SSH.
    2. Copy the data from your QRadar appliance to another server by using the rsync command, as in the following example:

      rsync -avz /store/ariel/ root@<backup_server_IP_address>:/store/ariel

Procedure

Now that you've backed up your data, use the following procedure to complete the upgrade from QRadar V7.2.8 to V7.3.

  1. Boot into rescue mode (Rescue Installed System), then run these commands before installing RHEL 6.8:
    /usr/bin/dd bs=512 count=10 if=/dev/zero of=/dev/sda
    /usr/sbin/parted --script /dev/sda mklabel gpt
    /usr/sbin/parted --script /dev/sda print
  2. Reinstall RHEL V6.8. For more information, see Installing RHEL on your own appliance (https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/t_siem_inst_rhel_own_app.html).
  3. If you are restoring an HA appliance, run the following script before you install QRadar:

    /media/cdrom/post/prepare_ha.sh

  4. Install QRadar V7.2.8. For more information, see QRadar software installations on your own appliance (https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/c_siem_inst_prep.html).
  5. Update your QRadar system to the same version that system was at when you made the backup archive. See the release notes for that version of QRadar for update instructions.
  6. Restore your configuration backup archive. For more information, see Restoring a backup archive (https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/t_qradar_adm_restor_bkup_arch.html).
  7. Copy the data that you backed up to /store/ariel to your QRadar system by using the rsync command on your backup server, as in the following example:

    rsync -avz /store/ariel/ root@<QRadar_IP_address>:/store/ariel

  8. If you are restoring a managed host, readd the managed host to your deployment. For more information, see Adding a managed host (https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/t_qradar_adm_add_mnged_host.html).
  9. If you are restoring an HA appliance, re-create the HA cluster. For more information, see Creating an HA cluster (https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/t_qradar_ha_create_cluster.html).
  10. Upgrade the appliance. For more information, see Upgrading QRadar appliances https://www.ibm.com/support/knowledgecenter/SS42VS_7.3.1/com.ibm.qradar.doc/t_qradar_up_ugrad_sys.html).

Results

You have completed the upgrade from QRadar V7.2.8 to V7.3.

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Upgrade","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
03 October 2018

UID

swg22011871

Page Feedback