Migrate Password Server

Share KeePass Passwords with your Team of multiple users

If you want to migrate your passwords to a new machine, you can use one of the Server Migration options listed below.

• The recommended server migration process is to simply follow the Backup procedure on the old host and restore the database on the new host.
• The Pleasant Password database stores all the data including settings and audit logs.
• But be sure to save your encryption keys and database connection string.

Have Questions?  Contact Us!

Licensing: 

• The same license can be used, see Activating on a New Machine

Server Migration Options

• Method A: (easiest) Copy/Paste the database file - Manual Backup & Manual Restore
• Method B: Restore from a Backup file - use Automatic Backup & Restore
• Method C: (external database) Point the connection string to the external database
• Method D: Use the KeePass Export and Import steps

Server Migration Steps

Method A: File Copy  (All Editions)

Install the same version on the new server.

Simply copy and paste the SQLite database file, following the Manual Backup & Manual Restore process. Be sure to stop the service/site before moving, and to copy the Service Configuration values onto the new server.

• related files: License.key, ActivationLease.dat

Method B: Restore from Backup  (Enterprise Edition or higher)

You can use these detailed steps to migrate:

1. Download and Install the same PPASS version on the new machine: Finding Historic Versions
   • Stop the service / site. Note: Stop IISExpress.exe task if necessary.
   • If you are Hosting with IIS, also disable the service.
2. Backup your current production machine: Settings > Database Backups
   • Copy the Backup file to a fileshare visible on the new server.
   • Save the Backup Encryption key to a secure location.
3. Stop the current service / IIS site
   • This step will cause an outage (the current server will be unavailable to the users), until we re-start on the new server.
4. Set & Save the Connection Strings:
   • If connecting to an existing database (not SQLite)
     • Then you can skip to the last step and just restart
   • If creating a new database
     • Then follow the necessary steps to switch the database by creating the instance and setting up the connection string
   • Otherwise,
     • Copy the connection string and database type from the current server to the new server (using Service Config utility).
     • Restart the service / site.
5. Restore the Database onto the new server:
   • Login onto the web application on the new server (with: "admin" / "admin")
   • Click "Restore Database", enter the Backup Encryption key, and click Restore. The application will notify when the process is complete.
   • You may also wish to copy over these files: License.key, ActivationLease.dat
6. Restart: Once the Restore is complete, restart the new service / IIS site.
7. Re-Apply License:
   • If necessary, re-enter the license key in the license status tab, in the case the relevant file information was not also copied.

All Related Links:

• Backup / Restore
• What's included in the database?
• Finding Historic Versions
• Install steps / Upgrade steps / Server Requirements
• Activation info - Troubleshooting
• Database Switch / Database Migration
• Disaster Recovery / Recovery Options
• Best Practices / Server Hardening

Problems?

Please follow these Troubleshooting steps.

Migrate Domain Servers (LDAP/AD)

The preferred way to migrate LDAP/AD Domain is to:

• Modify the original Directory Connection with the new domain information.
• Then click "Update Users and roles" which will update the unique Directory Ids (GUID) for each AD user account, synchronized from the new domain.

Considerations:

• Use a local admin or create another local admin user.
• Benefits to this preferred way of replacing the domain name (rather that creating a brand new directory for the new domain):
  • don't lose history of the old user accounts
  • don't lose user permissions
  • don't have to re-assign the User Access

Test the Domain Connection

 You can also first test out the domain connection by creating a temporary new directory connection.

• Copy settings from the original Directory connection as needed.

• Click Test Connection button.

• Contact Us if you have problems with the connection or need assistance.

• Then save your Directory configurations (for both old and new directories).

Steps to Migrate to New Domain

It's possible to change the directory connection settings to point to the new AD/LDAP domain.

• AD/LDAP Directory Connection:

  1. Modify the original Directory to point to the new Domain. Test the connection.

  2. Navigate back to the list of Directory Connections page > Click Actions button > Update Users from directory.

     • This should refresh the details for all the users and re-connect the users appropriately from the new domain

  3. The above step will resolve the issue. If however, the previous steps somehow does not properly connect the users, then you can do the following technical steps. If you need further assistance going through the migration process, please Contact Us.

     • Stop the service / site
     • Open your database (for SQLite database)
     • Open a SQL window to run this command:
       • UPDATE "User"
         SET "UniqueDirectoryID" = NULL
         WHERE "UniqueDirectoryID" IS NOT NULL;
     • Restart the service / site
     • Once we restart and sign-in with admin, we can follow the migration steps.
     • Alternatively, a user account can be set manually, matching it with the sAMAccountName for the unique id GUID. 
       • Technical Steps:
         
         • powershell "Get-ADUser USERNAME -Properties * | Select SamaccountName,ObjectGUID"
         • Edit the User table, UniqueDirectoryId column

• Other items you may need to configure:

  • Certificates - if certificate needs server name changes

  • DNS - if changes are needed

Migrate Password Files

You may also wish to thoroughly save all related file information and/or copy them to the new machine. Especially if any custom install configurations have been made.

Steps: First copy all file / information from the old installation to the new machine, and then install over-top.

• See items NOT included in your Database Backup
• Example: Migration Steps to IIS - Steps 1, 2

Data Recovery

The above steps can also be followed in the case of Data Recovery. See additional Data Recovery Options.

Troubleshooting

If you are upgrading the Server OS (i.e. from Microsoft Server 2008 to 2012) and afterwards your users are having trouble logging in:

Reactivate License Key on License Tab

• This is only necessary to refresh the license status, or if license details have be cleared out.