I haven’t had a chance to post anything lately but wanted to get this up quickly in the hopes it saves someone else the marathon support session I recently endured.

We attempted to upgrade our Websense appliance from version 7.8.1 to 7.8.4, which should not have been a big deal. Unfortunately the upgrade failed; the system automatically rolled-back to 7.8.1, but we then found the content gateway (proxy) module would continually crash shortly after starting up.

As I said, it took quite a long time to get to the bottom of it – and there’s nothing you can do as an end-user to fix it – but the problem turned out to be that our content gateway was joined to our domain in order to make use of Integrated Windows Authentication (IWA). When the rollback occurred, something got out of sync with the domain and caused the proxy to crash. It’s a known problem but evidently a rather obscure one, and you will likely need to get someone reasonably high up in Websense’s tech support to do the following if you find yourself in this situation:

• Reboot the appliance.
• As soon as the content gateway module is up, SSH to it and shut down all the Websense services. This stops it from crashing.
• Manually edit the module’s configuration to clear out the IWA settings.
• Restart the services and/or module.
• Using the UI, disjoin from the domain if it lets you; it may already be disjoined.
• Using the UI, rejoin to the domain.

Going forward, it was suggested to us that if you use IWA, your upgrade process ought to be the below:

• Perform a full appliance backup.
• Disjoin the content gateway from the domain.
• Perform another full backup.
• Upgrade/Patch
• Rejoin to the domain.

This should allow the system to survive a failed upgrade and rollback; you would then just need to rejoin the domain.

With any luck this helps someone. Hopefully I can post some other topics soon.