Hi AdnanH,
Actually the case solved. The upgrade was successful and regarding the services, it should be greyed out on the Control Center.
After the upgrade to 9, the LDAP Authentication changed, so we should change the authentication method on the scanners...
So simple, but I was not aware of...
To be more specific, from the v9 Release notes:
-
For some installations, you may need to add access to LDAP ports for Symantec Brightmail Gateway 9.0. The Control Center and Scanners using any LDAP features must be able to communicate to the LDAP servers. LDAP features include authentication, routing, recipient validation, and address resolution (previously known as synchronization). Your Control Center and Scanners may already meet this requirement. This access change is a new requirement if your environment matches the following criteria: If your environment matches these criteria, use the ldapsearch command to check connectivity on each host before you update to version 9.0. For information about how to use ldapsearch, go to the following URL on the Internet:http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009082610493254
-
You have a distributed deployment with at least one separate Scanner AND
-
The deployment uses one or more LDAP sources with the Synchronization usage enabled
-
The new directory data service caches the query results to reduce the load that is placed on the directory servers and to improve Scanner performance. The cache builds over time. After you update to version 9.0 there may be an initial slow down of mail throughput under heavy load. The slow down can occur in the first few minutes as the cache builds.
-
The LDAP query filter formats in Symantec Brightmail Gateway 9.0 have been standardized to use the %s, %u, and %d tokens. These tokens were previously used only for the recipient validation and routing query filters. If authentication, synchronization, or both are enabled in 8.0.3, the query filters are modified to use the standard tokens after you update to version 9.0. If you modified any of the query filters, confirm the functionality of the authentication and address resolution functions in 9.0. Use the new Test Queryoption in the Control Center.
-
In Symantec Brightmail Gateway 8.0.3 and earlier releases, only LDAP groups were displayed in the Administration > Users > Groups page. In Symantec Brightmail Gateway 9.0, both LDAP groups and distribution lists are displayed for a newly added LDAP source. You can view both groups and distribution lists after you update your deployment. Click Administration > Settings > Directory Integration and then click Restore Defaults on the address resolution group query. Alternatively, clickCustomize Query to remove the part of the group query filter excluding distribution lists.
-
The LDAP "recipient validation" function is now used to check incoming messages for both Reject invalid recipients and Drop invalid recipients. If you have an 8.0.3 deployment using LDAP synchronization withProtocols > SMTP > Invalid Recipients set to Drop invalid recipients, the LDAP source is migrated to a source with both "recipient validation" and "address resolution" functions enabled after you update to Symantec Brightmail Gateway 9.0. Additionally, if you have any enabled "recipient validation" sources in your 8.0.3 deployment, they are used for Drop invalid recipients upon update to 9.0.
-
In version 9.0, any recipient address that includes a domain alias is considered valid if the following conditions are true: If both of the conditions are true, no call is made to the LDAP server to determine whether the recipient is valid or not.
-
You have one or more domains configured as an alias in Protocols > SMTP > Aliases
-
You have Protocols > SMTP > Invalid Recipients set to either Drop or Reject
So, ALWAYS check the Prerequisites prior to update... And ALWAYS... have a backup!