Upgrade VMware AirWatch/Workspace ONE from version 9.1 to 9.6 and beyond: Part 5 – Content Gateway Upgrade

Here comes the last part of this upgrade series. In this post, we will upgrade another commonly used component: Content Gateway.

Content Gateway provides secure access to internal document repositories. Users access such repositories through VMware Content Locker. While not every customer has Content Gateway deployed, admins with Secure Email Gateway (SEG) configured can also apply email policy forcing attachment to be opened with VMware Content Locker.

Before upgrading Content Gateway, here are couple validation tests to perform (assuming you use Google Chrome as your web browser):

  • Visit https://your_AirWatch_console_URL/content/systeminfo from all Content Gateway servers as well as your local machine. You should see:{   “ContentGatewayHost”:”mobileqa.gellerco.com”,    “BuildVersion”:”9.X.X.X”}

If you do not see the above, open Notepad as administrator. Then open Web.config file usually located at C:\AirWatch\AirWatch.EnterpriseIntegration.Content. Look for the entry and make sure it’s set to true.

<add key=”enableSystemInfo” value=”true”/>

  • Visit https://your_AirWatch_console_URL/content from all Content Gateway servers. Then right-click anywhere on the page and click Inspect. Click on the Network tab and you should see 200 under the Status column.
  • In the Workspace ONE web console, go to Groups & Settings -> All Settings -> Systems -> Enterprise Integration -> Content Gateway. Select the configuration and then click Test Connection and ensure no error is found.



From the same menu under Content Gateway, click DOWNLOAD CONFIGURATION and provide a certificate password. Then, download, extract and save the configuration to all servers (Relay and Endpoint, if applicable).


Unlike the configuration for VMware Tunnel and Secure Email Gateway, this XML file is zipped and has a title ContentGatewayInstaller_yourcompany.zip. This could give admins an impression that this is the actual installer when it only contains the configuration file.


Also from the same menu under Content Gateway, click MORE ACTIONS -> Download Installer. You will then be re-directed to the VMware site to download the installer.


Specify the platform, app version and console version. Then, save it to all your Content Gateway servers (Relay and Endpoint, if applicable).

* If you don’t see the tab Installs And Upgrades, be sure you are logged into the VMware site first (you will see the words log in on the upper right-hand corner of the page.)


Similar to upgrading VMware Tunnel, start the installer from the Relay server first follow by the Endpoint server immediately after.

Right click on Content Gateway Installer.exe and run as administrator.



Now, browse to the configuration file downloaded and extracted earlier at the next screen.


In the next screen, select the appropriate option based on the server you are upgrading and provide the certificate password.


Again, give it a nice clean reboot once installation completes. Then, perform the same validation test mentioned earlier to confirm all is well.


Similar to other auxiliary components, such as Secure Email Gateway, the version for Content Gateway is 9.2.3. I suppose this is expected as the installer is no longer included or downloaded directly from the web console.


Overall, there is no big surprise after going through yet another upgrade. I do, however, hope VMware will clarify the below:

  • The upgrade guide still mentions feature pack upgrade. This has been replaced with patch installer per this KB. I know updating documentation can be tedious and boring, but attention to detail will pay off will only reflect back on the quality of the product.
  •  .NET Framework 4.6.2 is required for VMware Enterprise Systems Connector auto-update feature. The upgrade guide recommends installing it manually even though the installer also includes it as mentioned in the install guide.
  • The upgrade guide only mentions stopping both Device Scheduler and GEM Inventory services if you have multiple console servers, but the install guide mentions the two above plus Directory Sync and Content Delivery Service.
    • Should they not be set to “Disabled” as well in case server is ever restarted?
    • Is VMware developing any solution to avoid this manual labor? Some sort of auto-detect and keep the services on additional server(s) as stopped until they are needed?

One comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.