cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Reliable Contributor Ufoto
Reliable Contributor
Report Inappropriate Content
Message 1 of 3

Unable to import UPK to a new server

Jump to solution

Hello, 

I am currently migrating from an ePO 5.3.2 to ePO 5.9.1. Both ePO-s are up and running, but no systems are yet managed by the new one. I am migrating policy and settings and stumbled across an issue migrating the FRP keys. The old ePO has over 500 systems that use FRP with UPK and I have to migrate them before migrating the systems as the users are actively using the product. I exported all of the FRP keys from the old server and when I tried to import them to the new I get the following error: 'An error occurred while importing keys. Verify that all your keys were imported'. When I check none of the UPKs have been migrated, only a single recovery key which is machine based is migrated.

When I check the Orion.log I can see the following error: 

2019-03-26 16:54:23,451 ERROR [http-nio-8443-exec-7] action.KeyManager - java.sql.SQLException: Cannot insert the value NULL into column 'DirectoryID', table 'ePO_EPUKSVEPO01.dbo.FRPKeyToUser'; column does not allow nulls. INSERT fails.
java.sql.SQLException: Cannot insert the value NULL into column 'DirectoryID', table 'ePO_EPUKSVEPO01.dbo.FRPKeyToUser'; column does not allow nulls. INSERT fails.

 

Both servers have FRP 5.0.9.108 extensions and according to the documentation the import/export should be supported. Please let me know if I am missing something.

Thank you in advance!

Was my reply helpful? If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
1 Solution

Accepted Solutions
Reliable Contributor Ufoto
Reliable Contributor
Report Inappropriate Content
Message 3 of 3

Re: Unable to import UPK to a new server

Jump to solution

Thank you for your reply,

After some testing and troubleshooting I realized what the problem is, so I will post it here for someone who has the same problem.

The old ePO server (5.3.2) used to have EEFF 4.x a while back. When this was upgraded to FRP 5.x, only the extensions and packages were upgraded, which left the keys in the old database format where there is no 'Directory ID' property. When I try to import these keys on the new ePO where the FRP tables are only in the new format, the import fails because the tables are empty and nulls cannot be inserted. 

There is an option in Server Settings called 'FRP Key Authentication' which has to be enabled after the migration from 4.x to 5.x, but it was never done on this ePO. I enabled the settings and ran the task which converted the keys and now to import is working successfully. 

On a side note, when the UPKs are imported, they don't automatically work. You need to re-assign them to the AD users again before they can gain access to the key and aquire access to their previously encrypted files.

Was my reply helpful? If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
2 Replies
McAfee Employee JaganA
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Unable to import UPK to a new server

Jump to solution
Hi, we had this issue in the older versions and was fixed somewhere in 5.0.2. Since you are observing it in latest version, this might need detailed log analysis, hence please create a Service Request with support. Also, I tested the same scenario in my test lab and successful in importing them.
JaganA
McAfee Employee

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Reliable Contributor Ufoto
Reliable Contributor
Report Inappropriate Content
Message 3 of 3

Re: Unable to import UPK to a new server

Jump to solution

Thank you for your reply,

After some testing and troubleshooting I realized what the problem is, so I will post it here for someone who has the same problem.

The old ePO server (5.3.2) used to have EEFF 4.x a while back. When this was upgraded to FRP 5.x, only the extensions and packages were upgraded, which left the keys in the old database format where there is no 'Directory ID' property. When I try to import these keys on the new ePO where the FRP tables are only in the new format, the import fails because the tables are empty and nulls cannot be inserted. 

There is an option in Server Settings called 'FRP Key Authentication' which has to be enabled after the migration from 4.x to 5.x, but it was never done on this ePO. I enabled the settings and ran the task which converted the keys and now to import is working successfully. 

On a side note, when the UPKs are imported, they don't automatically work. You need to re-assign them to the AD users again before they can gain access to the key and aquire access to their previously encrypted files.

Was my reply helpful? If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator