Showing results for 
Search instead for 
Did you mean: 

FDE/ePO Upgrade

Hey all,

I'm currently scoping out a project that may result in doing a full bottom-up upgrade of our security solution.

Currently we have ePO 5.1.1 and FDE 7.1.1 running on a Win2k8 box, looking after a relatively modest <300 endpoints.

The suggestion at the moment is we go to Win2016, ePO 5.3 and FDE 7.1.3.

My question is around the practicality of upgrade with minimal disruption to the endpoints.

Is it best to do an in-place upgrade of the current server to the latest versions? Or better to build a new server with the latest software versions/config, decrypt all systems and then re-register them on the new server?

Or is it better to do a half-way of both; build a new server, export settings and encryption keys from the old system and then import them to the new ePO?

1 Reply
McAfee Employee jhall2
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: FDE/ePO Upgrade

By far it is easier to upgrade rather than migrate from one ePO to another new ePO (new Database) with MDE installed. MDE did not support migration from one server to another until MDE 7.1.3 and all clients must be running 7.1.3 in order for the functionality to work.

Currenlty no version of ePO supports Server 2016. For the list of supported OS's, please review KB51569.

If you wish to migrate to a new server, you can follow the guidance in KB66616 which will allow you to move to a new server while maintaining the current database. If this is a 32 bit server (Which isn't supported with ePO 5.1) additional steps need to be taken to migrate from 32 bit to 64 bit (KB82808).

Before you upgrade, I would reccomending reviewing the ePO Upgrade checklist in KB71825.

Edit: You cannot export and import encryption keys. While a tool exists here on planet to do a bulk export, there is no supported method to import them. Systems will automatically upload the keys after they are transferred but this assumes the transfer is successful. Unless there is a business justification such as the company is splitting divisions apart or something along those lines, under typical situations, I have never nor will I ever recommend spinning up a new ePO to facilitate an upgrade.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community