cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 4

Migration of EEPC 6.1 Clients from ePO 4.5 to ePO 4.6

Has anyone gone through the process of migrating EEPC 6.1 clients from ePO 4.5 to ePO 4.6 and have a procedure that they are willing to share?

I have approx 150 EEPC clients, mainly VIPs and mobile laptop users and need to progress with the minimum disruption to users and exposure of unencrypted data during the process. I understand from documentation and service requests that this "is not supported" but my thoughts run along these lines:

ePO 4.5:

1. Decrypt endpoint

2. Uninstall EEPC application and client to clear links to ePO 4.5.

ePO 4.6:

1. Install new ePO agent.

2. Wakeup agent and update policies.

3. Reinstall EEPC agent and application.

4. Re-encrypt.

Does this seem overkill? I have tried just a decrypt and then the ePO 4.6 agent but then EEPC fails to trigger into encryption.

Having just fallen foul of the issue where moving encrypted clients down the AD OU structure wipes all the allowed users from the preboot environment (KB72615) and annoys VIP users, I can't afford this process to be disruptive!

All thoughts most welcome.

3 Replies
whgibbo
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Migration of EEPC 6.1 Clients from ePO 4.5 to ePO 4.6

Hi,

Could you please clarify if this is a new server or are you upgrading from ePO 4.5 to 4.6 ?

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 4

Re: Migration of EEPC 6.1 Clients from ePO 4.5 to ePO 4.6

Hi,

Thanks for your swift response.

These are 2 separate, existing, production servers as I am migrating users between 2 data centres. The EEPC encrypted machines are currently on the ePO 4.5 server and I need to move them to the new ePO 4.6 server. Once complete, the ePO 4.5 server will be decommissioned.

whgibbo
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Migration of EEPC 6.1 Clients from ePO 4.5 to ePO 4.6

Hi,

Firstly, there is no option to migrate Endpoint Encryption users between ePO servers..  This is currently being looked into.

But you can migrate a EEPC client machine from one ePO Server to another.  In order to for this to work, you will need to ensure the following:

  • The product policies are the same on both ePO servers. (Failing to do so could result in the machine having the wrong encryption state).
  • The user based policies are the same on both ePO servers.
  • You have assigned users to the machine on the new ePO servers. (Failing to do so could result in the machine having no users and you would have to do a administrator recovery, either from the old the server of the new depending on when a reboot was done.  As the machine keys need to be sent to the new ePO server.).

Once you have done this, you have two options.

  1. Configure the old ePO server to have the new ePO servers key (Menu->Configuration->Server Settings->Security Keys).  Please refer to the ePO documentation for this.
    1. Then from the System tree page, select the required machines and then click actions->Agent->Transfer Systems.
  2. From the new ePO Server, do a force agent install to the required machines.

In both cases, it will require at least 2 ASCIs to ensure that the machine keys have been transfer to the new ePO Server and the users.

Please ensure you test this with a test machine first. 

Hope this helps.

Message was edited by: whgibbo on 24/11/11 08:56:30 CST
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community