Environment: ePO 4.5 HF1, EEPC 6.1.2, Agent 4.6
I've been testing the upgrade process from v5.2.5 to v6.1.2.
I started with a laptop with v5.2.5. Created a new user on EEM and on AD and have the user log into the laptop several times just to sync with the EEM server.
Then, I ran the migration tool and chose to export selected machine.
I fire up ePo and imported the zip file. It all goes well according to the video produced by DLarson. Bind the user account with samaccountname.
ePo identified the machine and the username. Import was successful. Check the laptop in ePo to view endpoint encryption users and the username is listed.
The installation of v6 over v5 also went well.
Reboot the laptop, v6 splash screen comes up. Enter the username. it is accepted and recognised but will not accept existing password used in v5. (The password it will accept is default)
I have tried this on few different laptops. All the same result.
Can anyone identify where I am going wrong with this?
I don't use v5 and never have, but from the doc here:
The upgrade happens behind the scenes and does not require any user interaction. However, the user will need to create a new password when they first see the version 6 pre-boot environment.
Actually, this behavior changed with v6.1.1. I just updated that blog post to correctly state the current functionality.
Here's the new content: With the release of v6.1.1 the end user no longer has to reset their password as part of the upgrade process. Now the EE Migration utility can export all user information (including passwords and SSO details) to ePO. This means the upgrade process is now completely transparent to the end user.
Based on that assertion, I perform some upgrade tests. But as mentioned above, the result is not as expected. I realise there is machine export and user export. However, exporting machine with user settings should essential do the trick.
I've tried both migration tool from 6.1.1 and 6.1.2. Tried both machine and user export. Same result.
I only difference I notice is that we don't use SSO (endpoint encryption username password to pass through to our AD). They are independent.
It's going to be such a headache rolling this out. Dip feeding, administering 2 different versions during the changeover.
Is there any logs that could indicate where I have gone wrong?
Would you mind sending me a private message with one of the zip files produced by the migration tool and I will have a look and see if there is any user data being exported.
Once we can verify that there is user data being exported correctly, we can look at the server side.
Then we can look at the server side, if we need too..
With some help from whigibbo, it seems to be all working now.
I copied over the SBAdminDll.dll and epeMigration.dll to SBAdmin installation folder. Then ran the migtration tool again. I checked the xml files inside the output zip for tokendata field. That way you know the export function is working.
Now, at ePO delete all the user accounts that you are having issues with. Then re-import the zip file. Sync and wait until policy enforcement is complete and you are done.