Hi Everybody -
1. My current EPO server (v4.5) will be rebuilt on a new Server which will be on a NEW DOMAIN and the two domains would have One-Way Trust relationship.
2. The new EPO server will be re-built with new version of ePO (4.6.6) on a new server.
My question now is - The enpoints which were reporting to old ePO server on older domain will be required to access new ePO server on new domain. What is the best way to make this happen efficiently?
And would endpoints reporting across domains be a concern? Assuming that the latency between domains is negligible.
As far as i'm aware the only thing that ties McAfee products and the ePO server to the domain is the software installation credentials and DB access credentials.
The DB credentials aren't an issue in your scenario as the ePO server and its DB will exist solely in the new domain.
All you need to do is deploy new agents from your new ePO server to install over the old agents. As long as the credentails you enter into ePO to create the agent install package are a valid administrator level account on the client machines then the new ePO server will be able to manage them.
The new credentials can be domain account or even a local account as long as they have install privilages.
EDIT: Also if your going to a new server then you should really look at the lastest version of ePO 5.1 rather than 4.6.
Message was edited by: Tristan on 24/06/14 10:47:06 ISTThanks Tristan. Do you think article KB79283 ( https://kc.mcafee.com/corporate/index?page=content&id=KB79283) would still apply for this case?
Not really. The two options to transfer clients to a new ePO server.
1. link two ePO servers (register and import keys) and then right click move clients
2. Install a new agent from the new ePO server
That KB entry relates to option 1 which is more complex in your scenario with the new domain.
One issue that might cause an issue is if you've got any encryption products managed by ePO in which case the whole transfer process is a little more complex.
Thanks again Kristan.
If I choose option 2 - to install new agents, what method can i employ to transfer previous policies/tasks/system tree and security keys?
In the System tree view you can select the My Organization group.
Click the Policy tab, then click the Actions button and select Export All Assignments.
Then select the Assigned Client Task tab, then click the Actions button and select Export All Assignments.
On the new ePO do the same thing but select Import Assignments instead of Export Assignments.
What does export all assignments do? Will the steps that you have mentioned ensure that I have the same setup (tasks/tree/policies etc.,) on my new ePO server and I can just go ahead and shutdown the older ePO server and start using the new ePO server?
You will have to recreate the System tree and reassign the policies but all the polices that are currently in use will be imported for you to assign. I would keep the old server online as a reference while you mirror the assignments. Once that is compete you can shut it down. Like Tristian said, if you have end point encryption on any of the systems the user assignments will be lost. So while you move them over you will want to disable the pre-boot screen to ensure a smooth transition. Once all the accounts are reassigned to the correct machines you can enable it again and have them setup their recovery questions again.
The following are the extensions currently installed. End Point Encryption is not present. Can you confirm?
1. ePolicy Orchestrator
2. GroupShield for Exchange
3. GroupShield for Lotus Domino
4. Help Content
5. Host IPS
6. Linux Shield
7. McAfee Agent
8. Rogue System Detection
9. Server
10. Shared Components
11. SiteAdvisor Enterprise
12. VirusScan Enterprise
13. VirusScan Enterprise for Linux
14. VirusScan For Mac
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA