cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mkazi
Level 11
Report Inappropriate Content
Message 21 of 52

Re: Migrate systems from 5.9.1 to 5.10

Jump to solution

Looks like somebody already had migrated the "Agent-server Secure communication keys" to the new EPO. So, i have transferred one device and when i go into server settings -> Security Keys i can see 1 agent is showing under the old EPO server key. Is it supposed to be like that ? SO, if i transfer more devices will all the devices be under the old server's key ?

I have attached a screenshot for the referencekey_LI.jpg.

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 22 of 52

Re: Migrate systems from 5.9.1 to 5.10

Jump to solution

Yes, they will initially connect to the old epo server's key.  If you want them to use the new epo master key, then make sure that the new epo server's keys are set to master, then in the update task, enable the agent key updater package to be update.  This allows clients to switch to the new key.  If you don't have that checked in, then check in both the latest agentkeyupdater package as well as the msgbus cert updater one into current branch.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

mkazi
Level 11
Report Inappropriate Content
Message 23 of 52

Re: Migrate systems from 5.9.1 to 5.10

Jump to solution

-Looks like both the agentkeyupdater package and the msgbus cert updater are checked in. 

-When i click on System Tree -> Assigned Client Task -> Product Update i can see DailyDAT/AMCore Update MM task is assigned to the root (My Organization). Are you talking about this option ? Inside that i can see a checkbox for "ePO Agent Key Updater 5.6.2" under Package Types -> Patche and service packs. If i check that box, it will only update the Key which are not using Master right ? Also it will not mess up anything with the existing systems right ?

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 24 of 52

Re: Migrate systems from 5.9.1 to 5.10

Jump to solution

It will not affect any existing systems, it is only a mechanism for updating the agent keys to a new one.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

mkazi
Level 11
Report Inappropriate Content
Message 25 of 52

Re: Migrate systems from 5.9.1 to 5.10

Jump to solution

What if i leave those devices on the old server key ? What's gonna happen if i decommission the old server ? The old key will still right since it's been migrated to the new EPO ?

JoeBidgood
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 26 of 52

Re: Migrate systems from 5.9.1 to 5.10

Jump to solution

That will be fine - as long as you keep the key in the new ePO server the clients will continue to use it.

mkazi
Level 11
Report Inappropriate Content
Message 27 of 52

Re: Migrate systems from 5.9.1 to 5.10

Jump to solution

I was able to transfer one test device successfully to the new EPO but looks like when i tried to do the "Agent Wake Up Call" it's just getting failed. Any thoughts ?

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 28 of 52

Re: Migrate systems from 5.9.1 to 5.10

Jump to solution

Is the client you are trying to wake up connected via vpn?  If so, wakeups won't work - see KB58818.  Otherwise see if there is any firewall in between, whether epo can resolve the dns of client, can you telnet to port 8081 to that client, etc.  You have to verify reachability.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

mkazi
Level 11
Report Inappropriate Content
Message 29 of 52

Re: Migrate systems from 5.9.1 to 5.10

Jump to solution

-The client is not on VPN

-I can ping the device from EPO

-I was able to telnet to 8081

Still the task is failing.wakeup_error.PNG

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 30 of 52

Re: Migrate systems from 5.9.1 to 5.10

Jump to solution

Then we would need an SR to view logs and would also require a wireshark capture.  We would need agent system mer (mer.mcafee.com) as well as one from the epo server or agent handler that the client is talking to.  From the log entries, it appears there is a proxy or firewall either blocking or doing ssl inspection.

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community