cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Migrating EPO to new Hardware with New IP and Hostname

Hi,

 

We need to migrate EPO 5.10 CU 13 to new hardware with new IP and Hostname.   We have installed  EPO 5.10 CU 13 and followed below article 

https://kc.mcafee.com/corporate/index?page=content&id=KB79283

How to migrate policies and systems from one ePolicy Orchestrator server to another server (mcafee.c...

While performing these task we found that all of the settings old server are not able to export like EPO users e.tc. 

Also we have Drive Encryption 7.3 also, so please guide to successfully perform the migration and all settings configuration are same in new server.

Do we need to export database and replace in new EPO.

Our main concern do we need to take full backup of old database/existing database and replace it with new database along with the directories C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\extensions C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\conf C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\keystore C:\Program Files (x86)\McAfee\ePolicy Orchestrator\DB\Software C:\Program Files (x86)\McAfee\ePolicy Orchestrator\DB\Keystore C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Apache2\conf

 

 

 

9 Replies
aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 10

Re: Migrating EPO to new Hardware with New IP and Hostname

There are a couple of things to address here:

1. if you are moving the ePO server from one server to another then it is recommended to use the snapshot feature to restore the ePO system files into new hardware, the procedure is provided here:

https://docs.trellix.com/en/bundle/epolicy-orchestrator-5.10.0-installation-guide/page/GUID-C9561397...

2. It is very important to retain at least one of those properties, either the IP or the FQDN other wise the managed nodes wont know where the new ePO server is or where to communicate, that is also covered on the same document

Note: We recommend that you change the FQDN first, and use the same IP address so that McAfee Agent on the end nodes communicates to the Agent Handler or the McAfee ePO server using the last known IP address. After successful communication, McAfee Agent will update the new FQDN of the server. Once all systems communicate successfully using the IP address, you can change the IP address as McAfee Agent knows the new FQDN.

3. It sounds like you are migrating your settings to a fresh installation of ePO on another server if you are following KB88822, not everything included on that article to export and import but you need to review the MDE check list and guidance provided on a similar article, this document provide info on how to work out those assigned users

https://kc.mcafee.com/corporate/index?page=content&id=KB79283

The following applies if you manage Drive Encryption (DE) systems:

Drive Encryption 7.1 Update 3 (7.1.3) provides the ePO administrator with a new capability. This feature allows systems to be transferred from one ePO server to another while preserving user assignments and user data. For details, see the following documentation:

 

4. you can not take the old Database and restore it to new system files on the new server, it is recommended to restore the ePO server with the snapshot feature as mentioned on answer 1

 

Regards

Alejandro

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

 

Re: Migrating EPO to new Hardware with New IP and Hostname

@aguevara 

We will be having the new IP and FQDN. So we cannot have old IP or FQDN. 

We perform below steps from the article and transfer the system where they agent was able to communicate with new EPO Server.

https://kc.mcafee.com/corporate/index?page=content&id=KB79283

How to migrate policies and systems from one ePolicy Orchestrator server to another server (mcafee.c...

Our main issue is with DE keys and client user SSO. 

Also EPO console login users we were unable to export. 

 

Please provide us the steps to perform in new IP and FQDN and migrating EPO settings to new server.

 

aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 10

Re: Migrating EPO to new Hardware with New IP and Hostname

if you followed KB79283 then you should work with the MDE guide to export those users first before any transfers.

If you need assistance doing that please post on their group:

https://community.mcafee.com/t5/Encryption-PC-and-Mac/bd-p/encryption

Could you please clarify what do you mean with "Please provide us the steps to perform in new IP and FQDN " apologies 🙂 

Re: Migrating EPO to new Hardware with New IP and Hostname

@aguevara 

I have posted in https://community.mcafee.com/t5/Encryption-PC-and-Mac/bd-p/encryption

Can we export epo console user details into new server.

aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 10

Re: Migrating EPO to new Hardware with New IP and Hostname

This is something that is included on the document i shared previously:

McAfee Drive Encryption 7.3.x Client Transfer Migration Guide:

https://docs.trellix.com/en/bundle/drive-encryption-7.3.x-client-transfer-guide/page/GUID-72A39FDF-5...

Please take a look at the document

Regards

Alejandro

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

 

 

Re: Migrating EPO to new Hardware with New IP and Hostname

@aguevara 

We are able to transfer the DE machine info and key to new server, we missed one step of Web API in destination server. 

McAfee Drive Encryption 7.3.x Client Transfer Migration Guide:

https://docs.trellix.com/en/bundle/drive-encryption-7.3.x-client-transfer-guide/page/GUID-72A39FDF-5...

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 10

Re: Migrating EPO to new Hardware with New IP and Hostname

Console login users are not exportable, you will need to re-set them up.  You can export any permission sets and once users are created, you can assign the permission sets.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 10

Re: Migrating EPO to new Hardware with New IP and Hostname

@prasunthapa was referring to MDE users

Regards

Alejandro

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 10

Re: Migrating EPO to new Hardware with New IP and Hostname

Yes, but I was also answering this...

Also EPO console login users we were unable to export. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community