cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Restore Root Certificate to old

Jump to solution
 
A few months ago we had problems with the EPO server, and we made the decision to install the EPO on another server with the same configuration.

We lost the connection with all the agents and now they cannot communicate because the certificates in their sitelist.xml do not match those of the new server.

As I cannot reinstall the program in all the agents (there are many), I want to put the certifiers of the old server on the server.

I have a copy of the apache2 folder

Is it possible to change the certificates to previous ones?
1 Solution

Accepted Solutions
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Restore Root Certificate to old

Jump to solution

No, that will not work either.  KB66616 describes the folders needed to restore.  The apache certs are signed by the root cert (server\keystore) that is unique with each server install, so just restoring apache certs won't work.  And we do not support updating database tables like that.  That will not work either, as when services are updated, it will get updated again with what certs it finds in file system.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

5 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Restore Root Certificate to old

Jump to solution

Hello joanet1

Unfortunately this is not supported, what we recommend is to transfer systems from one ePO to another as described on the article below:

https://kc.mcafee.com/corporate/index?page=content&id=KB79283

Or to take a snapshot and to reinstall the same ePO server into another machine, more details below:

https://docs.mcafee.com/bundle/epolicy-orchestrator-5.9.x-product-guide/page/GUID-9A4406B3-C7F4-471C...

Best regards

Alejandro

Re: Restore Root Certificate to old

Jump to solution
Thanks,
but the old db is not accessible
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: Restore Root Certificate to old

Jump to solution

Then i am afraid the only option available is to force the installation of the agent from the new ePO server into those nodes.

You can also reconfigure the mcafee agent using maconfig.exe so that it starts communicating to the new ePO, but that requires direct access to the ePO server , we call this reprovisioning the agent, more info on the below link which indicates transitioning from unmanaged to managed mode which is effectively the same situation you are now:

https://docs.mcafee.com/bundle/agent-5.5.0-product-guide-epolicy-orchestrator/page/GUID-B66FC65A-B4C...

 

Re: Restore Root Certificate to old

Jump to solution

I can try a update BD table EPOServerCerts with the olds certificates?

 

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Restore Root Certificate to old

Jump to solution

No, that will not work either.  KB66616 describes the folders needed to restore.  The apache certs are signed by the root cert (server\keystore) that is unique with each server install, so just restoring apache certs won't work.  And we do not support updating database tables like that.  That will not work either, as when services are updated, it will get updated again with what certs it finds in file system.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community