cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 10
Report Inappropriate Content
Message 1 of 7

Two Agent-Server keys in ePO

Jump to solution

At one of our locations, an upgrade to ePO 5.10 was made by standing up a new server and exporting keys, configurations, tasks, etc to the new system.     The new system was registered on the old and systems were transfered.

Unfortunately, in the process a step was missed.  The imported agent-server key was not set to master.  The agent-server key with the new system was not removed.     

To correct this, I am thinking of:

1)  Set the imported key, with the majority of systems, to master

2)  For all of the Windows systems using the new key, reinstall the agent built after setting the old key to master.

3) For the handful of Linux systems using the new key, either uninstall and reinstall the agent built with the old imported key, or extract the files to allow use of maconfig to reset

 

Before I go down this path, I wanted to check if there is any other remedy.

 

thanks

(sorry for the blank post - hit return instead of shift)

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 7

Re: Two Agent-Server keys in ePO

Jump to solution

No need to reinstall agents at all unless they can't communicate.  The imported key is not necessary to be made master, but that is your choice.  Don't remove any keys until all agents are reporting to the one you want them to as master.

1)  Set the imported key, with the majority of systems, to master - that is fine

2)  For all of the Windows systems using the new key, reinstall the agent built after setting the old key to master. - not necessary at all.  Check in latest agent key updater package and use update task to have clients update automatically to new key.

3) For the handful of Linux systems using the new key, either uninstall and reinstall the agent built with the old imported key, or extract the files to allow use of maconfig to reset - no need to reinstall, use agent key updater package.  That is what it is for, update communication keys.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

6 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: Two Agent-Server keys in ePO

Jump to solution

What is the exact question or problem?  Yes, there are 2 keys - a legacy key as well as 1024 and 2048 bit key when not in fips mode.

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
Level 10
Report Inappropriate Content
Message 3 of 7

Re: Two Agent-Server keys in ePO

Jump to solution

Sorry - I fat-fingered and the empty post was put!    I was editing while you relied.  My apologies

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 7

Re: Two Agent-Server keys in ePO

Jump to solution

No need to reinstall agents at all unless they can't communicate.  The imported key is not necessary to be made master, but that is your choice.  Don't remove any keys until all agents are reporting to the one you want them to as master.

1)  Set the imported key, with the majority of systems, to master - that is fine

2)  For all of the Windows systems using the new key, reinstall the agent built after setting the old key to master. - not necessary at all.  Check in latest agent key updater package and use update task to have clients update automatically to new key.

3) For the handful of Linux systems using the new key, either uninstall and reinstall the agent built with the old imported key, or extract the files to allow use of maconfig to reset - no need to reinstall, use agent key updater package.  That is what it is for, update communication keys.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

Highlighted
Level 10
Report Inappropriate Content
Message 5 of 7

Re: Two Agent-Server keys in ePO

Jump to solution

Thank you for the procedure.    Of the 170 systems on the key we will retire, only 36 remain after the update.     We expect we will need to visit those computers to investigate why they are not communicating. 

Highlighted
Level 10
Report Inappropriate Content
Message 6 of 7

Re: Two Agent-Server keys in ePO

Jump to solution

Just a follow up

Consolidation of the keys is working fine.   We created an Agent Key Update task as a McAfee Update client task to easily apply to systems.     It does not seem to work as well on the RHEL systems since they are not communicating with the ePO.  A ./cmdagent -p or ./cmdagent -f will return a 505 on the failing systems.   

For those systems we removed ENSL and removed MA followed by a fresh install of the agent package, exported after the master key was set.    They are working fine, however, it is tedious to visit each system to do this.     We cannot send an EEDK package because the systems are not responding, plus since the Linux agents are at the same version, I do not know how to make the installer re-install the same version. 

I did try a maconfig to provision as managed using the 6 files with SiteList.xml and keys, but that did not have the impact I expected.   So we resorted to remove and reinstall.  

I am curious is there is a better recommendation.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 7

Re: Two Agent-Server keys in ePO

Jump to solution

I don't know what agent you are running, but you might try upgrading it instead of removing/reinstall.  What was the result of the maconfig command?  Do you have the maconfig log?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community