cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 31 of 51

Re: ePO Agent Handler Upgrade - Best Approach?

If you look closely at the RSA compatibility check, it is only a warning, so you may be compliant.  The only way to be sure is to run nmap on sql and epo servers to ensure right protocols and ciphers are enabled - see kb91115.  I don't believe you would see IISCrypto results in registry from past experience.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
Level 11
Report Inappropriate Content
Message 32 of 51

Re: ePO Agent Handler Upgrade - Best Approach?

That's brilliant, thank you.

I had looked at KB91115 but didn't pay too much attention to it, to be fair. I also assumed that the big red cross next to the RSA Compatibility Check meant a total failure on that front, as it were.

On that note then, in the morning, we'll run nmap on a local device to see what protocols and cipher suites are in use on the SQL and ePO servers and output the results to a file.

Speak to you tomorrow!

Nick

Highlighted
Level 11
Report Inappropriate Content
Message 33 of 51

Re: ePO Agent Handler Upgrade - Best Approach?

I was discussing the progress of the upgrade with my colleagues this morning. They all pointed to IISCrypto as the tool of choice when encountering the RSA Compatibility Check failure from the ePIP tool.

As there appears to be a little bit of resistance here in using IISCrypto, a member of staff here created a new GPO to reorder the Cipher Suites on the SQL Server (from the Microsoft article referred to in KB87731). It also of course, needs a reboot so there's no getting around that.

ePO server will need a reboot in any event, so that's fine.

SQL Server will also need a reboot for the Cipher Reordering GPO change to take effect - is there a particular order this should be done in? If we were only rebooting ePO then I guess we wouldn't need to do anything with SQL, but rebooting SQL might require a certain order of events - for example, stopping service(s) on ePO server first?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 34 of 51

Re: ePO Agent Handler Upgrade - Best Approach?

If you are reordering on both servers, do sql server first, reboot it, then do epo server and reboot. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
Level 11
Report Inappropriate Content
Message 35 of 51

Re: ePO Agent Handler Upgrade - Best Approach?

OK. We actually ran IISCrypto on ePO server yesterday followed by said reboot.

I've just taken a Disaster Recovery Snapshot on ePO, I'm just asking the SQL guy now to take a manual backup of the SQL DB before we fail over the other DBs to the other Datacentre and then we can run IISCrypto on the SQL Server and reboot that guy!

Highlighted
Level 11
Report Inappropriate Content
Message 36 of 51

Re: ePO Agent Handler Upgrade - Best Approach?

While we're waiting for the DBs to fail over etc - quick question on ePO services...

Is there any particular order they should be restarted?

At my previous company they said there was no specific order, just that they usually restart them in the following order:

  • Application Server Service (Tomcat)
  • Event Parser Service
  • Server Service (Apache)

I suspect there should be an order that they start in, when they are restarted!

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 37 of 51

Re: ePO Agent Handler Upgrade - Best Approach?

I typically stop server service and eventparser, then restart tomcat, then start eventparser, then apache since it takes a few min to start up. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
Level 11
Report Inappropriate Content
Message 38 of 51

Re: ePO Agent Handler Upgrade - Best Approach?

We go so close, as far as launching the 5.9.1 Installer and then...

SQL Database needs more free space error - upgrading ePO to 5.9.1.PNG

The drive where the DB is stored was increased by 100GB to accommodate any increase in storage!

We suspect though, that this error is because the Recovery Model is set to Full. This has been changed to Simple now though so fingers crossed (and toes).

Unreal...

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 39 of 51

Re: ePO Agent Handler Upgrade - Best Approach?

check also where tempdb is stored.  It calculates space requirements based on tempdb, mdf and ldf files for the epo db.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 40 of 51

Re: ePO Agent Handler Upgrade - Best Approach?

what is the actual combined size of database (mdf and ldf files)?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community