cancel
Showing results for 
Search instead for 
Did you mean: 
Nick_B
Level 10
Report Inappropriate Content
Message 1 of 10

Best Practices to Upgrade ePO

Jump to solution

Hi McAfee Community members,

One of our customers has an ePO server running 5.3.2.156 which as you probably know, went end of life a few weeks ago.

The server's OS is Windows Server 2008 R2 which is also not too far from being EOL!

I'm going there next week to upgrade to 5.9.1 (our boss does not feel 5.10 is quite ready yet).

My high-level approach to the upgrade process is as follows:

I was going to ask the customer to prepare a new Windows VM running, say Windows Server 2016, then install ePO 5.3.2 (what they currently have), point to the SQL DB (via core/config) which resides on a separate SQL box running SQL Server 2016) and finally perform an in-place upgrade to 5.9.1.

Does this approach make sense?

Speak soon,

Nick

Labels (2)
1 Solution

Accepted Solutions
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 10 of 10

Re: Best Practices to Upgrade ePO

Jump to solution

That looks good, but the recovery from snapshot enables you to install to a different path.  So that part isn't so critical. 

I would add to also run iiscrypto on the new server too.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

9 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 10

Re: Best Practices to Upgrade ePO

Jump to solution

It makes sense, but unfortunately, not going to work.  Look at KB51569.  Server and sql versions 2016 are not supported until 5.3.3.  You might want to consider building a new server and migrating everything.

Alternatively, you could upgrade to 5.3.3 first where you are at, but upgrading from a non-supported version to another non-supported version would provide you with little support if things went wrong.  Just some things to consider.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Nick_B
Level 10
Report Inappropriate Content
Message 3 of 10

Re: Best Practices to Upgrade ePO

Jump to solution

Hi,

Thanks for the prompt response.

Checked KB51569 which I was already familiar with but seemingly not as much as I thought - so good spot!

So how about we prepare a new Windows Server 2016 VM, install ePO 5.9.1 and import all relevant configurations - policies, client and server tasks etc after pointing to the separate SQL DB via core/config page?

Or alternatively...

We perform an in-place upgrade on the 5.3.2 instance to v5.9.1, export all the configurations after this is complete and import them into the shiny new Window Server 2016 box (and of course point to the SQL DB via the core/config page)?

Thanks in advance!

Nick

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 10

Re: Best Practices to Upgrade ePO

Jump to solution

I am not quite sure what you mean by pointing epo to the db using core/config.  When you install epo, it creates a new database that it is already pointed to.  You can't point a new install to a different database unless you are using kb66616, which is a recovery of your existing server, not anything new. 

I would suggest possibly a different option.  Upgrade your existing server to 5.9.1 (ensure the current sql version is supported on 5.9.1).  Then once it is upgraded, run the disaster recovery snapshot task, make sure it completes, then back up the database.  You can then take that db backup, restore it to new sql server and run the install using restore from snapshot option to restore epo to a new server and OS.  If you do that, I would suggest first bringing down the old server, rename the new one to the old servername and IP address (keep at least one of them the same for consistent communication to epo for the agents).  That way you don't have to migrate systems or policies or anything else for that matter.

Just be sure to follow kb71825 for upgrade checklist, run the pre-installation auditor and to prepare epo and sql for the new 5.9.1 version, run IIScrypto on epo and sql servers, choose best practices, then reboot.  That ensures correct ciphers and protocols are enabled for the 5.9 and 5.10 requirements.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Nick_B
Level 10
Report Inappropriate Content
Message 5 of 10

Re: Best Practices to Upgrade ePO

Jump to solution

Hi,

Thanks very much, that makes more sense.

Just a quick question around the backup process - when I restore the DB to the SQL Server (it is SQL Server 2016 by the way) would it be best to restore it to a separate location from where the current DB is stored - in other words I would not be overwriting the existing DB? I understand it is not too big, around 29.2 GB (56.7GB allocated with 27.4GB available). There are somewhere around 7,000 managed endpoints running MA 5.5.1, VSE 8.8.0.2024, HIPS 8.0.0.4789 & DLP 11.0.200.1002.

Also, this KB appears to be helpful - https://kc.mcafee.com/corporate/index?page=content&id=KB87976.

Thanks in advance!

Nick

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 6 of 10

Re: Best Practices to Upgrade ePO

Jump to solution

Please clarify something, as this is a little confusing.  Are you saying that your current 5.3.2 server's database is on a 2016 sql server?  If so, that is not a supported version of sql.  Please clarify exactly where the current 5.3.2 database is and the version.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Nick_B
Level 10
Report Inappropriate Content
Message 7 of 10

Re: Best Practices to Upgrade ePO

Jump to solution

Sure, no worries.

The current ePO server is running 5.3.2.156 and the backend SQL DB is housed on a separate Windows SQL Server 2016 cluster. There is one other DB on there. It has 10GB RAM and 4 CPUs.

Previously, the SQL Server version was 2008 R2 but the DB was migrated across about 2 months ago.

All is working well.

Highlighted
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 8 of 10

Re: Best Practices to Upgrade ePO

Jump to solution

Ok, not a supported version, but since it is there, you can't downgrade it.  So in that case, you don't need to restore anything since the database already exists, just make sure you have a good backup and that the snapshot recovery task has completed - and that you know the snapshot recovery password.  You won't need to restore anything, just make sure you have a good backup in case anything goes wrong.

Once your existing server is upgraded, then you can shut it down and run the restore from snapshot on your new server using your existing database. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Nick_B
Level 10
Report Inappropriate Content
Message 9 of 10

Re: Best Practices to Upgrade ePO

Jump to solution

Fair enough then. if it is not supported.

My colleague sent me this earlier, would you mind casting your eye over and see what you think? Anything to add?

ePO Upgrade -1 (RG) cutdown.PNG

 Thanks very much.

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 10 of 10

Re: Best Practices to Upgrade ePO

Jump to solution

That looks good, but the recovery from snapshot enables you to install to a different path.  So that part isn't so critical. 

I would add to also run iiscrypto on the new server too.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator