cancel
Showing results for 
Search instead for 
Did you mean: 

Can't create new certificate during restore ePo 4.6.6

Jump to solution

All,

because of a failed upgrade to ePo 5.0 I've desided to restore my wokring ePo 4.6.6 version.

I have a backup of the DB and some installation files, and want to restore according to this KB article:

https://kc.mcafee.com/corporate/index?page=content&id=KB66616

I followed the article until step 12, where I have to renew the certificate. But I get the following error(s) in the ahsetup.log file:

20130626153913          I          #06360          AHSETUP           Creating Agent Handler Certs.

20130626153913          I          #06360          AHSETUP           Checking to see if the ePO server is available.  We will try 5 times.

20130626153914          E          #06360          MCUPLOAD          Failed to process the secure communication request (error=401)

20130626153924          E          #06360          MCUPLOAD          Failed to process the secure communication request (error=401)

20130626153934          E          #06360          MCUPLOAD          Failed to process the secure communication request (error=401)

20130626153944          E          #06360          MCUPLOAD          Failed to process the secure communication request (error=401)

20130626153954          E          #06360          MCUPLOAD          Failed to process the secure communication request (error=401)

20130626154004          W          #06360          AHSETUP           The Agent Handler failed to connect to the ePO server.

20130626154004          E          #06360          AHSETUP           Failed to connect to the ePO server <servername>:8443'

Can sombody tell me where to look to solve this issue? beceause I'm out of ideas ...

Thanks in andvance guys!!

Regards


1 Solution

Accepted Solutions

Re: Can't create new certificate during restore ePo 4.6.6

Jump to solution

Hi,

I have found out what I was doing wrong.

When I reïnstalled the ePo 4.6.6 version I couldend just restore the DB, it gave an error like:

"The Backup set holds a backup of a database other than the existing database"

So I deleted the database and restored my backup. Apperantly this doesn't work.

So I followed the sollution to restore the backup according to this link:

http://blog.sqlauthority.com/2007/09/27/sql-server-fix-error-3154-the-backup-set-holds-a-backup-of-a...

And then followed the recovery prosedure in the KB article. Everything is working fine now!

Thanks anyway.

3 Replies

Re: Can't create new certificate during restore ePo 4.6.6

Jump to solution

You really do have to follow those steps to the very letter, substituting the right values where it says - and remember the command is case-sensitive.

Please note that you need all the files stated in KB66616 restore, if you only have some then the restore will also likely be unsuccessful.

  • Start the McAfee ePolicy Orchestrator 4.x.0 Application Server service.

    NOTE:
    You have to start this service for RunDllGenCerts to work.
     
  • Rename SSL.CRT folder (see path below) to SSL.CRT.OLD and manually create an empty folder named SSL.CRT on the same path, otherwise the setup will fail to create a new Cert:

    32-bit: "C:\Program Files\McAfee\ePolicy Orchestrator\APACHE2\CONF\SSL.CRT"
    64-bit: "C:\Program Files (x86)\McAfee\ePolicy Orchestrator\APACHE2\CONF\SSL.CRT"

     
  • Click Start, Run, type cmd, and click OK.
  • Change directories to your ePO installation directory.

    Default path:

    32-bit: Program Files\McAfee\ePolicy Orchestrator\
    64-bit: Program Files (x86)\McAfee\ePolicy Orchestrator\
     
  • Run the following command:

    IMPORTANT:
    - This command will fail if you have enabled User Account Control (UAC) on this server. If this is a Windows Server 2008 or later, disable this feature. You can find more information about UAC at: http://technet.microsoft.com/en-us/library/cc709691(WS.10).aspx.
    - This command is case-sensitive. The ahsetup.log (found in <installdir\Apache2\conf\ssl.crt>) provides information about whether the command succeeded or failed and will state if it used the files located in the ssl.crt folder

    Rundll32.exe ahsetup.dll RunDllGenCerts <eposervername> <console HTTPS port> <admin username> <password> <"installdir\Apache2\conf\ssl.crt">

    where:

    <eposervername> is your ePO server's NetBIOS Name
    <console HTTPS port> is your ePO Console Port (default is 8443)
    <admin username> is admin (use the default ePO admin account)
    <password> is the password to the ePO Admin console account
    <installdir\Apache2\conf\ssl.crt> is your installation path to the Apache folder; Default installation path:

        32-bit: "C:\Program Files\McAfee\ePolicy Orchestrator\APACHE2\CONF\SSL.CRT"
        64-bit: "C:\Program Files (x86)\McAfee\ePolicy Orchestrator\APACHE2\CONF\SSL.CRT"

    Example:
    Rundll32.exe ahsetup.dll RunDllGenCerts eposervername 8443 administrator password "C:\Program Files\McAfee\ePolicy Orchestrator\APACHE2\CONF\SSL.CRT"

Re: Can't create new certificate during restore ePo 4.6.6

Jump to solution

Hi Rackroyd,

Thanks for your reply.

Yes, have followed this article to the lettre and the command should be correct.

The files I backuped are all the files this article

Says I should backup (except the files I could exclude from

The server folder)

Regards

(Posted from mobile so sorry for Any typo's)

Re: Can't create new certificate during restore ePo 4.6.6

Jump to solution

Hi,

I have found out what I was doing wrong.

When I reïnstalled the ePo 4.6.6 version I couldend just restore the DB, it gave an error like:

"The Backup set holds a backup of a database other than the existing database"

So I deleted the database and restored my backup. Apperantly this doesn't work.

So I followed the sollution to restore the backup according to this link:

http://blog.sqlauthority.com/2007/09/27/sql-server-fix-error-3154-the-backup-set-holds-a-backup-of-a...

And then followed the recovery prosedure in the KB article. Everything is working fine now!

Thanks anyway.