cancel
Showing results for 
Search instead for 
Did you mean: 

EPO Downstream Server


I have built a seperate Windows Domain (A) on it's  own vlan  connected  to our forest domain (B) the 2 domains do not replicate, but setup to ping each other. My boss wants me  to manage the clients on Domain  A  with domain B EPO server. Domain B EPO can only manage the  A Domain controller. I have 2 Nic's one is  connected to domain B the other nic connected to a wireless router that have the clients on domain A. I can't ping the A clients From B domian.  Thanks

8 Replies

Re: EPO Downstream Server

Hi

EPO is domain agnostic, in this I mean providing network connectivity exists between the the EPO server and all your endpoints in all your domains, this one server can manage the entire enterprise. This is the exact setup we have where we manage eight domains from the one ePO server.

You will need to do a few things to get this to work.

  1. If you populate the system tree using AD sync you will need to register an LDAP server for each domain with the server and check that the FireWall ports between the domain allow LDAP access through them.
  2. You can save credentials for each domain in the ADSync configuration so the User Resource Pool for each domain do not need to have a transitive trust if this is not required for your business.
  3. You will need credentials in each domain to be able to Deploy the Agent from the ePO server
  4. If your DNS setup does not have forwards for all your zones between then you will need to add the DNS server details to the DNS configuration of your ePO server Windows Setup.

If you have specific question feel free to ask.

Regards

Rich

Volunteer Moderator

Certified McAfee Product Specialist - ePO

Re: EPO Downstream Server

Thanks Rich,

I have ADsync working and able to bring in the client from the other domain but unable to install the Mcafee agent unable to ping the new clients from EPO server.

Re: EPO Downstream Server

Can you run an NSLOOKUP command from the epo server windows session to see if you are getting a DNS response for the endpoint in the other domain, ie :

NSLOOKUP <systemname>.<otherdomainFQDN>

If this does response with the correct IP address, the Agent Deployment task will need to use credentials for the other domain which will allow it to install the Agent.

The EPO server will also needs to be able to SMB file copy the Agent install set to the other domain, so its worth checking that SMB TCP 445 is open on the firewall from the EPO server to all the other parts of the network.

Regards

Rich

Volunteer Moderator

Certified McAfee Product Specialist - ePO

Re: EPO Downstream Server

Thanks for your quick reply; nslookup does not come up with the correct IP

The  new  DC (new Domain) has 2 nics configured. NIC 1 is connected to domainA which has the EPO server. NIC 2 connects to a wireless router that has the new clients in the new domain. I configured the AD scync with the new DC    client shows up in the EPO server as unmanaged can't ping it. I am weak when it comes to ip addressing. NIC 1 is 10.6.0.175 255.255.00 10.6.0.254. NIC 2 is 192.168.6.110 255.255.255.0 no gateway DNS is 10.6.0.175 the new DC

Re: EPO Downstream Server

Boss wants EPO in the new domain to function like a WSUS
downstream server and we will not manage it someone else will just make sure it
gets updates I don’t think you can do that. I believe you have to just build a
new EPO server in its own domain and give it a internet connection. 

Re: EPO Downstream Server

ePO does not implement a Downstream management server model. - One server to manage multiple domains.

If you want to isolate your domain endpoint management you need to run multiple ePO servers in each domain, or set up permission sets to limit administration to different groups of admin users.

If you only want to downstream the Update files and agent communication you can use the Super Agent and Relay server functionality.

It might help if you could get come confirmation from your Manager if you want to use different management environments for each domain or different update and communication aggregation points for each domain.

Regards

Rich

Volunteer Moderator

Certified McAfee Product Specialist - ePO

Re: EPO Downstream Server

My manager wants the standalone domain with a EPO server just to get updates and products from our EPO server and be managed by someone we would only be responible for the connect to the EPO server in the standalone domain. I want to have a EPO server in the domain which has internet connection and get updates from Mcafee. Thank you again for your help. I believe the solution is a seperate EPO server.

Re: EPO Downstream Server

Yes, from what you have described a seperate ePO server would be easier to implement. 


Regards

Rich

Volunteer Moderator

Certified McAFee Product Specialist - EPO