cancel
Showing results for 
Search instead for 
Did you mean: 

EPO Upgrade 5.1.0 to 5.3.3

I am about ready to upgrade my EPO server to version 5.3.3. I know I am way late to the party!! I've been utilizing the EPO Pre-Install auditor v3.1.0.140 to be sure I'm ready for the upgrade. There are two informational items that were flagged by the tool. One is approximate time for upgrade to complete (informational identifier is colored blue). The other is keystore certificate key size validation could not be fetched. This is flagged by a grey colored informational icon. I've read through KB89995 and 81863 as referenced in the tool. KB89995 is the more applicable of the two at the moment. I've verified that the EPO cert is using a 2048bit key. The KB also mentions re-generating the self-signed cert and private key. I called McAfee tech support on Saturday afternoon to ask about the grey informational entry. I was referred to KB84628. Having read that KB, the recommendation is to upgrade to EPO 5.1.2 before I go to 5.3.3. That KB also references man in the middle remediation measures once the upgrade is complete. My question is – can I safely ignore the informational entry and proceed with the upgrade OR do I need to pay heed to that and go to EPO 5.1.2 first? Some other info – the SQL DB that EPO uses is hosted on the EPO server, so no external instance connection.
3 Replies
McAfee Employee Hawkmoon
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: EPO Upgrade 5.1.0 to 5.3.3

Hi David223,

The KB uses the word 'must', and as such I'd support the KB and say yes!

" Recommended Actions
ePO 5.3 and later users must apply the steps in Configurations 1 (A), 1 (B), and Configuration 2 below.
ePO 5.0.x and 5.1.x users must upgrade to ePO 5.1.2, and apply the steps in Configurations 1 (A), 1 (B), and 1 (C) below.
NOTE: These ePO versions are End of Life."

Which points out a concern I have, in that ePO 5.3.x is nearing its EOL as well - EOL: 31/3/19.
ePO End of Life page

An option for you to consider.
If you upgrade to 5.1.3 you can go to 5.9 ... !

Supported platforms, environments, and operating systems for ePolicy Orchestrator Technical Articles...

Might save you some repeat work for the future! 

 

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: EPO Upgrade 5.1.0 to 5.3.3

Thank you for the reply. You make a good point about 5.1.3. I'll have to look at that.

McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: EPO Upgrade 5.1.0 to 5.3.3

Please note though that KB 84628 is only applicable if you are implementing certificate validation - if you're not using this or planning to implement it, you can skip this KB. Having cert validation implemented is not a requirement for updating ePO.

 

Similarly if your browser cert is already 2048bit, then there's no need to regenerate it - it's only a problem if your ePO installation started life with a 1024bit cert and has been upgraded all the way from there.

HTH -

Joe

Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.