cancel
Showing results for 
Search instead for 
Did you mean: 
northomsk
Level 7

New EPO server, same ip address as old new server name, unable to upgrade agent

Hi all

A question for you all

I have an EPO installation EPO 4.5 (old server)

New server running EPO 5.1

Below whats been done on new EPO 5.1

Then built a new server where i have had EPO 5.1 installed

Using a new DB instance, old EPO used a SQL express, new fully licensed SQL on seperate SQL server

This new server will have same IP-address as the old one but server name is different

From system tree My Org -> synchronization type -> Active Directory, imported my structure

I can then see my AD and machines, of course unmanaged

Then when I put my new server live and disable old one machines are getting in to my new EPO and seen as managed

Problem now is that im not able to deploy an agent from new server to upgrade agents, access denied on clients

I then imported Security keys from old server to new one, still unable to deploy agent

Reason to deploy agent is that i like to have them upgraded from 4.0 to 4.8

All policies and settings has been transfered over to new EPO server

If I would change back and have old server active i can deploy latest version of agent without any issues

Shouldnt this just simply work? Or do i have to import something else or change any configuration

I also disabled Agent-to-server-communication secure port on new EPO sever


All help most welcome

0 Kudos
3 Replies
northomsk
Level 7

Re: New EPO server, same ip address as old new server name, unable to upgrade agent

Done some research and i think ReGenerate Apache Certificate is the solution

This by having Application Server service running

  1. ReGenerate Apache Certificate
    1. Open command prompt as administrator on new server
    2. Change directory to installation directory
    3. Run this command string
      1. Rundll32.exe ahsetup.dll RunDllGenCerts <eposervername> <console HTTPS port> <admin username> <password> <"installdir\Apache2\conf\ssl.crt">
    4. C:\Program Files (x86)\McAfee\ePolicy Orchestrator>
      1. rundll32.exe ahsetup.dll RunDllGenCerts Shield 4433 admin <password> "C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Apache2\conf\ssl.crt"
  2. Check Apache log for certificate change
    1. C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Apache2\conf\ssl.crt
  3. Start the other two services



Would anybody agree

0 Kudos
ulyses31
Level 16

Re: New EPO server, same ip address as old new server name, unable to upgrade agent

Hi northomsk, you have installed a new ePO server so deploying McAfee Agent shouldn't be a problem and it doesn't depends on the security keys, ePO's server name or ePO's IP address.

But be aware that this is only true if you deploy agents to your computers as if they were new computers: this means selecting computers and then click on Actions->Agent->Deploy agent and not using a deployment task as it won't work this way (because of security keys, server name, etc...)

0 Kudos
northomsk
Level 7

Re: New EPO server, same ip address as old new server name, unable to upgrade agent

Well thanks for answering

True and i really need to have the keys as i found

0 Kudos