cancel
Showing results for 
Search instead for 
Did you mean: 
web1b
Level 7
Report Inappropriate Content
Message 1 of 9

Rename ePO server and move to new domain?

Jump to solution

We plan to upgrade ePO from 5.3 to 5.10. 

We also need to move to a new AD domain and use a new name since there is different naming convention for servers on the new domain. 

Changing the name and domain also means it will need a new SSL cert that matches the new FDQN  

Whats the best plan for doing an ePO migration that also requires moving to a new domain?

2 Solutions

Accepted Solutions
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 9

Re: Rename ePO server and move to new domain?

Jump to solution

There are several ways you can do that.

1. Use the migrate utility by running the upgrade compatibility tool in the setup files. Those instructions can be found in the 5.3 installation guide.  I have not tested that on a 5.9 or 5.10 server, but the functionalilty still exists.  I can't guarantee it since the install guides for those don't mention that option.

What that will do is move it to a new server and upgrade it at the same time.

2.  Set up a new 5.10 server and re-deploy your agents to it.  Alternately, you can use the transfer systems method to transfer your agents to the new server. 

KB88822 describes migrating your policies and systems, but that is only recommended between same versions of epo (for policies and tasks). 

3. Restore your current 5.3.3 server to the new server (same version epo) per "restoring McAfee ePO" section in install guide.  Once you do that, then in the server settings, server certificate, regenerate that cert so it is generated with the new servername and IP.  You will also want to regenerate the apache certificate after that (instructions can be found in kb66616 for that).  Use dns redirection to point systems to the new server and also possibly update the published dns/IP in agent handler configuration to point to the new server.  Once systems are migrated, then you can do the sha migration to get certs up to sha2.

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 9 of 9

Re: Rename ePO server and move to new domain?

Jump to solution

If you use the 3rd option, you won't have to import/export any policies or anything. 

If you use 2nd option, you might want to first install 5.3.3 first, get all the same extensions and software installed, then import what you need to import, then upgrade that new server before you transfer any systems.

If you use the first option, if it succeeds, you will only need to set up dns to redirect your systems to the new server. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

8 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 9

Re: Rename ePO server and move to new domain?

Jump to solution

There are several ways you can do that.

1. Use the migrate utility by running the upgrade compatibility tool in the setup files. Those instructions can be found in the 5.3 installation guide.  I have not tested that on a 5.9 or 5.10 server, but the functionalilty still exists.  I can't guarantee it since the install guides for those don't mention that option.

What that will do is move it to a new server and upgrade it at the same time.

2.  Set up a new 5.10 server and re-deploy your agents to it.  Alternately, you can use the transfer systems method to transfer your agents to the new server. 

KB88822 describes migrating your policies and systems, but that is only recommended between same versions of epo (for policies and tasks). 

3. Restore your current 5.3.3 server to the new server (same version epo) per "restoring McAfee ePO" section in install guide.  Once you do that, then in the server settings, server certificate, regenerate that cert so it is generated with the new servername and IP.  You will also want to regenerate the apache certificate after that (instructions can be found in kb66616 for that).  Use dns redirection to point systems to the new server and also possibly update the published dns/IP in agent handler configuration to point to the new server.  Once systems are migrated, then you can do the sha migration to get certs up to sha2.

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Reliable Contributor bodysoda
Reliable Contributor
Report Inappropriate Content
Message 3 of 9

Re: Rename ePO server and move to new domain?

Jump to solution

@web1b, I've used the method mentioned on step 2 by @cdinet which is probably the easiest option of all the other. 

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
web1b
Level 7
Report Inappropriate Content
Message 4 of 9

Re: Rename ePO server and move to new domain?

Jump to solution

Step 2 lists multiple options..  What does "redeploy your agents to it" mean?  Do you mean deploy new agents to the old ePO server's sytems from the new ePO server?

We have alot of laptops that are away from the ePO server more often than they are in contact with it. 

Reliable Contributor bodysoda
Reliable Contributor
Report Inappropriate Content
Message 5 of 9

Re: Rename ePO server and move to new domain?

Jump to solution

I build new EPO 5.10, copied the encryption key to the EPO 5.3 as outlined on the KB79283. Then transfered mcafee agents from EPO 5.3 sever to new EPO server 5.10.

Once the mcafee agents transfered to the new epo then you can either upgrade agent (if your current mcafee agents on epo 5.3 is not current version).

Note, you need to manually export Policies  & clients tasks from old EPO 5.3 and import it to the new epo 5.10 prior to transfer mcafee agents. 

Hope it makes sense. 

 

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 6 of 9

Re: Rename ePO server and move to new domain?

Jump to solution

Check KB88822.  We recommend exporting/importing between the same versions of epo due to schema changes in the other versions, so that would not be an option for your case. 

Redeploy agents means deploy new agents to old epo server systems from new epo.  However, you can use EEDK to wrap the agent package from the new epo server, check it into old and use a deployment task to push it out from the old epo server.  So, when your external clients happen to check in, they can get the agent without you having to do anything.  See KB74887 for info on EEDK.  Or you can go here:

https://community.mcafee.com/community/business/toolexchange

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Reliable Contributor bodysoda
Reliable Contributor
Report Inappropriate Content
Message 7 of 9

Re: Rename ePO server and move to new domain?

Jump to solution

 

See steps 

https://www.mcafee.com/enterprise/en-us/products/epolicy-orchestrator.html?tab=support

epo_transfer_.jpg

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
web1b
Level 7
Report Inappropriate Content
Message 8 of 9

Re: Rename ePO server and move to new domain?

Jump to solution

If I can only import policies to the same version of ePO, how do I get the polices moved to a newer version before migrating the systems?

Would I have to rebuild every policy from scratch?

Highlighted
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 9 of 9

Re: Rename ePO server and move to new domain?

Jump to solution

If you use the 3rd option, you won't have to import/export any policies or anything. 

If you use 2nd option, you might want to first install 5.3.3 first, get all the same extensions and software installed, then import what you need to import, then upgrade that new server before you transfer any systems.

If you use the first option, if it succeeds, you will only need to set up dns to redirect your systems to the new server. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center