I would like to know if anyone knows how I can migrate/transfer systems from 1 ePO server to another if they running McAfee endpoint encryption 6? I have tested it and the clients transfer no problem from 1 epo to another on ePO 4.5 patch 3. They then end up in the lost&found folder on the new ePO. this is cause there is no IP sorting yet. the problem I ran into last time was not having an EEPC policy in the lost and found on the new server so it unencrypted the drive. I want to test further but just would like to know if anyone one has recommendations or concerns. my 2 concerns are recovery, and user assignment. The users are in both ePO servers but not assigned to a client when it gets transferred. so i am concerned what may happen with recovery or logon due to this problem.
Advice would be great.
i could be wrong and i could be misunderstanding it, but if you were to move them from ePO it would be the same as deleting them from ePO , you would loos your tags( if any )sorting ( if done manually )
and in EEPCv6 you will loose the users that are assigned to the machines. I know as this happend to us in our enviroment when deleting a few machines with high sequence errors.
I dont think this is going to specifically answer your question but maybe some helpful info....
No, that doesnt really answer this unfortunatly. I have 2 ePO servers and I am transfering clients between them. I just dont know what will happen with the users assigned to the machines. From what I understand, the Patch 2 version of EEPC 6 does transfer the key information to the other ePO. This is not documented but something i discussed with McAfee.
So once we move the machines they end in Lost&found on the new ePO server. We assigne the EEPC policy to this group. but then immediatly i reckon we have to assign users. I have not had a chance to test yet. I will let you know what I find.
There is no problem transfering EEPC client from one ePO server to another.
The EEPC will detect that the ePO server has changed and will backup the keys again in the new server.
Please note that the policies and users of new servers will be applied in the first instance that EEPC communicates with new server.
So if the first ePO server used a policy to encypt all disks and the second uses encrypt none, then as soon as the machine is moved EEPC will get the new policy and will start decrypting machines.
You should always do this very carefully and make sure that policies in new server are the ones you want.
I have tested this and tried it and ensured I had the same policies. I exported them off the original ePO and copied them and imported them on the new server. I also found the machines move to the lost&found folder and thats where I assigned the policy. I also added the users to them as soon as they came in. But it failed. after a few reboots the machines broke and I could not get the EETECH to remove the encryption. see the attached Pic.
EETech fails when the wrong key file was used and the error you are getting indicates this. Maybe some confusion with which server you used to export the file.
You need to exchange keys between the ePO servers and follow ePO guidelines for moving a system from one ePO to another. This is not EEPC specific.
Also please make sure you are using EEPC 6.0.2 and above