cancel
Showing results for 
Search instead for 
Did you mean: 
AP1980
Level 7
Report Inappropriate Content
Message 1 of 6

Updating ePO

Hi,

 

We have an ePO 5.3 server that we are looking to upgrade, both the version of ePO to 5.9/5.10 and the OS from 2008 to 2016. Likely moving the DB to a later version of SQL server too.

 

Im looking for the easiest and least painful way to accomplish this, any ideas?

 

If we restore the DB from the old server onto the new server, then run the installer and point it at this using the recovery option in the installer, what does this achieve? So effectively a new version install on 5.10, but pointing at the old DB thats been moved to a new server. Will this actually work?

 

Will we be able to use a new server, new server name and IP? or do they have to be the same as the old ones? Seem to keep finding slightly conflicting info on this?

 

Any help would be appreciated

Thanks

 

5 Replies
McAfee Employee vivs
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Updating ePO

Hello,

It's a very good decision to upgrade your ePO to the latest and supported version.


You have mentioned that you are planning to upgrade your OS as well and that is something you can definitely do it but before performing that please take a ePO and ePO Database back-up with the help of the below KB article:

https://kc.mcafee.com/corporate/index?page=content&id=KB66616

Why i am suggesting to take a backup before upgrading the OS because of the below reason:
Upgrading Windows on an ePolicy Orchestrator Server can damage the installation:
https://kc.mcafee.com/corporate/index?page=content&id=KB82672&ePO1114

You can also try to install a new ePO version either 5.9 or 5.10 with new SQL version and later we can transfer the systems and policies with the help of the below KB artciles:

How to transfer computers from one ePolicy Orchestrator server to another:
https://kc.mcafee.com/corporate/index?page=content&id=KB79283&ePO1114


How to migrate policies and systems from one ePolicy Orchestrator server to another:
https://kc.mcafee.com/corporate/index?page=content&id=KB88822&ePO1114

If we restore the DB from the old server onto the new server, then run the installer and point it at this using the recovery option in the installer, what does this achieve?
This means you are doing a Disaster Recovery this means that you are installing the same version of ePO and pointing it to the database.

This can be achieved with the same version.

So effectively a new version install on 5.10, but pointing at the old DB thats been moved to a new server. Will this actually work?
No this will not work and there should be multiple errors like extension mismatch.

Will we be able to use a new server, new server name and IP? or do they have to be the same as the old ones? Seem to keep finding slightly conflicting info on this?

If you are upgrading the ePO this will take all the same details which you are using on the ePO machine.

If you are planning to change anything here only make sure that agents are having those details to communicate with the ePO Server.

I will recommend you to keep the same details.

The agent uses either the last known IP address, DNS name, or NetBIOS name of the ePO server. If you change any one of these values, ensure that the agents have a way to locate the server. The easiest way to make sure is to retain the existing DNS record and change it to point to the new IP address of the ePO server. After the agent successfully connects to the ePO server, it downloads an updated Sitelist.xml with the current information.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 3 of 6

Re: Updating ePO

Vivs advice is great. There are also some other things to consider. See KB51569 for supported environments for epo. Support for 2016 OS and sql were not introduced until 5.3.3. If you are running 5.3.3, then you can move your database to new sql server and do a disaster recovery to move your existing 5.3.3 to the new 2016 server. Once that is restored, you can then upgrade it to 5.10. If you are running 5.3.2 or older, then I would suggest upgrading it first to 5.3.3, then do the migration as above,. Be sure to go through the pre installation auditor tool and kb71825 before any upgrade. Also, to prepare your servers for the upgrade of epo, I would suggest running IISCrypto on both epo and sql servers, set it to use best practices, then reboot. That can help ensure the right protocols and ciphers that 5.9 and 5.10 require are in place.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

AP1980
Level 7
Report Inappropriate Content
Message 4 of 6

Re: Updating ePO

So, would it be better/easier(?) to take the following type of approach:

  • Upgrade the current 5.3.1 ePO to say 5.9
  • Move the DB from the old server and restore it on the new SQL server
  • Build a new server and give it a new name/IP
  • Install 5.9 on the new server and select the option to restore from DR snapshot
  • Complete the wizard with the requested info
  • Verify all works on the new server?
  • Correct things like agents pointing to old server etc

 

Does that sound feasible? I think we are probably going to have to change the name/IP of the server to be honest

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 5 of 6

Re: Updating ePO

That all depends on whether 5.9 is supported on the current OS and SQL server versions, you would need to check kb51569, and also whether the OS and SQL also supports tls 1.2.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Updating ePO

In my opinion, it would be safer to upgrade to 5.3.3 first, then migrate everything. As for changing server and IP, you will need to do some dns redirects to point agents to new server name and IP.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community