Just upgraded my ePO 4.6.4 to 5.1 thought it handy to include everything I did (I did need to call support...)
The installer will tell you if your database has tables with more than a million events, these need to be cleaned up!
Clean up old systems
Run compatability test from the installer zip to check all your software is up to date, or can be updated during the process.
Patch windows(never miss an opportunity to patch windows)
Our existing environment was already windows 2008 R2 for App and 2008R2 for SQL so no OS stuff or SQL stuff needed to be changed.
TAKE A BACKUP!
This is important, our first attempt failed and left our ePO in a broken state, lucky we had a dB backup and snapshot of the server to restore to in less than 20 minutes.
I had also followed the various steps you see around downloading all policies, keys, computers, tasks and everything else you can find.
Before starting upgrade
you have a backup right?
Disable agent handler (we turned ours off to make sure after disabling it via the GUI)
Email teams to tell them to stay out of the system.
Disable any monitoring/SIEM's or anything else touching or checking the dB.
Restart all the mcafee services (cleans out any junk or users)
Ensure that the registry key for 8dot3 naming is still disabled ( located in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem - NtfsDisable8dot3namecreating - should be 0) - This caused our first install to fail, McAfee support checked logs and found issue. 2nd attempt worked first time.
Run the installer - took around an hour.
Once all up and running:
Deploy hearbleed fix
Install latest hotfix
Re-enable everything your turned off (monitoring, database monitoring, SIEM's etc...)
Email users that they can use the system
Check everything and then do the same with your agent handler, install 5.1, heartbleed and hotfix.
And done and celebrate!
Thanks for the write-up! Do you know how this process would change if you had to migrate between a 32 and 64 bit server for the app while keeping the same DB server?
ePO 5.1 now includes a utility called UpgradeCompatibility.exe that will help convert from 32 bit to 64 bit ePO servers. Check the ePO installation guide as it has information on upgrades as well: https://kc.mcafee.com/corporate/index?page=content&id=PD24807.
This utility is specifically designed to copy the McAfee ePO version 4.X configuration from 32-bit or unsupported hardware to 64-bit supported hardware.
The UpgradeCompatibility utility worked for our Test ePO server. It allowed this server to migrate from Windows 2003 32 bit running ePO 4.6.7 to Windows 2008 R2 64 bit running ePO 5.1.0. Our whole process took about 3 hours. The production server is going to be migrated using this tool next week. Thanks McAfee in providing this valuable tool.
When using the UpgradeCompatibility utility to migrate to a new box, I presume that, for the agents to call home to the new box, the new server has to have either the IP of the old server or a DNS A/CNAME record for the old server's name pointing to the new server?
Or are things more complicated than this?
Sometimes I wish that McAfee's documentation was more explicit about simple things like this.Message was edited by: PhilR on 13/05/14 13:47:50 IST
Yes. You'll need to rename/ip the new server to the old servers current config. Confirmed with support last week. Or you could use a new IP and do a DNS change.