jrp78, you can create a query to find inactive agents on ePO after you activate the the new cert. this is something you can have as part of regular epo administration. you can either create a "filter" in system tree view OR create a query to locate agents that have not communicated with ePO in the last X days. Once you get the list, you can simply deploy the agent again. no powershell/group policy required. I mean you can use them but locating inactive agents and then deploying agents is easier. with powershell/group policy, you can deploy but they wont tell you whether agent is active or not.
Ahh, yes. That's a good point. I do not leverage this function often normally but it should work for this case. I normally deploy all my agents at imaging in the task sequence. Sometimes I use Altiris after the fact if necessary. I think I can sleep a little better now. Thanks Moe.
One more thing I noticed and was trying to get confirmation on, the regenerated certificate. I am waiting for as many agents as possible to check-in before activating the new cert as the documentation states. However, looking at the screenshot, I cannot find a way to confirm the new cert I regenerated is in fact SHA2. My fear is I've done nothing more here than regenerate a new SHA1 cert. Is what I'm seeing here normal when you are migrating from SHA1 to SHA2?
Actually it is not an errors, just an indication to be clear with 100% machines is communicated to ePO, to click on activation!!.
As per your screenshot, you have 59% of machines already reported to ePO, once it is 100%, you can go for activation.
If you have more queries, go through the attach document with step by step procedure of ePO 5.9 upgrade where it covers, what steps to follow after this activation...