Just wondering if anybody has come across this problem with ePO and found a solution. Present Solution: ePO 4.0 Build 1221 +- 1100 nodes (of these 400 laptops on road) Global sites from USA to Australia Agent 4.0 Virusscan 8.5i HIPS v7 SiteAdvisor
1.Migrate to new server 2.Change IP Address and server name 3.Move location of server
Have spoken directly to McAfee and they say I can do all of the above but I would need to re-install the agents on all the nodes again. I find this not really productive and also time consuming. I have also asked if I could setup the new ePO server with the new name etc and run the two on the same domain and then this will allow me time to slowly re-install the agents but still allow me to manage them. McAfee said I cannot have two ePO servers on the same domain.
Does anyone have any ideas on how to get around this issue, does ePO 4.5 cater maybe for this issue.
We are currently upgrading/moving our clients from one epo 3.6 (VSE 8.5 and Agent 3.6) to a new epo 4.5 server (VSE 8.7 and Agent 4.x) without any problems and both servers are in the same domain. Last year we moved other clients from epo 3.0.x to epo 4.0 and both servers were also in the same domain, also no problems there.
In epo 4.5 you can move clients between epo servers (new feature, not tested yet).
this info from mcafee is b****s of course you can run more than one, right up till you integrate AD with the second. You can happily setup a second server and then gradually move over all your settings and policies and take your pick in agent migration strategies ( ie how you install the new one over the old one (remeber access protection or hips policies may block you so tweak them)
I've got 3 on one domain right now, 2 doing diff things to diff areas ( 3.6.1 and 4.0 and one test 4.5)
McAfee Maniac(Volunteer Moderator) x1 4.5.4 ePolicy Orchestrator Server (Build 1082) x1 5.0.1 ePolicy Orchestrator Server (Build 228) x1 4.6.3 ePolicy Orchestrator Server (Build 197) x1 4.6.6 ePolicy Orchestrator Server (Build 176) Mcafee Agent 18.104.22.1682/22.214.171.12435/126.96.36.1997 Groupshield 7.0 VSE 188.8.131.525 & 184.108.40.2060 x 20000 DLP Endpoint 9.2.1 EEPC 220.127.116.115/18.104.22.1684 HIPS 8 EMM 10.2 x70 Sophos 10.2 Endpoint Security & Control
Thanks for the info, thought it could be done....... This was my plan but please correct me if I am wrong.
1. Backup current database and export all policies etc 2. Install ePO v4 on new server and connect to backed up database - called new name and new IP address 3. Import all policies into new ePO server After that I'm at a standstill because of what you have written Tony. Cannot both servers look at AD at same time because they are just downloading the AD structure etc How will access protection stop the install of the agent? When you say import settings slowly are they not stored in database or must the database be a new complete freash one? Is there a way of replacing the sitelist.xml on each workstation/laptop without having to re-install agent? Would it be advisable to maybe install ePO v4.5 instead of v4.0 as the process will take a long time?
Any suggestions would be gratefully appreciated as I really need to move the ePO.
If you want to move your ePO server to a new server with a new name and IP Addresses it can be done but not with McAfee help. Both ePO servers can be running at same time as Tony pointed out.
1. Install a fresh version of ePO on new server with new database etc 2. Import all policies from old server onto new server 3. Re-create all tasks 4. You can do AD sync as long as you don't enable "Agent deployment" on AD sync
The new server will have all computers in ePO if you use AD Sync etc but will see computers/laptops as not having agents installed. To get around having to re-install all the agents again you can use a super dat (amend it with new IP Address and Computer name of new ePo Server). You send this super dat to all computers and laptops from old ePO server and once they receive the file it will tell them to look at new server for policies updates etc. Would recommend doing this slowly because you will also have to amend your Dist. Repost if you use them.
This is a summary and not a detailed way but it's a help if you are going to move servers etc. McAfee don't support this.