2 Replies Latest reply on Dec 23, 2009 1:41 AM by paul9408

    Upgrade questions

      Hi,

       

      I'm faced with following situation:

       

      One new 4.5 ePO server to service 2 domains in 3 locations with W2K server, W2K prof, W2K3 server, WinXP.

      Currently we use ePO3.6 with Agent 4.0.0.1421. Switch should be in a week or two.

       

      If i continue to use 4.0.0.1421 agent i cannot push an agent install from the console. It seems that if the major version is identical the push won't work, even if i have checked force over existing. I would have to make up some kind of scenario in which the present 4.0 client will be uninstalled (frminst.exe /forceuninstall) before the new 4.0 agent can be sent from the present 4.5 server.

      If is import the 4.5 agent we have no problems in pushing agents across the environment..... But off course it failes on the W2K OS.

       

      So.. should i go for the 4,5 agent and use a 4.0 on the W2K machines and use a relatively complicated process to get the agent onto those machines.

      Or do i use this process on all machines and have only one agent in my environment?

       

      Problem is also, we can't get a descent proces together to do the uninstall/install in one step. We have SMS 2.0 on that Domain were everything still runs on W2K which is absolutely EOL.. No option. We could use a startup script for the clients and do the servers by hand...

       

      Isn't there any way of making agents look at a new server instead of reinstalling the agent all together?

       

       

      Message was edited by: paul9408 on 12/16/09 6:58:54 AM CST
        • 1. Re: Upgrade questions
          jstanley

          The push should work fine even if the agent is currently installed. Even if you don't check the "forcinstall" option the push itself should work the agent just may not install. Here is how we define "the push"

          1. Framepkg.exe is copied from the EPO server's master repository to the "admin$" on the client
          2. Remote registry service is used to launch the install

           

          After step 2 above EPO will record a successful "push" in the server task log. Notice it has nothing to do with whether the install was ultimately successful or not. So if your recording push failures in your EPO server task log then we are having a different problem.

           

          You may be having an issue with the agent not regenerating everything correctly during a forceinstall. Particularly if you are pushing to resolve a duplicate agent GUID issue. I noticed the agent version you are using (4.0.0.1421 = MA 4.0 patch 2) is a bit out of date. If you cannot go to MA 4.5 then you should go to MA 4.0 patch 3 (4.0.0.1494) which resolves an issue where an agent GUID is not re-created when forcinstalling the agent.

           

          You can follow these instructions to point an agent at a new EPO server without reinstalling:

          1. Disable VSE's Access Protection
          2. Stop the McAfee Framework Service
          3. Grab a copy of the following files from a working agent's data directory and replace them in the same directory on the broken agent (assumes default directory on WinXP):
            • C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\srpubkey.bin
            • C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\reqseckey.bin
            • C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\sitelist.xml
          4. Delete all of the BIN keys in this registry location: [HKLM\Software\Network Associates\ePolicy Orchestrator\Agent\Keys]
          5. Start the McAfee Framework Service
          6. Perform an ASCI
          1 of 1 people found this helpful
          • 2. Re: Upgrade questions

            Thanks for the reply Jeremy, it sheds more light on this.

            Meanwhile my problem has been solved.

            As you point out the 4.0.0.1421 is a bit old. I've downloaded the 4.0.0.1494 version and this perfectly replaces all the present agents. So now i can distribute these new agents on any machine in my environment and gradually say goodbye to the old 3.6 ePO server.