4 Replies Latest reply on May 24, 2010 9:31 AM by Attila Polinger

    McAfee Agent Migration Strategies

      Hi All,

       

      Looking to see whether anyone can share HOW they migrated Agents to a new ePO Server.

       

      My situation is that I am building a new ePO 4.5 server (different IP and hostname, in a new AD domain) and existing agents (workstations & servers) will be made part of a new domain (where the new ePO is part of).

       

      I am looking at doing the following.

       

      1. Build new ePO 4.5 server

      2. Domain change on agents (Workstations & Servers)

      3. Perform a AD structure sync in ePO

      4. Force agent push.

       

      Is there a way to re-direct the agents to the new ePO without doing a push/update across the wire (the link between the main site to the remote sites are less than 256K? Could I simply uninstall the agent after the domain change and then re-install the agents and then do a AD structure sync.

       

      Any help would be much appreciated.

       

      Cheers,

       

      DucSta!

        • 1. Re: McAfee Agent Migration Strategies
          Attila Polinger

          Hi,

           

          we are in the middle of something similar. The agent re-push might seem very simple, but it could involve a reboot of the client and also can fail for several reasons (like due to pending installations on the target client).

          When you are finished installing and configuring the new ePO server (which includes agent deployment client tasks) export the agent-server communication keys and the sitelist.xml. You will only need regseckey.bin and srpubkey.bin from the keys.

          Develop a method of copying the new sitelist.xml, srpubkey.bin and regseckey.bin files onto clients in the same - temporary - folder that need be migrated and does have a working ePO agent, then change to the folder where frminst.exe is. The command "frminst.exe /install=agent /siteinfo=(folder full path)\sitelist.xml" will regenerate connection information and re-directs existing agent to the new server.

           

          The agent will wait the period randomized with the old ASCI values, until it connects to the new ePO server, then pulls everything.

           

          The three files are so small they won't load the wire too much even for many clients.

           

          Attila

          • 2. Re: McAfee Agent Migration Strategies

            Hi,

             

            Thanks for the reply.

             

            Just one question. After all steps are completed and then pull tasks happens; does it effectively mean that the agents will be up-lifted to the new agent version distributed with ePO 4.5?

             

            Thanks.

            • 3. Re: McAfee Agent Migration Strategies
              HupSkiDup

              No, that won't change the agent version.  You would need the new framepkg.exe or equivalent to upgrade the agent.  You can copy the files from the repository under current\epoagent3000\ etc... down to where the framepkg.exe file is.  copy that to a local folder on the lan, then you can execute that on a machine to upgrade the agent and set the epo server location

              • 4. Re: McAfee Agent Migration Strategies
                Attila Polinger

                Hi,

                 

                the agent should get upgraded automatically as soon as you define an agent deployment task on the new ePO server and the new client incorporates that task.

                 

                Attila