1 2 Previous Next 13 Replies Latest reply on Sep 7, 2010 3:47 PM by peter_eepc

    Endpoint Encryption server domain move?

    zarberg

      I have a McAffee Endpoint Encryption server (v. 5,2,0,9 )  that was created and installed in its own domain for various political reasons before I inherited control of it.  Recently we've had a problem with the Database Server service stopping unexpectedly.  Although I've set this service to restart automatically via the service properties, it does not do so.  I'd like to move the server to our main domain so we can monitor it via MOM.  Does anyone see any issues related to Endpoint Encryption that would be a problem in joining this stand-alone server to our domain?  The IP address will be staying the same.

        • 1. Re: Endpoint Encryption server domain move?

          Should not be a problem, but it is better if Clients use DNS. Therefore you could move it between network sites too.

          • 2. Re: Endpoint Encryption server domain move?

            The ad domain the server belongs to does not really matter, but of course, if the clients are trying to find the server via its dns name, and that changes, then of course no machines will be able to sync any more.

             

            Whatever you do, the address/name that the clients look for the server on must never change.

            • 3. Re: Endpoint Encryption server domain move?

              Whatever you do, the address/name that the clients look for the server on must never change.

               

              Actually, those might change if they still point to the same database (where relevant machine and user objects exist).

              • 4. Re: Endpoint Encryption server domain move?

                Actually, those might change if they still point to the same database (where relevant machine and user objects exist).

                eh? I doubt it - there's no code to automatically update the client side configuration files which tell the client where to look. If the server suddenly changes address/name, the clients will have a pretty hard (ie impossible) time finding it again.

                 

                Best not to change the server address/name in the first place unless you want to do something to touch every machine in advance and tell them about the new address/name...

                • 5. Re: Endpoint Encryption server domain move?

                  IF one were to change the server name, could one "fix" the existing clients by providing them with an updated sdmcfg.ini file, which has the new server name?

                  • 6. Re: Endpoint Encryption server domain move?

                    you'd have to do that BEFORE you change the the server name - otherwise the clients are already disconnected. And you'd have to make sure you updated 100% of the clients, as once you made the switch, the ones with the wrong name would never be able to connect.

                     

                    Finally, rather than change the name, what you really need to do is merge in a 2nd database connection, so the clients can talk to either address - obviously only have the server working on one at a time though (unless your DNS is clever enough anyway). 

                    1 of 1 people found this helpful
                    • 7. Re: Endpoint Encryption server domain move?

                      eh? I doubt it - there's no code to automatically update the client side configuration files which tell the client where to look. If the server suddenly changes address/name, the clients will have a pretty hard (ie impossible) time finding it again.

                       

                      Best not to change the server address/name in the first place unless you want to do something to touch every machine in advance and tell them about the new address/name...

                       

                      You can easily transition "sdmcfg.ini" settings if you put them into client file set. Then on the next sync, they are updated.

                      This approach can be used to move from IP based naming to DNS names, or during server migrations from one server to another.

                      1 of 1 people found this helpful
                      • 8. Re: Endpoint Encryption server domain move?
                        zarberg

                        Just to update, the server name will not change, nor will the IP address.  It's simply going from a stand-alone server to a domain member server.  If worse comes to worse I'll have a full backup from the previous night to fall back on.

                        • 9. Re: Endpoint Encryption server domain move?

                          You can easily transition "sdmcfg.ini" settings if you put them into client file set. Then on the next sync, they are updated.

                          This approach can be used to move from IP based naming to DNS names, or during server migrations from one server to another.

                           

                          this can cause so many problems - for a start, it won't help in the case that you want to add a new connection in advance of a move, and further, it can really screw up upgrades if not done properly - too many people have done this, then managed to disconnect their entire machine population because they put the sdmcfg.ini file where it should not have been. It's missing out of the file set for a good reason.

                           

                          My advice, don't do as peter suggests - pay for a professional to help you if you care about your environment. 

                          1 2 Previous Next