We've been using ePO for several years now but never had any DRs (AH is new so we never had those either).
We've hadePO 3.x, 3.5, 3.6, 4.0. Presently all our servers are using ePO 4.5. Most (95%) of our clients are using MA 4.5 (not sure I care for the others, if/when users call, we'll fix them).
I have lots of questions about Agent Handlers (with ePO 4.5) and I'm afraid I'm not even sure where to start.
IM(ns)HO, the documentation is severely lacking and has been close to useless (to us) in every aspects of Agent Handlers (AH) and previously Distributed Repositories (DR) for as long as I remember.
1) We're trying to relieve the (main) ePO server by diverting some of the connection load to AHs (and also to DRs). I hope this is the correct thing to do.
We're also hoping this may provide us with some measure of redundancy (as a side-effect) so if we need to stop the main server, clients will be able to conenct to the AH (&DR)
2) We plan on using the AH as DR as well. Is this OK ? Is this a recommended function ?
(AH need to be installed on server OS, so we might just as well use the power and network connectivity... or not ?)
I follow the install guide (epo_450_installguide_en-us.pdf) on "Installing an Agent Handler" (p. 15) and got stuck.
3) nowhere does the documentation give any information on which ports should be opened in a firewall. Guys, we live in a firewalled world (*) it would help if we didn't have to guess and spend time searching (finding out).
4) I'm presently stuck with an error message which I suppose is linked with some communication problem due to our firewalls...
When trying to install the AH, I run the SETUP.EXE and it asks for some information... (doc. tech. writers... a screenshot would've helped).
Some of the information (ePO Server, ePO Admin User & Password) is logical but the ePO Server Port
The doc quotes :
"6 Type the port to be used for server-handler communication. Port 8433 is the default. McAfee
recommends that you change the port designation. See the discussion of Ports in the Server
and Agent Handler requirements section."
4a) Is ePO Server Port the same as what the ePO Server Settings (Ports) call the "Console-to-application server communication port" ? Then heavens, why doesn't the doc say so !
4b) What happens if I decide to change this Port to 12345 in the AH Install sequence ?
Should I also change the "Console-to-application server communication port" in the ePO server settings ?
(Should I really have to try and find things out ?)
5) I presently get the error message
"Setup did not detect a compatible ePO server with the specified parameters. "
How do I find out if this is because
- the communication is blocked by our network firewalls (I know that, I checked our firewall logs and fixed it)
- the communication is rejected by the ePO Server's Win2008 firewall (I checked the firewall logs)
- the ePO Server Port is/is not/should be the same as the Console-to-application server communication port
- something else happened (BOFH excuse #2: solar flares)
6) The doc quotes:
"7 Type the ePO Admin User name and password of a user with global administrator
privileges. If these credentials are to be used for the database as well, click Next to start
NOTE: These credentials must be identical with those used during installation of ePolicy
a) "a user with global administrator privileges", common sens would suggest we create a new user for agent handlers !?
Is this recommended ? not recommended ?
b) "If these credentials are to be used for the database as well" so the AH needs to connect to the DB (& DB Server) as well ?
Should we then create a user for this as well ? How do I know if these are the same credentials or if I should create specific credentials ?
c) AHA !
"These credentials must be identical with those used during installation of ePolicy Orchestrator"
So, should these be the same as the original ePO administrator ? or the DB admin ?
7) Finally the doc says:
"9 Click Next. The installation process begins."
Fantastic... and then ?
How do I see if the installation worked ? What should we do now ?
Is there something we should see or do on the server ?
I suppose I should be able to see this somewhere so I can configure the MA policies !??
And once I'll be done with that, I dread having to configure the DR as well...
Is there somewhere some useable documentation on this ?
thanks for any help
(*) at least we should (and we do), I can't imagine someone using ePO and not having at least one or two firewalls...
on 26/10/10 13:02:15 CEST