6 Replies Latest reply on Mar 7, 2012 7:11 AM by jmcleish

    How to create a Test ePO 4.5 Server

    blewis

      I want to copy my Production ePO 4.5 and SQL database (on a separate SQL 2008 Server) to two other servers (one for ePO and one for SQL) to use as a Test System.

       

      All the documentation that I have found only shows how to migrate ePO or the SQL DB, but not how to create a copy that can be used in parallel.

       

      I did this once, a year ago, for our Disaster Recovery server, but systems started checking into the DR server even though it had a different Name and IP address.

      At the time, McAfee support helped me stop the systems from checking in, but in a recent call McAfee support said this can't be done.

      I think we created a new agent-server secure communication key (ASSC Key) on the DR Server.

       

      I think I could duplicate that I did before, but I would like to try to prevent systems from even starting to check into the duplicate ePO.

       

      Any suggestions on how to proceed?

       

      Thanks!

        • 1. Re: How to create a Test ePO 4.5 Server
          JoeBidgood

          This is actually going to be quite difficult - the problem is that you can't connect the DB from one ePO server to another. The DB contains a lot of server-specific information, but critically it contains the keys and certificates that the server uses. If you attach the db from one server to another, the entries in the DB won;t match the keys in the filesystem, and ePO won't be able to function.

           

          If it's just for a test environment, then it would be easier to install  a separate test server, and then share policies from the production server to it (assuming the purpose it to match the policies between the two servers.)

           

          HTH -

           

          Joe

          • 2. Re: How to create a Test ePO 4.5 Server

            Hi all,

             

            From my point of view, you can just use the recovery procedure (https://kc.mcafee.com/corporate/index?page=content&id=KB66616) and then regenerate the certificate (https://kc.mcafee.com/corporate/index?page=content&id=KB66620).

             

            Am I missing something JoeBidgood ? Can there be a problem with the ePO agent present on the test environment still pointing to the production ePO server ?

             

            Thanks,

             

            PelPL

            • 3. Re: How to create a Test ePO 4.5 Server
              blewis

              The PelPL Plan is what I was thinking of doing, but I wanted to see if there was anything I need to be careful about.

               

              I believe systems might start checking into the new server until I generate a new key.  Then they should go back to the Production server.

               

              Does this sound correct?

               

              Are there any other issues I should be aware of?

               

              Thank you for your response!

              • 4. Re: How to create a Test ePO 4.5 Server
                JoeBidgood

                blewis wrote:

                 

                The PelPL Plan is what I was thinking of doing, but I wanted to see if there was anything I need to be careful about.

                 

                This should work, but I don't regard it as a particularly simple operation

                 

                 

                I believe systems might start checking into the new server until I generate a new key.  Then they should go back to the Production server.

                 

                Does this sound correct?

                 

                It doesn't soun correct to me, no    The systems shouldn't communicate with the new server - I'm a bit confused as to why that would have happened first time round. The agents are told which server owns them by the sitelist.xml file, and the only way to change their owner is to change this file  - either by overinstalling the agent package from the new server, or using ePOs "transfer agent" function. You can play tricks with DNS to redirect agents to a new server, but I don't think that's what you did, is it?

                It's possible that the new server sent out its own agent to the production estate - depending on how you have it configured, RSD or an AD Sync task can do this. That might be what happened...

                 

                HTH -

                 

                Joe

                • 5. Re: How to create a Test ePO 4.5 Server

                  Hi

                   

                  Easiest way round this would be:

                   

                  Install new ePO server, with new SQL Server "EPOTEST"

                   

                  Once up and running, export policies from LIVE ePO server and import into the TEST ePO server.

                   

                  Now, you will have a "mirror" setup and can deploy a McAfee agent from the TEST ePO server to some test PC's

                   

                  We use it this way to test patches, new versions etc.

                   

                  Works a treat. just remember that you need to periodically re-export and import your policies (and tasks) as any changes made to LIVE wont be refelected in TEST.

                   

                  A

                  • 6. Re: How to create a Test ePO 4.5 Server
                    jmcleish

                    Do you have any virtualisation technologies available i.e. Hyper-V/ VMWare? If so then you could clone your current ePO server onto a non-connected private network with some clients. Or if you have a test lab and VMWare workstation licence you can use the free vmware converter to clone it so you can use it in VMWare workstation.

                     

                    I do this when i need to upgrade the server to make sure everything works OK before proceeding in prodcution.