4 Replies Latest reply on Apr 5, 2012 8:08 AM by pg13

    Agent in unmanaged mode, but updates from ePO server

    pg13

      Hi,

       

      I thought that I would have no problem achieving what I'm trying to achieve, but nothing works.

       

      For some reason, I want to install VS 8.8 and:

      1. have the agent in unmanaged mode (I don't want policies to be downloaded nor enforced on the clients),
      2. but I want DAT updates to be pulled from my ePO server, not from the McAfee repositories.

       

      I tried:

        • to install the agent, then do /remove=agent. It does not work.
        • to install the agent with /install=Updater /SiteInfo, providing the sitelist.xml and keys from my ePo server. It does not work.
        • to use the VS 8.8 menu "Tools --> Import AutoUpdate Repository List". It does not work.

       

      Whichever method I use, I get errors when running an Autoupdate about catalog.z being corrupted.

       

      Any hint?

       

      Thank you.

        • 1. Re: Agent in unmanaged mode, but updates from ePO server
          JoeBidgood

          Copy the repokeys.ini file from a machine in managed mode to the unmanaged machine: that will allow the agent to accept the content from a managed repository.

           

          HTH -

           

          Joe

          • 2. Re: Agent in unmanaged mode, but updates from ePO server
            pg13

            Wow, thank you so much Joe, it works beautifully! I would never have figured this out by myself!

             

            I have two sub-questions about this:

            1. Do I have to worry about the repokeys.ini file changing with new ePO or agent versions? In other words, will I have to someday deploy a new version of that file to my unmanaged machines?
            2. In addition to copying the repokeys.ini file to the unmanaged machines, what is the best way to put the agent in unmanaged mode and to point to the ePO repository? In my initial post, I wrote about the 3 ways that I tried. What is the best of those ways?

             

            Thanks!

             

            Message was edited by: pg13 on 4/4/12 10:58:37 AM GMT-05:00
            • 3. Re: Agent in unmanaged mode, but updates from ePO server
              JoeBidgood

              No problem

               

               

              Do I have to worry about the repokeys.ini file changing with new ePO or agent versions? In other words, will I have to someday deploy a new version of that file to my unmanaged machines?

               

              Yes  - this file is unique to the ePO server that controls the repositories, so if you change the ePO server (or you change the master repository key in the existing ePO server) you will have a new key file to distribute.

               

              In addition to copying the repokeys.ini file to the unmanaged machines, what is the best way to put the agent in unmanaged mode and to point to the ePO repository? In my initial post, I wrote about the 3 ways that I tried. What is the best of those ways?

               

              I'll have to check this when I'm back at my desk - I would guess that deploying the agent package from the server and then doing frminst /remove=agent would work, but I don't know if it resets the sitelist. I'll let you know.

               

              HTH -

               

              Joe

              • 4. Re: Agent in unmanaged mode, but updates from ePO server
                pg13

                Thanks Joe.

                 

                I tried it, and doing frminst /remove=agent does leave the sitelist alone. The updates continue to pull from the ePO server, which is whai I want!

                 

                I also found out that I don't need to copy the repokeys.ini file from a machine in managed mode to my machine in unmanaged mode if I:

                1. install the agent in managed mode by double-clicking on the framepkg.exe file that comes from the ePO server
                2. then, let the agent do an initial ASCI with the ePO server
                3. then do frminst /remove=agent.

                Doing this, the result in the end is a machine in unmanaged mode that pulls its updates from the ePO server. Interesting observation, the repokeys.ini file is absent from the machine in this scenario, and it still works!

                 

                What the problem was in my initial trials, and this is what prompted me to post the original question, is that I was installing the agent, then was immediately doing frminst /remove=agent without letting the machine do an initial ASCI with the ePO server. That is the scenario where I also needed to copy the repokeys.ini file to the unmanaged machine in order for the updates to be pulled from the ePO server.

                 

                One last note: the alternative method, doing Tools --> Import AutoUpdate Repository List, now works in VS 8.8 patch1. The end result is the same, i.e. without even having to first install the agent, this method correctly configures the repository list of an unmanaged machine to pull updates from the ePO server. The first tests I had done was with VS 8.8 no patch, and it didn't work.

                 

                One important thing to do here when using this alternative method: : you need to first copy the following three files from the ePO server (c:\Program Files\McAfee\ePO\DB\Software\Current\ePOAgent3000\Install\0409)  to a temporary folder on the client:

                • srpubkey.bin
                • reqseckey.bin
                • SiteList.xml

                 

                Then do Tools --> Import AutoUpdate Repository List and point to the SiteList.xml file in the temporary folder. That's it!

                 

                Thanks a lot Joe. You're really an invaluable resource on these forums :-)