Copy the repokeys.ini file from a machine in managed mode to the unmanaged machine: that will allow the agent to accept the content from a managed repository.
Wow, thank you so much Joe, it works beautifully! I would never have figured this out by myself!
I have two sub-questions about this:
- Do I have to worry about the repokeys.ini file changing with new ePO or agent versions? In other words, will I have to someday deploy a new version of that file to my unmanaged machines?
- In addition to copying the repokeys.ini file to the unmanaged machines, what is the best way to put the agent in unmanaged mode and to point to the ePO repository? In my initial post, I wrote about the 3 ways that I tried. What is the best of those ways?
Do I have to worry about the repokeys.ini file changing with new ePO or agent versions? In other words, will I have to someday deploy a new version of that file to my unmanaged machines?
Yes - this file is unique to the ePO server that controls the repositories, so if you change the ePO server (or you change the master repository key in the existing ePO server) you will have a new key file to distribute.
In addition to copying the repokeys.ini file to the unmanaged machines, what is the best way to put the agent in unmanaged mode and to point to the ePO repository? In my initial post, I wrote about the 3 ways that I tried. What is the best of those ways?
I'll have to check this when I'm back at my desk - I would guess that deploying the agent package from the server and then doing frminst /remove=agent would work, but I don't know if it resets the sitelist. I'll let you know.
I tried it, and doing frminst /remove=agent does leave the sitelist alone. The updates continue to pull from the ePO server, which is whai I want!
I also found out that I don't need to copy the repokeys.ini file from a machine in managed mode to my machine in unmanaged mode if I:
- install the agent in managed mode by double-clicking on the framepkg.exe file that comes from the ePO server
- then, let the agent do an initial ASCI with the ePO server
- then do frminst /remove=agent.
Doing this, the result in the end is a machine in unmanaged mode that pulls its updates from the ePO server. Interesting observation, the repokeys.ini file is absent from the machine in this scenario, and it still works!
What the problem was in my initial trials, and this is what prompted me to post the original question, is that I was installing the agent, then was immediately doing frminst /remove=agent without letting the machine do an initial ASCI with the ePO server. That is the scenario where I also needed to copy the repokeys.ini file to the unmanaged machine in order for the updates to be pulled from the ePO server.
One last note: the alternative method, doing Tools --> Import AutoUpdate Repository List, now works in VS 8.8 patch1. The end result is the same, i.e. without even having to first install the agent, this method correctly configures the repository list of an unmanaged machine to pull updates from the ePO server. The first tests I had done was with VS 8.8 no patch, and it didn't work.
One important thing to do here when using this alternative method: : you need to first copy the following three files from the ePO server (c:\Program Files\McAfee\ePO\DB\Software\Current\ePOAgent3000\Install\0409) to a temporary folder on the client:
Then do Tools --> Import AutoUpdate Repository List and point to the SiteList.xml file in the temporary folder. That's it!
Thanks a lot Joe. You're really an invaluable resource on these forums :-)