2 Replies Latest reply on Apr 16, 2012 5:15 PM by HupSkiDup

    epo 4.5 - server connection confusion

    HupSkiDup

      Just when you think you have heard it all...

       

      epo 4.5 running great.

      Migration planned to move server to new datacenter, image taken of server.

      Joe Migrator starts server up in new datacenter while Prod epo server is still running. Yikes.

      Last night I'm doing maint on prod epo server (shrink db, windows updates, etc..)...

      Undetermined # of clients tried to connect to Prod epo, couldnt connect since it was down, somehow found the imaged server (new server name, new ip addr).  I am working on damage control. 

       

      I dont see a log file specifying connection attempts to new server, is there one if log level was default?

      When i try to do agent wake up call on "corrupted" client, they aren't talking since the client is looking for other server.

      I'm guessing i need to do full agent reinstall or that one low bandwidth method of getting just the xml files updated.

       

      I'm hoping to get a firewall log of connections to new server during maint on Prod server.

      On imaged server, I saw a log file saying it couldn't connect to sql server, so that probably means its safe.

       

      Anything else I'm missing or I should be aware of?

       

      Thanks, Jon

        • 1. Re: epo 4.5 - server connection confusion
          malware-alerts

          The connection attempts (to new ePO server) would be logged locally on each agent's logs. (\users\All Users\McAfee\Common Framework\DB\Agent_hostname.log)

           

          Look for lines like this: Connecting to site: EPO_SERVER_IP_ADDRESS

           

          You'll probably see errors connecting to the old server, then the agents will have tried connecting using the DNS name and NETBIOS name.

           

          You would also see the agents communicating with the NEW ePO server in the NEW ePO server's logs: \Program Files (x86)\McAfee\ePolicy Orchestrator\DB\Logs\Server.log

           

          Look for lines that look like this: "Received [PropsVersion] from HOSTNAME"

           

          As far as pointing all your agents to the new ePO server (with new name and IP), the easiest was is to create a CNAME entry for the OLD server pointing to the NEW ePO server's DNS name and to make sure the IP of the old server does not respond on the network anymore.

           

          Agents try to connect to the ePO server using the last known IP, then DNS name or NETBIOS name. If the old IP does not respond, they will do a DNS query for the ePO server name. By having a CNAME with the OLD server name, pointing to the NEW ePO server name, they will find their way to the new sevrer and establish a connection (assuming the ePO keys are the same, which they should if you used an imaging software).

           

          Hope this helps.

           

          Message was edited by: malware-alerts on 16/04/12 13:28:22 CDT
          1 of 1 people found this helpful
          • 2. Re: epo 4.5 - server connection confusion
            HupSkiDup

            Awesome idea on the dns entry... Thanks !!! We are doing that and a restart of the frame service might make it go!

             

            Thanks again!