3 Replies Latest reply on Jun 27, 2013 5:54 AM by witte200

    Can't create new certificate during restore ePo 4.6.6

    witte200

      All,

       

      because of a failed upgrade to ePo 5.0 I've desided to restore my wokring ePo 4.6.6 version.

       

      I have a backup of the DB and some installation files, and want to restore according to this KB article:

      https://kc.mcafee.com/corporate/index?page=content&id=KB66616

       

      I followed the article until step 12, where I have to renew the certificate. But I get the following error(s) in the ahsetup.log file:

       

      20130626153913          I          #06360          AHSETUP           Creating Agent Handler Certs.

      20130626153913          I          #06360          AHSETUP           Checking to see if the ePO server is available.  We will try 5 times.

      20130626153914          E          #06360          MCUPLOAD          Failed to process the secure communication request (error=401)

      20130626153924          E          #06360          MCUPLOAD          Failed to process the secure communication request (error=401)

      20130626153934          E          #06360          MCUPLOAD          Failed to process the secure communication request (error=401)

      20130626153944          E          #06360          MCUPLOAD          Failed to process the secure communication request (error=401)

      20130626153954          E          #06360          MCUPLOAD          Failed to process the secure communication request (error=401)

      20130626154004          W          #06360          AHSETUP           The Agent Handler failed to connect to the ePO server.

      20130626154004          E          #06360          AHSETUP           Failed to connect to the ePO server <servername>:8443'

       

      Can sombody tell me where to look to solve this issue? beceause I'm out of ideas ...

       

      Thanks in andvance guys!!

       

      Regards


        • 1. Re: Can't create new certificate during restore ePo 4.6.6
          rackroyd

          You really do have to follow those steps to the very letter, substituting the right values where it says - and remember the command is case-sensitive.

          Please note that you need all the files stated in KB66616 restore, if you only have some then the restore will also likely be unsuccessful.

           

           

           

          • Start the McAfee ePolicy Orchestrator 4.x.0 Application Server service.

            NOTE:
            You have to start this service for RunDllGenCerts to work.
             
          • Rename SSL.CRT folder (see path below) to SSL.CRT.OLD and manually create an empty folder named SSL.CRT on the same path, otherwise the setup will fail to create a new Cert:

            32-bit: "C:\Program Files\McAfee\ePolicy Orchestrator\APACHE2\CONF\SSL.CRT"
            64-bit: "C:\Program Files (x86)\McAfee\ePolicy Orchestrator\APACHE2\CONF\SSL.CRT"

             
          • Click Start, Run, type cmd, and click OK.
          • Change directories to your ePO installation directory.

            Default path:

            32-bit: Program Files\McAfee\ePolicy Orchestrator\
            64-bit: Program Files (x86)\McAfee\ePolicy Orchestrator\
             
          • Run the following command:

            IMPORTANT:
            - This command will fail if you have enabled User Account Control (UAC) on this server. If this is a Windows Server 2008 or later, disable this feature. You can find more information about UAC at: http://technet.microsoft.com/en-us/library/cc709691(WS.10).aspx.
            - This command is case-sensitive. The ahsetup.log (found in <installdir\Apache2\conf\ssl.crt>) provides information about whether the command succeeded or failed and will state if it used the files located in the ssl.crt folder

            Rundll32.exe ahsetup.dll RunDllGenCerts <eposervername> <console HTTPS port> <admin username> <password> <"installdir\Apache2\conf\ssl.crt">

            where:

            <eposervername> is your ePO server's NetBIOS Name
            <console HTTPS port> is your ePO Console Port (default is 8443)
            <admin username> is admin (use the default ePO admin account)
            <password> is the password to the ePO Admin console account
            <installdir\Apache2\conf\ssl.crt> is your installation path to the Apache folder; Default installation path:

                32-bit: "C:\Program Files\McAfee\ePolicy Orchestrator\APACHE2\CONF\SSL.CRT"
                64-bit: "C:\Program Files (x86)\McAfee\ePolicy Orchestrator\APACHE2\CONF\SSL.CRT"

            Example:
            Rundll32.exe ahsetup.dll RunDllGenCerts eposervername 8443 administrator password "C:\Program Files\McAfee\ePolicy Orchestrator\APACHE2\CONF\SSL.CRT"
          • 2. Re: Can't create new certificate during restore ePo 4.6.6
            witte200

            Hi Rackroyd,

             

            Thanks for your reply.

             

            Yes, have followed this article to the lettre and the command should be correct.

            The files I backuped are all the files this article

            Says I should backup (except the files I could exclude from

            The server folder)

             

            Regards

             

            (Posted from mobile so sorry for Any typo's)

            • 3. Re: Can't create new certificate during restore ePo 4.6.6
              witte200

              Hi,

               

              I have found out what I was doing wrong.

               

              When I reïnstalled the ePo 4.6.6 version I couldend just restore the DB, it gave an error like:

              "The Backup set holds a backup of a database other than the existing database"

               

              So I deleted the database and restored my backup. Apperantly this doesn't work.

               

              So I followed the sollution to restore the backup according to this link:

               

              http://blog.sqlauthority.com/2007/09/27/sql-server-fix-error-3154-the-backup-set -holds-a-backup-of-a-database-other-than-the-existing-database/

               

              And then followed the recovery prosedure in the KB article. Everything is working fine now!

               

              Thanks anyway.