1 Reply Latest reply on Oct 22, 2013 12:36 PM by andrep1

    How many agent-server secure encryption keys can be imported into ePO 4.6?

    aus_mick

      We have recently stood up a new ePO 4.6 environment and have been progressively migrating managed agents from the existing ePO 4.5 into the new ePO 4.6 via the agent deployment action from the new ePO. We eletected to not perform the ePO upgrade in-place as the existing environment was poorly achitected poorly (policies/tasks etc.) and complex to maintain so we didn't want to perpetuate the previous bad management practices that were inherited. On the whole the client migration has worked seemlessly and has been beneficial as has allowed us to uncover an systemic duplicate Agent GUID issue. The problem is that now we have a number of managed end-points in the ePO 4.5 environment that are not part of the AD domain and to which we don't have any logon credentials with local administrator access so are unable to push the agent from the new ePO 4.6.

       

      I was reviewing the KB article KB75841 and wonder if this could be leveraged as a potential solution. As I understand for this solution to work the agent-server secure communication encryption keys from the existing ePO 4.5 would need to be imported into the new ePO 4.6 in order for the clients to communicate with the new ePO 4.6. My query is related to the number of agent-server secure communication encryption keys that can exist concurrently. We have a number of legacy MA4.0 systems in the new ePO 4.6 as such we already have an existing 1,024bit strength key defined to allow these systems to communicate. Given ePO 4.5 was only able to support a 1,024bit strength cypher is it possible to import this into the new ePO 4.6 without affecting or overwritting the existing 1,024bit key? Or can we safely import the 1,024bit key from the old ePO4.5 to the new ePO 4.6?

       

      Appreciate any feedback from those of you that have been in a similar situation. Unfortunately we don't have a test environment that I can attempt an investigation on.

       

      Message was edited by: aus_mick on 10/14/13 7:12:50 PM CDT