7 Replies Latest reply on Sep 12, 2014 8:24 AM by SergeM

    Change to a new domain McAfee ePo 4.6.7

    evav

      Hello, i have to change the domain for the server and all the clients regarding McAfee ePo 4.6.7 whats the best aproach to do this,

       

      Which considerations should i have..

      Thanks

        • 1. Re: Change to a new domain McAfee ePo 4.6.7
          ja2013

          I have experienced a mix bag when deciding to do this. I pay extra attention to name resolution since this is usually assumed to be in fine working order, not! Proactively add fqdn on the epo server in advance for old and new fqdns in the epo server host file. Dns should be fine if your not changing the ip of the epo server.

           

          A good proactive approach would be to stand up a simple test epo server and A couple of test clients. Mock your scenario and measure your results. It would be less stressful to resolve outcome, ultimately, on a few clients then your entire client population.

           

          that help?

          • 2. Re: Change to a new domain McAfee ePo 4.6.7
            Richard Carpenter

            Hi,


            Are you using AD sync for you system tree and are you using any stored credentials that are domain users, such as service accounts to deploy the agent. 


            Is you SQL server remote, ie possibly using Windows authentication to your remote DB or are you running SQL express locally? 


            Sorry more questions than answers. 


            Rich

            McAfee certified product specialist - ePO


            • 3. Re: Change to a new domain McAfee ePo 4.6.7
              evav

              Nope im not using AD sync

              No stored credentials for agent deploying

              And yes its a remote SQLserver with Windows authentication. I will take care of this.

               

              Thanks for the questions thats what i was looking for

              • 4. Re: Change to a new domain McAfee ePo 4.6.7
                evav

                Im not changing the IP so i guess it would be fine. whatsoever i will try with a small amount of clients for testing

                 

                Thanks!

                • 5. Re: Change to a new domain McAfee ePo 4.6.7
                  Richard Carpenter

                  Great stuff, happy to help. 


                  Rich

                  McAfee certified product specialist - ePO

                  • 6. Re: Change to a new domain McAfee ePo 4.6.7
                    Richard Carpenter

                    Another thought has come to mind, if the ePO server is changing domains i guess it is also changing DNS Zones. This mean the FQDN for the ePO server will change and won't match the entry in sites.xml on your manages endpoints. 


                    Although if the IP address isn't changing the endpoints will still 'find' your ePO server it would be prudent to update the sites.xml file to use the new FQDN or just redeploy your agent over the top. 


                    Rich

                    McAfee certified product specialist - ePO


                    • 7. Re: Change to a new domain McAfee ePo 4.6.7
                      SergeM

                      Hi,

                       

                      Are you just moving the server to a new (MSFT Windows or Internet) Domain or are you setting up a new server ?

                       

                      We've had to change servers and domain, domain names... pretty much everything a couple of times, but (almost) each time, we were setting up a new server, so we could use both servers in parallel for a time.  (Or policy is not to upgrade an old server to a new ePO version but always replace the old server with a new one with the new ePO.  We have ~8000 clients in ~100 sites.)

                       

                      What we usually did was

                      - set up a new server with the new address

                      - move groups of clients from old-server to new-server (when that option was available i.e. ePO 4.5 I believe)

                         Prior to ePO 4.5, we hand-tested the new server & config with a few (5 - 20) clients by reinstalling the client (or by hacking the SiteList.xml files manually)

                       

                      Then we set up the DNS route for one site after another so that when they requested old-server, they got to new-server.  We had to copy/include the old-server's key-pair on the new-server to make sure the client-server comm works (though I have a feeling that wasn't absolutely necessary).

                       

                      It usually works fine for 98-99% of the clients.  There's always a few that won't cooperate (e.g. we still have 8 old CMA 3.6 clients "lost somewhere" which I can't locate & fix).

                       

                      Hope this helps you or gives you some ideas.

                       

                      Serge