8 Replies Latest reply on Mar 12, 2015 1:12 PM by Richard Carpenter

    EPO Downstream Server

    bigmac5454


      I have built a seperate Windows Domain (A) on it's  own vlan  connected  to our forest domain (B) the 2 domains do not replicate, but setup to ping each other. My boss wants me  to manage the clients on Domain  A  with domain B EPO server. Domain B EPO can only manage the  A Domain controller. I have 2 Nic's one is  connected to domain B the other nic connected to a wireless router that have the clients on domain A. I can't ping the A clients From B domian.  Thanks

        • 1. Re: EPO Downstream Server
          Richard Carpenter

          Hi bigmac5454

           

          EPO is domain agnostic, in this I mean providing network connectivity exists between the the EPO server and all your endpoints in all your domains, this one server can manage the entire enterprise. This is the exact setup we have where we manage eight domains from the one ePO server.

           

          You will need to do a few things to get this to work.

           

          1. If you populate the system tree using AD sync you will need to register an LDAP server for each domain with the server and check that the FireWall ports between the domain allow LDAP access through them.
          2. You can save credentials for each domain in the ADSync configuration so the User Resource Pool for each domain do not need to have a transitive trust if this is not required for your business.
          3. You will need credentials in each domain to be able to Deploy the Agent from the ePO server
          4. If your DNS setup does not have forwards for all your zones between then you will need to add the DNS server details to the DNS configuration of your ePO server Windows Setup.

           

          If you have specific question feel free to ask.

           

          Regards

          Rich

          Volunteer Moderator

          Certified McAfee Product Specialist - ePO

          • 2. Re: EPO Downstream Server
            bigmac5454

            Thanks Rich,

             

            I have ADsync working and able to bring in the client from the other domain but unable to install the Mcafee agent unable to ping the new clients from EPO server.

            • 3. Re: EPO Downstream Server
              Richard Carpenter

              Can you run an NSLOOKUP command from the epo server windows session to see if you are getting a DNS response for the endpoint in the other domain, ie :

               

              NSLOOKUP <systemname>.<otherdomainFQDN>

               

              If this does response with the correct IP address, the Agent Deployment task will need to use credentials for the other domain which will allow it to install the Agent.

               

              The EPO server will also needs to be able to SMB file copy the Agent install set to the other domain, so its worth checking that SMB TCP 445 is open on the firewall from the EPO server to all the other parts of the network.

               

              Regards

              Rich

              Volunteer Moderator

              Certified McAfee Product Specialist - ePO

              • 4. Re: EPO Downstream Server
                bigmac5454

                Thanks for your quick reply; nslookup does not come up with the correct IP

                The  new  DC (new Domain) has 2 nics configured. NIC 1 is connected to domainA which has the EPO server. NIC 2 connects to a wireless router that has the new clients in the new domain. I configured the AD scync with the new DC    client shows up in the EPO server as unmanaged can't ping it. I am weak when it comes to ip addressing. NIC 1 is 10.6.0.175 255.255.00 10.6.0.254. NIC 2 is 192.168.6.110 255.255.255.0 no gateway DNS is 10.6.0.175 the new DC

                • 5. Re: EPO Downstream Server
                  bigmac5454

                  Boss wants EPO in the new domain to function like a WSUS
                  downstream server and we will not manage it someone else will just make sure it
                  gets updates I don’t think you can do that. I believe you have to just build a
                  new EPO server in its own domain and give it a internet connection. 

                  • 6. Re: EPO Downstream Server
                    Richard Carpenter

                    ePO does not implement a Downstream management server model. - One server to manage multiple domains.

                     

                    If you want to isolate your domain endpoint management you need to run multiple ePO servers in each domain, or set up permission sets to limit administration to different groups of admin users.

                     

                    If you only want to downstream the Update files and agent communication you can use the Super Agent and Relay server functionality.

                     

                    It might help if you could get come confirmation from your Manager if you want to use different management environments for each domain or different update and communication aggregation points for each domain.

                     

                    Regards

                    Rich

                    Volunteer Moderator

                    Certified McAfee Product Specialist - ePO

                    • 7. Re: EPO Downstream Server
                      bigmac5454

                      My manager wants the standalone domain with a EPO server just to get updates and products from our EPO server and be managed by someone we would only be responible for the connect to the EPO server in the standalone domain. I want to have a EPO server in the domain which has internet connection and get updates from Mcafee. Thank you again for your help. I believe the solution is a seperate EPO server.

                      • 8. Re: EPO Downstream Server
                        Richard Carpenter

                        Yes, from what you have described a seperate ePO server would be easier to implement. 


                        Regards

                        Rich

                        Volunteer Moderator

                        Certified McAFee Product Specialist - EPO