Moved from Community Help to Business > ePO for better support.
I hate to be the bearer of bad tidings, but I'm afraid this won't work. Without the original DB and keystore, the certificate chain is broken, which means the clients won't get past the first step of talking to ePO via SSL.
Unfortunately probably the quickest and most reliable approach here will be to redeploy the agent from the new server.
Will all the old agents be added as systems under My Organization on the next agent-server communication? - Yes but they will be landed into L&F group.
Will I need to create systems in the tree but not have to deploy agents?
Better Export the system from system tree from old ePO server if available and import into new ePO server. So once system communicates to ePO console they will be report into right group.
Unfortunately won't be able to export any systems from the tree of the old ePO given its state.
Sorry guys, little confused. We do have the old original keystore containing the old original master agent-server communication key. So, if I:
- Take the master key .zip file from the backup of the old server
- Go to Server Settings > Edit Security Keys on the new ePO
- Import the old master key
Then all of the old agents will then be able to communicate with the new server, and will be added to the Lost&Found group in the new system tree? And the old agents will receive the new master key as soon as an update task runs?
I am unable to see any systems in new server although I transferred systems from old ePO.
Not only transferred systems but I am unable to find any system in Lost and Found.
I imported the 2048 keys from old ePO and I exported those keys to new ePO.
I also made them master key.
Now there are three master keys in new ePO. two of new ePO and one of exported from old ePO.
What can be the reason of agents to fail the connection with new server? Is there anyway to solve this problem from client side?
No - as I mentioned earlier, this won't work. There are two layers to deal with here - the certificate used to establish SSL comms with the ePO server service, and the agent/server key pair used to authenticate against a given ePO server. You've only got the key pair - but you don't have the correct certificate, and so agent/server comms will fail at the first hurdle, as it were.
There's a bug in some versions of the agent where this might actually work - but it's definitely not something you should rely on.