5 Replies Latest reply on Mar 4, 2016 8:50 AM by j.kennedy

    Migrating ePO 5.1.1 to new ePO 5.3 server

    woodkm

      We are upgrading from our old server 5.1.1, to a new server 5.3. They are both physical boxes. Also new SQL server for the new 5.3 box.

       

      My question is about the process. From what I understand, you need to export keys from old server, and import them into the new server. We have not yet registered the new 5.3 server with the 5.1.1 server, so therefore we have also not done any transfers nor created a new sitelist (which machines would get from the new server once we transfer systems to the new server, right?). Yet, we noticed machines that were communicating to the old server, starting to communicate to the new server. From my analysis (unless there is some sort of DNS redirect or somehow the systems checking into the new server have a different sitelist, then NO machines should even be aware of the new server when ONLY importing the keys from the old server to the new server. That is literally all that was done.

       

      We checked the sitelist on some of the problem machines (checking into the new ePO server), and they no longer have the old server, but do have the new server in the sitelist. Not all machines are doing this. The new server being used was an AH at some point, but was removed a few weeks ago. Also, this server was rebuilt (new hostname, but same IP).

       

      Other than that, I am just not seeing any way at all for systems to even be aware of the new server, when ONLY exporting old server keys and importing to new server.

       

      We did try upgrading the current server from 5.1.1 to 5.3 (which failed), but the desire is to have a brand new server. So the goal is to migrate to a new server and new database. And no, nothing has been done with the new database. We were only going to import keys and start importing policies and tasks, then go from there.

        • 1. Re: Migrating ePO 5.1.1 to new ePO 5.3 server
          woodkm

          Anyone have an idea? The process should be: import keys to new server. register new server with old server, ensure the sitelist updates, then begin migrating systems through the transfer option when you are ready to migrate.

          • 2. Re: Migrating ePO 5.1.1 to new ePO 5.3 server
            j.kennedy

             

            Here is a very broad overview of the steps to transfer/move computers from one ePolicy Orchestrator server to another

            1. Export the security keys from Server A
            2. Import the security keys from Server A to Server B
            3. Register Server B (ePO 5. x) to Server A (ePO 4. x)
            4. After you have imported the keys and ePO Server B is registered, Server A allows the option for transfer to be selected

             

            I can go into more detail if you like.

             

             

            • 3. Re: Migrating ePO 5.1.1 to new ePO 5.3 server
              j.kennedy

              FYI: Both keys (1024 and 2048) should be imported from the ePO server for successful registration so the Automatic Sitelist Import can save without issue.

               

              • Server A = Old ePO
              • Server B = New ePO

               

              • 4. Re: Migrating ePO 5.1.1 to new ePO 5.3 server
                woodkm

                Thanks j.kennedy! So by only performing the export of keys for server A and import of keys to server B, that should not cause machines to start communicating to server B, right? Unless there is some other issue like machines having an old sitelist showing Server B as an AH still, or some kind of DNS redirect? Curious if you have any other ideas as to why that would happen.

                 

                And I imagine the same process of moving keys/etc, and the other steps for 4.x to 5.x, would work the same for 5.1.1 to 5.3. In my head, it seems the process should work as it is just a basic way to migrate machines.

                 

                Thanks again!

                • 5. Re: Migrating ePO 5.1.1 to new ePO 5.3 server
                  j.kennedy

                  The following procedure describes how to transfer managed computers from Server A to Server B, where:

                  • Server A = Old ePO 4.x
                  • Server B = New ePO 5.x
                  1. Export the security keys from Server A:      NOTE: Only ASCI keys are required. You must export only the 2048-bit and 1024-bit keys.

                    1. Log on to the ePO 4.x console.
                    2. Click Menu, Configuration, Server Settings.
                    3. Click Security Keys under the Setting Categories column, and click Edit on the right pane at the bottom of the page.
                    4. For the 2048-bit keys listed under the Agent-server secure communication keys, do the following:        
                      1. Click the key identified as 2048-bit and click Export.
                      2. Click OK to confirm the export key confirmation message.
                      3. Click Save, type or browse to a path where you want to save the security key .zip file, and then click Save again.
                    5. Repeat step 1d for the 1024-bit keys.
                              
                  2. Import the security keys from Server A to Server B:      NOTE: Only ASCI keys are required. You must import only the 2048-bit and 1024-bit keys.

                    1. Log on to the ePO 5.x console.
                    2. Click Menu, Configuration, Server Settings.
                    3. Click Security Keys under the Setting Categories column, and click Edit on the right pane at the bottom of the page.
                    4. Click Import.
                    5. For the 2048-bit key, do the following:        
                      1. Click Browse, locate the exported 2048-bit security key .zip file, and click Open.
                      2. Click Next.
                      3. Click Save on the Summary tab.
                    6. Repeat step 2e for the 1024-bit keys.
                              
                  3. Register Server B (ePO 5. x) to Server A (ePO 4. x):    
                    1. From Server A, log on to the ePO 4.x console.
                    2. Click Menu, Configuration, Registered Servers.
                    3. Click New Server.
                    4. Select ePO for the Server type drop-down list, type a name for this server in the Name section, and click Next.
                    5. Type the credentials to reach Server B (ePO database) and click Test Connection.
                    6. If the test is successful, select Enable for the Transfer systems entry, ensure Automatic sitelist import is selected, and click Save.

                              NOTES:
                              
                      • The Manual sitelist import option is also available and can be used if you want to do a manual import by selecting an existing SiteList.xml file. Refer to the ePolicy Orchestrator Product Guide for details on how to use this option.
                      • You can obtain the SiteList.xml file to use for this process in the following folder on the ePO server where the agents are being transferred to:

                                    <ePO_Installation_Directory>\DB\SiteList.xml                         
                      • On an ePO 4.6 server you can select only version 4.6 or previous versions as the ePO version. When you test the connection to the database of the registered server, you see the following warning:
                        Database connection successful!  Warning Versions mismatch!
                        You can safely ignore the warning; the ePO version selected (4.6) does not match the database (5.x) you have just tested.
                                    
                  4. After you have imported the keys and ePO Server B is registered, Server A allows the option for transfer to be selected:    
                    1. Log on to the ePO console.
                    2. Click System Tree.
                    3. Click the Systems tab on the right pane and select the computer to transfer.
                    4. Click Actions, Agent, Transfer Systems.
                    5. Select the entry for Server B (ePO 5. x) and click OK to transfer.
                      NOTE: Ensure the selected computer is communicating to Server A ePO before the transfer.
                              
                  5. Check the status of transferred computers after two ASCI triggers.
                        After the process has finished, you see the computer listed in the Server B (ePO 5. x) System Tree.