3 Replies Latest reply on Nov 26, 2008 12:38 PM by rrathbun

    Transfering EPO 4.0.0 to new server

      Hi all,

      I'm new to McAfee so please bare with me!!

      I had a quick look on the McAfee website but couldn't find anything (plus my pc is running out of steam and I don't have any more coal for it, so wasn't very thorough)

      Where I work to, I set up the McAfee EPO on a server which has becoming terminally ill and is slowly dying before my very eyes (its very sad)

      Unfortunatly if it dies, it also takes the EPO with it and all my precious settings. The database isn't being backed up as far as im aware, so I will be screwed in my e-arse if this happens.

      I need to move it to a new server. Im guessing that I will need to install the EPO from scratch onto this new server. Once this is done how do i:

      - Move the database onto this new server
      - Export the polices and workstations/servers
      - Get the workstations / servers to look at this new server without having to redeploy the Mcafee agent

      As for my distributed repositories - Will they have to recreated?

      Sorry for the long post and many questions! However due to the nature of it, I want to make sure I get this right!

      Thanks in advance

      Dave happy
        • 1. RE: Transfering EPO 4.0.0 to new server
          How many hosts does the server support? It may be easier to backup your scan policies / agent keys and rebuild from scratch.

          Documenting your settings is probably the toughest part about setting up EPO IMHO. As for the agents, you could forcefully take them over or export your keys before you decommission the server.

          I have some templates created for documenting the server settings and scan policies if you want them let me know. I put hours of work into them and will happily share with those interested.

          robert_rathbun@hotmail.com
          • 2. RE: Transfering EPO 4.0.0 to new server
            Hi Robert,

            Thanks for your reply.

            The server supports about 250 hosts. The main reason I didn't want to deploy them all again is because I am based in the main office in bristol, however I support the virus scanner for our australian office also - so its a nightmare to deploy them as they are in bed when im in work!

            Excuse my lack of knowledge, but how do you export the agent keys?

            If you wouldnt mind sharing the documentation I would be very grateful.

            Cheers! :)

            Dave
            • 3. RE: Transfering EPO 4.0.0 to new server
              Dave,

              I did a bit of poking around today on McAfee's new KB and found this article for you. This should provide the information that you require.

              As for the policy/settings documentation I need find a site so I can share it with multiple people. For now just send me an email and I should respond back within a few days. Email address is robert_rathbun@hotmail.com

              ePO 4.0 recommended recovery and migration procedure

              Corporate KnowledgeBase ID: KB51438
              Published: September 25, 2008

              Environment
              McAfee ePolicy Orchestrator 4.0
              Microsoft Windows (all supported versions, see KB51109 )
              Summary
              IMPORTANT: This information is intended for use by network and ePO administrators only. McAfee does not assume responsibility for any damages incurred by these instructions as they are intended as guidelines for disaster recovery. All liability for use of the following information remains with the user.

              The instructions in this article can also be used by customers who want to migrate the ePolicy Orchestrator (ePO) server to another system. This is currently only possible if the new system has the same computer name and IP address, and if the original server is decommissioned after the transfer of all the relevant files to the new system.


              SQL Server Hardware Failure:
              Contact OEM for replacement of affected hardware.


              SQL Server Database Failure:
              Contact Microsoft for procedures on restoring SQL databases.
              For the ePO database specifically, refer to procedures for backing up and restoring an ePO database in:

              KB59562 - Backing up the ePO 4.x.x / ePO 3.x.x / ProtectionPilot 1.x.x MSDE database using an OSQL command, the DBBAK utility or SQL Enterprise Manager

              KB59089 - Restoring an ePolicy Orchestrator ePO 4.x.x / 3.x.x / ProtectionPilot 1.x.x database via SQL Enterprise Manager or using DBBak.Exe


              --------------------------------------------------------------------------------

              ePO Server Hardware Failure.
              Contact OEM for replacement of affected hardware.


              --------------------------------------------------------------------------------

              ePO Server Software Failure.

              The following data must be backed up to restore ePO to its original state in case of a failure:

              Step 1 - Backups.

              Backup the ePO database:
              Folder locations:
              ...\Program Files\McAfee\ePolicy Orchestrator\DB\
              ...\Program Files\McAfee\ePolicy Orchestrator\Server\Extensions\
              ...\Program Files\McAfee\ePolicy Orchestrator\Server\Conf\Catalina\

              Back up the ePO database using the procedures outlined in:

              KB59562 - Backing up the ePO 4.x.x / 3.x.x / ProtectionPilot 1.x.x MSDE database using an OSQL command, the DBBAK utility or SQL Enterprise Manager.

              NOTE: See KB59204 for information on shrinking the SQL Transaction log prior to backing up the database.



              Backup the following folders:
              ...\Program Files\McAfee\ePolicy Orchestrator\DB\ (default installation path for ePO 4.0)
              ...\Program Files\McAfee\ePolicy Orchestrator\Server\Extensions\ (default installation path for software extensions)
              ...\Program Files\McAfee\ePolicy Orchestrator\Server\Conf\Catalina\ (default path for required files used by software extensions)

              Backup the Key-Store Pairs:

              See Page 70 of the ePolicy Orchestrator Product Guide for more information.
              Log on to the ePO console with an Admin account.
              Click the Configuration, Server Settings tabs.
              In the left pane select the Security Keys.
              In the right pane click Edit.
              In the Import and back up keys section, click Back UP All, then click Save.(Specified file = keystore.zip)
              Click Save to close the Edit Security Keys window.

              Step 2 - To restore the ePO server to a new system after a server crash:
              Set up a new ePO 4.0 server on another system with the same IP address and Hostname, using the previously specified default Admin password.

              NOTE: If the same IP address and Hostname are NOT used on the new server, all agents which report to the server must be re-pushed to replace the local copies of SiteList.xml.


              Use the same port numbers that were used during the original installation.

              NOTE: The server.ini file located in the previous installation (c:\Program Files\McAfee\ePolicy Orchestrator\DB) stores this information as follows by default:

              HTTPPort= 80 (Agent-to-Server communication port)
              AgentHttpPort= 8081 (Agent Wake-Up communication port)
              SecureHttpPort= 8443 (Console-to-Application Server communication port)
              BroadcastPort= 8082 (Agent Broadcast communication port)

              During the installation of ePO 4.0, use the original SQL server or a new SQL Server where the SQL backup can be restored. Use the same Authentication type for database connection credentials.
              (Example: NT or SQL Authentication)

              See step 8 for information on restoring the database.

              NOTE: If you use the original SQL server, the installer will attempt to create a database called ePO4_<epo_servername>. Because the name of the original ePO server is retained, the original database will have to be backed up and detached. Otherwise, the installer asks you to overwrite the existing database.


              After installing ePO 4.0, apply all Patches and HotFixes that were installed on the original ePO server.
              Log on to the new ePO 4.0 server.
              On the new ePO 4.0 server, click Start, Run, type services.msc, and click OK.
              Right-click each of the following services and select Stop:

              McAfee ePolicy Orchestrator 4.0.0 Application Server
              McAfee ePolicy Orchestrator 4.0.0 Event Parser
              McAfee ePolicy Orchestrator 4.0.0 Server

              Restore the backed up copy of the ePO database.

              Refer to KB59089 - Restoring an ePolicy Orchestrator ePO 4.x.x / 3.x.x / ProtectionPilot 1.x.x database via SQL Enterprise Manager or using DBBak.Exe

              Restore the contents of the following backed up folders:

              ...\Program Files\McAfee\ePolicy Orchestrator\DB
              ...\Program Files\McAfee\ePolicy Orchestrator\Server\Extensions
              ...\Program Files\McAfee\ePolicy Orchestrator\Server\Conf\Catalina

              NOTE: The existing folders for the paths listed above should be replaced with the contents of the backed up copies.


              On the new ePO 4.0 server, click Start, Run, type services.msc, and click OK.
              Right-click each of the following services and select Start:

              McAfee ePolicy Orchestrator 4.0.0 Application Server
              McAfee ePolicy Orchestrator 4.0.0 Event Parser
              McAfee ePolicy Orchestrator 4.0.0 Server

              Click Start, Run type IExplore.exe, and click OK.
              Navigate to the following URL to open the Configure Database Settings page:

              https://<servername>:8443/core/config

              NOTE: If you do not use the default port (8443), substitute your correct console login port.


              Under Configure Database Settings, verify the following entries:
              Database server name
              Database server instance
              Database server port
              Database name
              User name
              User domain
              User password

              NOTE: If any changes are made to the entries above, ensure that you click Test Connection (bottom right corner) to verify the connection to the database is successful with the new settings before continuing.


              If any changes are made on the Configure Database Settings page, do the following:

              Click Apply (to save the changes).
              Restart the ePO 4.0 services.
              Log on to the ePO 4.0 console.
              Deploy the ePO agent only to the ePO server.

              NOTE: This replaces the new agent keys on the ePO server with the restored ones from the previous installation. All other existing agents on the network will retain the proper keys and will not need to re-deployed.

              Step 3 - Restoring the Previous Key Pairs:
              Log on to the ePO console with the original username and password from the old ePO server.
              (Refer to the product guide for information on logging on to the ePO console)
              Click the Configuration, Server Settings tabs.
              In the left-hand pane select the Security Keys.
              In the right-hand pane click Edit.
              In the Import and back up keys section, click Restore All.
              Click Browse and navigate to the keystore.zip, then click Open.
              Click Next, Restore.
              Click Save to close the Edit Security keys Window.
              Related Information
              KB51196 - ePO 4.0 - Master list of release Support articles
              Previous Document ID
              613867