Environment
McAfee ePolicy Orchestrator 4.6
McAfee ePolicy Orchestrator 4.5
For details of all supported operating systems, see KB51109.
McAfee ePolicy Orchestrator 4.5
For details of all supported operating systems, see KB51109.
Summary
How do I migrate ePO 4.5 or ePO 4.6 from a 32-bit system to a 64-bit system?
Solution
IMPORTANT:
- This procedure is intended for use by network and ePolicy Orchestrator (ePO) administrators only. McAfee does not assume responsibility for any damage incurred because they are intended as guidelines for disaster recovery. All liability for use of the following information remains with the user.
- The procedure is for use with ePO 4.5 and ePO 4.6 servers only.
- This procedure will not work if you rename the ePO server.
- The Agent uses either the last known IP address, DNS name, or NetBIOS name of the ePO server. If you change any one of these, ensure that the Agents have a way to locate the server. The easiest way to do this would be to retain the existing DNS record and change it to point to the new IP address of the ePO server. After the Agent is able to successfully connect to the ePO server, it downloads an updated SiteList.xml with the current information.
- The procedure can also be used by customers who want to migrate the ePO 4.5 or ePO 4.6 server to another system.
Before backing upStop the ePO 4.5 or 4.6 services:
- Click Start, Run, type services.msc and click OK.
- Right-click each of the following services and select Stop:
McAfee ePolicy Orchestrator 4.x.0 Application Server
McAfee ePolicy Orchestrator 4.x.0 Event Parser
McAfee ePolicy Orchestrator 4.x.0 Server
- Where 4.x.0 is the applicable version of ePO that you are running in the environment. (Example: McAfee ePolicy Orchestrator 4.5.0 Application Server)
Backing up the databaseUse one of the following methods to back up the SQL database (normally named ePO4_<ServerName>, where the <ServerName> is your ePO 4.5 server name):
See either of the following KnowledgeBase articles:
- KB59562 - How to back up the ePO database using OSQL commands
- KB52126 - How to back up and restore the ePO database using Enterprise Manager/ Management Studio
Backing up the file systemYou must back up the following folder structures to a location that will be accessible from the new 64-bit system. For example, a network share. The default installation path is used, and your installation might differ. Ensure that all files and subfolders are backed up.
C:\Program Files\McAfee\ePolicy Orchestrator\SERVER
All installed extensions and configuration information for the ePO Application Server are located here.
C:\Program Files\McAfee\ePolicy Orchestrator\DB\SOFTWARE
All products that have been checked into the Master Repository are located here.
C:\Program Files\McAfee\ePolicy Orchestrator\DB\KEYSTORE
The Agent, Server, and Repository Keys that are unique to your installation are located here.
C:\Program Files\McAfee\ePolicy Orchestrator\APACHE2\CONF
The server configuration settings for Apache, the SSL certificates needed to authorize the server to handle agent requests, and console certificates are located here.
NOTE: Failure to back up all of these directory structures will make it impossible to move your ePO installation to the new 64-bit system and will require a clean start, including the redeployment of agents to all client computers.
Installation on 64-bit system
- Because the new 64-bit system will have the same name as the existing 32-bit system and you will be using the same SQL server for the new database, delete or rename the existing ePO database on the SQL server.
- Enable 8.3 naming convention so ePO can be installed:
- Click Start, Run, type regedit and click OK.
- Navigate to:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
- Change the NtfsDisable8dot3NameCreation value to 0.
- Restart the server.
- Install ePO 4.5 or ePO 4.6 on the 64-bit computer. Ensure that you install the same patch level as the existing ePO installation.
NOTE: You can verify the ePO 4.5 or ePO 4.6 patch level by looking at the Version field in the backed up Server.ini file (C:\Program Files\McAfee\ePolicy Orchestrator\DB\) and cross referencing it with article KB59938 - Version information for the ePolicy Orchestrator server. During the installation, ensure that you specify the same server ports as the current ePO installation.
- If your previous installation included Policy Auditor 5.x or MNAC 3.x, install the same version of Policy Auditor or MNAC (including any hotfixes).
- After installation is complete, stop and disable all ePO 4.5.0 / ePO 4.6.0 services:
- Click Start, Run, type services.msc and click OK.
- Right-click each of the following services and select Stop:
McAfee ePolicy Orchestrator 4.x.0 Application Server
McAfee ePolicy Orchestrator 4.x.0 Event Parser
McAfee ePolicy Orchestrator 4.x.0 Server
- Where 4.x.0 is the applicable version of ePO that you are running in the environment. (Example: McAfee ePolicy Orchestrator 4.5.0 Application Server)
- Double-click each of these services and change the Startup type to Disabled.
- Restore the database.
NOTE: If you are restoring the database to a different SQL server, ensure that the account being used to access SQL in the existing ePO installation also exists and has the same rights on the new SQL server. (For example, if you are using the sa account to access SQL for the existing installation, ensure that the sa account is enabled and has the same password in the new installation.)
You have to update the restored DB.PROPERTIES file in C:\Program Files (x86)\McAfee\ePolicy Orchestrator\server\conf\Orion with the new information before starting the server. This will be covered later.
- Delete the following folders, replacing them with the corresponding folders that were backed up earlier:
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\SERVER\
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\APACHE2\CONF
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\DB\SOFTWARE\
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\DB\KEYSTORE\
- Navigate to C:\Program Files (x86)\McAfee\ePolicy Orchestrator\SERVER\conf\catalina\localhost and edit all the XML files in a text editor to reflect the 64-bit path where they are now located:
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\SERVER\conf\catalina\localhost
For example, change the contents of webapp.xml as follows:
From:
<Context docBase="C:/Program Files/McAfee/ePolicy Orchestrator/Server/extensions/installed/rs/2.0.1/webapp"
privileged="true" antiResourceLocking="false" antiJARLocking="false"></Context>
To:<Context docBase="C:/Program Files (x86)/McAfee/ePolicy Orchestrator/Server/extensions/installed/rs/2.0.1/webapp"
privileged="true" antiResourceLocking="false" antiJARLocking="false"></Context>
NOTE: If there is a file called deployer.xml present, do not edit it. This is in a different format to the other XML files.
You can do this fairly easily by opening all files but deployer.xml in a multi-tab text editor like notepad++ and doing a replace in all files “Files/” with “Files (x86)/”. Alternatively, you can use the SQL Server Management Studio Replace in Files feature (Edit, Find and Replace, Replace in Files) to achieve similar results. For more details on how to use this feature, refer to SQL Server Books Online.
- Determine the 8.3 notation form of the Program Files (x86) folder:
- Click Start, Run, type cmd and click OK.
- To change to the root, type the following command and press ENTER.
CD\
- To list the directory structure, type the following command and press ENTER.
dir /x
Choose the PROGRA~ that refers to the Program Files (x86) folder. The most common form is PROGRA~2.
- Open each of the following .conf files in a text editor (Notepad) and do the following:
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\APACHE2\conf\httpd.confC:\Program Files (x86)\McAfee\ePolicy Orchestrator\APACHE2\conf\ssl.conf- Locate all lines with the old 32-bit path, replacing all of these to reflect the 64-bit path that was determined in Step 8.
For example, change the following:
From: ServerRoot “C:/PROGRA~1/McAfee/EPOLIC~1/”
To:
ServerRoot “C:/PROGRA~2/McAfee/EPOLIC~1/”
- Click Edit, Replace.
- Enter the "old path" (32-bit) in the Find what field.
- Enter the "new path" (64-bit) in the Replace with field.
- Click Replace All.
NOTE: There will be multiple places in this file where this path will be modified.
- Save the changes.
- Locate all lines with the old 32-bit path, replacing all of these to reflect the 64-bit path that was determined in Step 8.
- If MNAC 3.x is installed:
- Click Start, Run, type explorer and click OK.
- Navigate to: C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\Extensions\Installed\NAC\x.x.x.xxx\conf\nacserver.properties.
- Modify the path for servlet.cert.keyStoreLocation as follows:
From: C:/PROGRA~1/McAfee/EPOLIC~1/server/extensions/installed/NAC/3.2.1.148/keystore/nacsub.keystore
To: C:/PROGRA~2/McAfee/EPOLIC~1/server/extensions/installed/NAC/3.2.1.148/keystore/nacsub.keystore
- Edit C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\bin\setenv.bat and change the paths on the lines starting with:
set JAVA_OPTS=
set JRE_HOME=
- Edit C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\bin\setenv.sh (if present) and change the paths on the lines starting with:
export CATALINA_HOME=
export JAVA_OPTS=
export JRE_HOME=
- Edit C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\conf\epo\epo.properties and change the paths on the lines starting with:
epo.install.dir
epo.db.dir
- Edit C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\conf\orion\log-config.xml and change the paths on the lines starting with < param name="File".
NOTE: There are two places where this line exists – under the “Standard log file” and “Rolling log file” sections.
- Edit C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\conf\orion\orion.properties and change the paths on the lines starting with:
extension.install.dir
extension.tmp.dir
- Edit C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Installer\ePO\install.properties and change the paths on the lines starting with:
apache.install.dir
apache2.install.dir
epo.install.dir
epo.db.dir
epo.db.dir2
catalina.home
- Edit C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Installer\Core\install.properties and change the paths on the lines starting with:
orion.home
orion.jre.home
- If you restored the database to a different SQL server, edit C:\Program Files (x86)\McAfee\ePolicy Orchestrator\server\conf\Orion\db.properties and update the following entries with the correct information:
db.database.name
db.instance.name
db.port
db.user.name
db.server.name
- Enable all ePO 4.5.0 / ePO 4.6.0 services:
- Click Start, Run, type services.msc and click OK.
- Double-click each of the following services and change Startup type to Automatic:
McAfee ePolicy Orchestrator 4.x.0 Application Server
McAfee ePolicy Orchestrator 4.x.0 Event Parser
McAfee ePolicy Orchestrator 4.x.0 Server
- Where 4.x.0 is the applicable version of ePO that you are running in the environment. (Example: McAfee ePolicy Orchestrator 4.5.0 Application Server.)
- Start the McAfee ePolicy Orchestrator 4.5.0 / 4.6.0 Application Server service.
NOTE: This has to be started for the following process to work.
- Click Start, Run, type cmd and click OK.
- Change directories to your ePO installation Path (this would now be: C:\Program Files (x86)\McAfee\ePolicy Orchestrator\).
- In the ePO Directory, run the following command:
IMPORTANT: This command will fail if User Account Control (UAC) is enabled on this server. If this is a Windows Server 2008 or later, disable this feature. You can find more information about UAC at:
http://technet.microsoft.com/en-us/library/cc709691(WS.10).aspx.
Rundll32.exe ahsetup.dll RunDllGenCerts <eposervername> <console HTTPS port> <admin username> <password> <"installdir\Apache2\conf\ssl.crt">
where:
<eposervername> is your ePO server's NetBios Name
<console HTTPS port> is your ePO Console Port (default is 8443)
<admin username> is admin (use the default ePO admin account)
<password> is the password to the ePO Admin console account
<installdir\Apache2\conf\ssl.crt> is your installation path to the Apache folder (this would now be: C:\Program Files (x86)\McAfee\ePolicy Orchestrator\APACHE2\CONF\SSL.CRT)
Example:
Rundll32.exe ahsetup.dll RunDllGenCerts eposervername 8443 administrator password "C:\Program Files (x86)\McAfee\ePolicy Orchestrator\APACHE2\CONF\SSL.CRT"
NOTE: The RunDllGenCerts switch in this command is case-sensitive. The ahsetup.log (found in the <installdir\Apache2\conf\ssl.crt>) provides information about whether the command succeeded or failed. It will state if it used the files located in the ssl.crt folder.
- Start the following services:
McAfee ePolicy Orchestrator 4.x.0 Event Parser
McAfee ePolicy Orchestrator 4.x.0 Server
- Where 4.x.0 is the applicable version of ePO that you are running in the environment. (Example: McAfee ePolicy Orchestrator 4.5.0 Application Server)
NOTE: Look in the DB\logs\server.log to ensure that the Agent Handler (Apache server) started correctly. It should state something similar to the following:
20090923173647 I #4108 NAIMSRV ePolicy Orchestrator server started.
If it does not, there was an error similar to the following:
20090923173319 E #4736 NAIMSRV Failed to get server key information.
- Finally, restart the three ePO services again.
Install SQL Server Express before the EPO or SQL Express with the installation of EPO?
ReplyDeleteEvyn'S Blogggggg: Migrating Mcafee Epo Server >>>>> Download Now
Delete>>>>> Download Full
Evyn'S Blogggggg: Migrating Mcafee Epo Server >>>>> Download LINK
>>>>> Download Now
Evyn'S Blogggggg: Migrating Mcafee Epo Server >>>>> Download Full
>>>>> Download LINK zO
Need antivirus for your PC and laptop? We provides best antivirus software for mac, windows and many more. Call us and connect with the techies Mcafee UK | Mcafee Phone Number
ReplyDeleteNice blog we provide information is true
ReplyDeleteFor more details on the procedure and the packages, you can get in touch with our customer service professionals who have complete knowledge about the different McAfee Activate. Our experts will first help with the product selection depending on your requirement and then provide the necessary details for the installation and the activation of the selected McAfee products.
Looking for Netgear Support, visit on Netgear Support
ReplyDeleteepson printer technical support number
ReplyDeleteepson printer drivers
This blog is really very helpful but still if you have any issues with McAfee antivirus, then you can contact McAfee support UK.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteEvyn'S Blogggggg: Migrating Mcafee Epo Server >>>>> Download Now
ReplyDelete>>>>> Download Full
Evyn'S Blogggggg: Migrating Mcafee Epo Server >>>>> Download LINK
>>>>> Download Now
Evyn'S Blogggggg: Migrating Mcafee Epo Server >>>>> Download Full
>>>>> Download LINK Zk