• This procedure is intended for use by network and ePO administrators only. The company does not assume responsibility for any damage incurred because it's intended as a guideline for disaster recovery. All liability for use of the following information remains with the user.
• It's preferable to use the built-in Disaster Recovery feature. Use these steps only if a valid Snapshot isn't created and a manual recovery is needed.
• If you're going from a 32-bit to a 64-bit operating system, or installing ePO to a different path, see KB71078 - How to migrate ePO from a 32-bit system to a 64-bit system or to a different installation path.
• Migrating from a standalone ePO to a cluster ePO and vice versa is not supported. This behavior is expected.
  
  
  To submit a new product idea, go to the Enterprise Customer Product Ideas page.
  
  Click Sign In and enter your ServicePortal User ID and password. If you do not yet have a ServicePortal or Community account, click Register to register for a new account on either website.
  
  For more information about product ideas, see KB60021 - How to submit a Product Idea.

• The agent uses either the last known IP address, DNS name, or NetBIOS name of the ePO server. If you change any one of these settings, make sure that the agents have a way to locate the server. The easiest way to accomplish the task is to retain the existing DNS record and change it to point to the new IP address of the ePO server. After the agent cans successfully connect to the ePO server, it downloads an updated Sitelist.xml with the current information. 
• You can also use this procedure to migrate the ePO cluster to another system. But, it's preferable to use the built-in Disaster Recovery feature to migrate the ePO server to another system.

• On Windows Server 2008 and later: Click Start, Programs, Administrative Tools, Failover Cluster Management.
• On Windows Server 2003: Click Start, Program Files, Administrative Tools, Cluster Administrator.

• Installing, uninstalling, or upgrading an extension
• Updating the ePO database configuration

1. Use the following to back up the SQL database (normally named ePO_ServerName, where the ServerName is your ePO server name):
   • For details about backing up the ePO database using OSQL commands, see article KB67591 - How to run a SQL script provided by Technical Support against the ePolicy Orchestrator database.
   • For details about backing up the ePO database using SQL Server Management Studio, see article KB52126 - How to back up and restore the ePolicy Orchestrator database using SQL Server Management Studio.
      
2. You must back up the following folder paths from the Share drive that's specified during installation:

Example: (S:\ePolicy Orchestrator\...)

S:\ePolicy Orchestrator\bin\Server\extensions
The default path to ePO software extension information.

S:\ePolicy Orchestrator\bin\Server\conf
The default path to needed files used by the ePO software extensions.

S:\ePolicy Orchestrator\bin\Server\keystore
These keys are for ePO agent-to-server communication and the repositories.

S:\ePolicy Orchestrator\DB\Software
All products that have been checked in to the Master Repository are located here.

S:\ePolicy Orchestrator\DB\Keystore
The Agent, Server, and Repository Keys that are unique to your installation are located here. Failing to restore this folder results in all client systems being unable to communicate with the server, and you have to redeploy the agent to all systems. Also, you must check in all deployable packages again.

S:\ePolicy Orchestrator\Apache2\conf
The server configuration settings for Apache, the SSL certificates needed to authorize the server to handle agent requests, and console certificates are located here.

NOTE: Failure to back up and restore these directory structures require a reinstallation of ePO to create new ones. Also, it might require a clean database installation and redeployment of agents to all client systems.

1. Delete the ePO database on the SQL Server. If you don't know how to perform the MSSQL operation, see this Microsoft tech note or contact Microsoft Support.
    
2. If restoring ePO to the same system, uninstall ePO. Make sure that there's no ePO folder in the original installation path after the software is uninstalled.
    
   NOTE: Renaming the existing ePO folder and leaving the old folder in place might interfere with the new installation. It's recommended that you remove the old directory completely.
    
3. Reinstall ePO to the same version and Update (Patch) level as the server you're restoring. Installation must follow the steps included in the ePO Installation Guide under section "Perform cluster installation."
   
   
   For product documents, go to the Product Documentation portal.
   
   
   NOTE: To verify the ePO Update (patch) level, look at the Version field in the backed-up Server.ini file (\ePolicy Orchestrator\DB\). 
   
   IMPORTANT: You must reinstall ePO to the exact same directory path as the previous installation for this article to apply. Failure to do so causes initializations of extensions to fail when the restore is complete. When the installation path is different, follow the steps in KB71078 - How to migrate ePO from a 32-bit system to a 64-bit system or to a different installation path.
    
4. Apply any additional patches, hotfixes, or POCs to ePO that had been previously applied. 
    
5. After installing, open the Windows Cluster Administrator/Management tool and set all ePO services to offline:
   • On Windows Server 2008: Click Start, Programs, Administrative Tools, Failover Cluster Management.
   • On Windows Server 2003: Click Start, Program Files, Administrative Tools, Cluster Administrator.
      
6. Restore the database.
   
   NOTE: Restore the database so that you don't require the ePO database configuration to be updated (for example: Same name, host, port). Otherwise, you have to update the restored DB.PROPERTIES file in S:\ePolicy Orchestrator\bin\Server\conf\orion with the new information before starting the server.
    
7. Delete the following folders, and replace them with the corresponding folders that were backed up earlier in step 2:
   
   S:\ePolicy Orchestrator\bin\Server\extensions
   S:\ePolicy Orchestrator\bin\Server\conf
   S:\ePolicy Orchestrator\bin\Server\keystore
   S:\ePolicy Orchestrator\DB\Software
   S:\ePolicy Orchestrator\DB\Keystore
   S:\ePolicy Orchestrator\Apache2\conf
     
8. Set only the McAfee ePolicy Orchestrator Application Server Service resource to online. 
    
9. Open the Configure Database Settings page at https://<servername>:8443/core/config. If you don't use the default port (8443), substitute your correct console logon port.
    
10. Under Configure Database Settings, verify the following entries:
    
    Database server name
    Database server instance
    Database server port
    Database name
    User name
    User domain
    User password
     
    IMPORTANT: Select the option Change password and re-enter the password for the account used to access SQL, even though it hasn't changed. Verify that the password is accepted by using the Test Connection option. If the connection is successful, click Apply to save the password, and restart the ePO application server service. This step creates a new password hash based on the new ePO server's unique key.
     
11. Try to log on to the ePO console. If you're unable to log on, review all steps performed in this article and make sure that they've been properly completed. If you can't resolve the console logon issue, contact Technical Support for further assistance before proceeding.
    
    To contact Technical Support, go to the Create a Service Request page and log on to the ServicePortal.
    • If you are a registered user, type your User ID and Password, and then click Log In.
    • If you are not a registered user, click Register and complete the fields to have your password and instructions emailed to you.
    
    
    NOTE: You must be able to log on for the rest of the recovery steps to work.
     
12. Rename the SSL.CRT folder (see the path below) to SSL.CRT.OLD. Then, manually create an empty folder named SSL.CRT in the same path; otherwise, the setup fails to create a new certificate: 
    
    S:\ePolicy Orchestrator\Apache2\conf\ssl.crt
     
13. Click Start, Run, type cmd, and click OK.
     
14. Change directories to your ePO installation path (default is S:\ePolicy Orchestrator\).
     
15. In the ePO directory, run the following command:
    
    Rundll32.exe ahsetup.dll RunDllGenCerts ePO_server_name console_HTTPS_port Admin_username Password "installdir\Apache2\conf\ssl.crt"
    
    Here:
    ePO_server_name - The ePO server NetBIOS name
    Console_HTTPS_port - The ePO console port (default is 8443)
    Admin_username - The administrator (use the default ePO administrator console account)
    Password - The password to the ePO administrator console account
    Installdir\Apache2\conf\ssl.crt - The installation path to the Apache folder (default installation path: S:\ePolicy Orchestrator\Apache2\conf\ssl.crt)
    
    Example
    Rundll32.exe ahsetup.dll RunDllGenCerts eposervername 8443 administrator password "S:\ePolicy Orchestrator\Apache2\conf\ssl.crt"
     
    IMPORTANT:
    • This command fails if you've enabled User Account Control (UAC) on this server. If the server is running Windows Server 2008 or later, disable this feature. You can find more information about UAC in this Microsoft article.
    • This command is case-sensitive. The ahsetup.log (found in installdir\Apache2\conf\ssl.crt) provides information about whether the command succeeds or fails. It also states whether it uses the files located in the ssl.crt folder.
     
16. Set the following service resources to online, and then start them:
     
    • McAfee ePolicy Orchestrator Event Parser
    • McAfee ePolicy Orchestrator Server