How to migrate ePO from a 32-bit system to a 64-bit system or to a different installation path
Technical Articles ID:
KB71078
Last Modified: 2021-11-17 16:00:08 Etc/GMT
Last Modified: 2021-11-17 16:00:08 Etc/GMT
Environment
ePolicy Orchestrator (ePO) 5.x
Summary
This article provides information about how to migrate an ePO system from 32-bit to 64-bit or to a different installation path.
IMPORTANT:
- The following applies if you’re managing Drive Encryption systems:
- Drive Encryption provides the ePO Administrator with a new capability that allows systems to be transferred from one ePO server to another. This transfer is accomplished while preserving user assignments and user data.
- To review a related article, see KB83186 - Statement regarding the migration of managed encrypted systems from one McAfee ePO server to another.
- This procedure is intended for network and ePO administrators only. The company doesn’t assume responsibility for any damage incurred because they’re intended as guidelines for disaster recovery. All liability for use of the following information remains with the user.
- The preferred method is to use the built-in Disaster Recovery feature, because that migrates all settings automatically. Use the steps below only if a valid snapshot wasn’t created.
NOTES:
- The Agent uses either the last known IP address, DNS name, or NetBIOS name of the ePO server. If you change any one of these settings, make sure that the Agent has a way to locate the server. The easiest way to complete this action is to retain the existing DNS record and change it to point to the new IP address of the ePO server. After the Agent can successfully connect to the ePO server, it downloads an updated
SiteList.xml - Customers can also use this procedure to migrate the ePO server to another system. The preferred method is to use the built-in Disaster Recovery feature to migrate the ePO server to another system. Use this option only if there’s no valid snapshot to restore from.
Before backing up
Stop the ePO services:
- Click Start, Run, type
services.msc , and click OK. - Right-click each of the following services and select Stop:
McAfee ePolicy Orchestrator Application Server
McAfee ePolicy Orchestrator Event Parser
McAfee ePolicy Orchestrator Server
Back up the database and ePO filesystem
IMPORTANT: Before you begin the process explained in this article, you must back up your ePO server. See the following KB articles for more information:
NOTE: The default installation path is used and your installation might differ. Make sure that all files and subfolders are backed up.
IMPORTANT: It’s impossible to move your ePO installation to the new 64-bit system, unless you:
- Back up the directory structures listed below
- Have a valid snapshot
- Have a backup of the ePO database.
Directory structure to back up:
C:\Program Files\McAfee\ePolicy Orchestrator\Server\Extensions
The default path to ePolicy Orchestrator software extension information.C:\Program Files\McAfee\ePolicy Orchestrator\Server\conf
The default path to the needed files used by the ePolicy Orchestrator software extensions.C:\Program Files\McAfee\ePolicy Orchestrator\Server\Keystore
These keys are specifically for ePolicy Orchestrator agent server communication and the repositories.C:\Program Files\McAfee\ePolicy Orchestrator\DB\Software
All products that have been checked in to the Master Repository are located here.C:\Program Files\McAfee\ePolicy Orchestrator\DB\Keystore
The Agent to Server Communication and Repository Keys that are unique to your installation are located here. Failing to restore this folder results in all client computers being unable to communicate with the server, and you have to redeploy the agent to all computers. Also, you have to check in all deployable packages again.C:\Program Files\McAfee\ePolicy Orchestrator\Apache2\conf
The server configuration settings for Apache, the SSL certificates needed to authorize the server to handle agent requests, and console certificates are located here.
Install ePO on a 64-bit system
CAUTION: This article contains information about opening or modifying the registry.
- The following information is intended for System Administrators. Registry modifications are irreversible and could cause system failure if done incorrectly.
- Before proceeding, Technical Support strongly recommends that you back up your registry and understand the restore process. For more information, see the Microsoft Windows registry information for advanced users article.
- Do not run a REG file that is not confirmed to be a genuine registry import file.
- Remove or rename the existing ePO database files on the SQL Server because:
- The new 64-bit system has the same name as the existing 32-bit system.
And - You’re using the same SQL Server for the new database.
- The new 64-bit system has the same name as the existing 32-bit system.
If you don’t know how to perform the MSSQL operation, visit the Microsoft web page or contact Microsoft Support.
- Enable the 8.3 naming convention so ePO can be installed:
- Click Start, Run, type
regedit , and click OK. - Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
- Change the
NtfsDisable8dot3NameCreation - Restart the server.
- Click Start, Run, type
- Install ePO on the 64-bit computer. Make sure that you install the same update level as the existing ePO installation.
NOTES:- Verify the ePO update level by looking at the
Version field in the backed-upServer.ini C:\Program Files\McAfee\ePolicy Orchestrator\DB\ . Use the information to cross reference with the Update version in KB51569 - Supported platforms for ePolicy Orchestrator During the installation.- Make sure that you specify the same server ports as the current ePO installation.
- Verify the ePO update level by looking at the
Restore the database and files
- After installation is complete, stop and disable all ePO services:
- Click Start, Run, type
services.msc , and click OK. - Right-click each of the following services and select Stop:
McAfee ePolicy Orchestrator Application Server
McAfee ePolicy Orchestrator Event Parser
McAfee ePolicy Orchestrator Server
- Double-click each of these services and change the Startup type to Disabled.
- Click Start, Run, type
- Restore the database.
NOTE: If you’re restoring the database to a different SQL Server, make sure that the account being used to access SQL in the existing ePO installation also exists. It must also have the same rights on the new SQL Server. For example, if you’re using thesa account to access SQL for the existing installation, make sure that thesa account is enabled and has the same password in the new installation.
You have to update the restoredDB.PROPERTIES C:\Program Files (x86)\McAfee\ePolicy Orchestrator\server\conf\Orion
- Remove the following folders, replacing them with the corresponding folders that were backed up earlier. It’s important not to overwrite the existing folders, because the folders need to be exactly as they were from original server.
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\Extensions
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\conf
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\Keystore
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\DB\Software
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\DB\Keystore
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Apache2\conf
Edit files
- Go to
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\SERVER\conf\catalina\localhost
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\SERVER\conf\catalina\localhost
For example, change the contents of as follows:rs.xml
From:
<Context docBase="C:/Program Files/McAfee/ePolicy Orchestrator/Server/extensions/installed/rs/2.0.1/webapp"
privileged="true" antiResourceLocking="false" antiJARLocking="false"></Context>
To:
<Context docBase="C:/Program Files (x86)/McAfee/ePolicy Orchestrator/Server/extensions/installed/rs/2.0.1/webapp"
privileged="true" antiResourceLocking="false" antiJARLocking="false"></Context>
IMPORTANT: If there’s a file calleddeployer.xml
Open all files exceptdeployer.xml Files/ withFiles (x86)/ in all files. Or, you can use the SQL Server Management Studio Replace in Files feature (Edit, Find and Replace, Replace in Files ) to achieve similar results. For more details about how to use this feature, see SQL Server Books Online.
- Determine the 8.3 notation form of the Program Files (x86) folder:
- Click Start, Run, type
cmd , and click OK. - To change to the root, type
CD\ and press Enter. - To list the directory structure, type
dir /x and press Enter. - Choose the
PROGRA~ .PROGRA~2
- Click Start, Run, type
- Open
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\APACHE2\conf\httpd.conf
- Locate all lines with the old 32-bit path, replacing all them to reflect the 64-bit path that was determined in step 2.
For example, change the following:
From:
ServerRoot “C:/PROGRA~1/McAfee/EPOLIC~1/”
To:
ServerRoot “C:/PROGRA~2/McAfee/EPOLIC~1/”
- Click Edit, Replace.
- Type the "old path" (32-bit) in the Find what field.
- Type the "new path" (64-bit) in the Replace with field.
- Click Replace All.
NOTE: There are multiple places in this file where this path is modified.
- Save the changes.
- Locate all lines with the old 32-bit path, replacing all them to reflect the 64-bit path that was determined in step 2.
- Open
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\APACHE2\conf\ssl.conf
- Locate all lines with the old 32-bit path, replacing all them to reflect the 64-bit path that was determined in step 2.
For example, change the following:
From:
ServerRoot “C:/PROGRA~1/McAfee/EPOLIC~1/”
To:
ServerRoot “C:/PROGRA~2/McAfee/EPOLIC~1/”
- Click Edit, Replace.
- Type the "old path" (32-bit) in the Find what field.
- Type the "new path" (64-bit) in the Replace with field.
- Click Replace All.
NOTE: There are multiple places in this file where this path needs to be modified.
- Save the changes.
- Locate all lines with the old 32-bit path, replacing all them to reflect the 64-bit path that was determined in step 2.
- Edit
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\bin\setenv.bat
set JAVA_OPTS=
set JRE_HOME=
- Edit
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\bin\setenv.sh
export CATALINA_HOME=
export JAVA_OPTS=
export JRE_HOME=
- Edit
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\conf\epo\epo.properties
epo.install.dir
epo.db.dir
- Edit
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\conf\orion\log-config.xml < param_name="File" to the new path.
NOTE: There are two places where this line exists. Found under the Standard log file and Rolling log file sections.
- Edit
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\conf\orion\orion.properties
extension.install.dir
extension.tmp.dir
- If you restored the database to a different SQL Server, edit
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\server\conf\Orion\db.properties
db.database.name
db.instance.name
db.port
db.user.name
db.server.name
Enable/start services:
- Enable all ePO services to start automatically on system startup:
- Click Start, Run, type
services.msc , and click OK. - Double-click each of the following services and change Startup type to
Automatic :
McAfee ePolicy Orchestrator Application Server
McAfee ePolicy Orchestrator Event Parser
McAfee ePolicy Orchestrator Server
- Click Start, Run, type
- Start only the
McAfee ePolicy Orchestrator Application Server service. - Log on
https://localhost:8443/core/config db.properties file, save settings and restart ePO services. - Attempt to log on to the ePO console. If you’re unable to log on, review all steps performed in this article and make sure that they’ve been properly completed. If you can't resolve the console logon issue, contact Technical Support for further assistance before proceeding.
NOTE: You must first log on for the rest of the recovery steps to work.
- Rename the
SSL.CRT folder toSSL.CRT.OLD and manually create an empty folder namedSSL.CRT in the same path; otherwise, the setup fails to create a certificate. The path is:
64-bit:"C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Apache2\conf\ssl.crt"
- Click Start, Run, type
cmd , and click OK.
- Change directories to your ePO installation directory, which is now
.C:\Program Files (x86)\McAfee\ePolicy Orchestrator\
- Run the command below:
IMPORTANT:- This command fails if User Account Control (UAC) is enabled on this server. For a Windows Server 2008 or later, disable this feature. For more information about UAC, see the User Account Control Step-by-Step Guide.
- This command is case sensitive. The
ahsetup.log <install_directory\Apache2\conf\ssl.crt> ) provides information about whether the command succeeded or failed. It states if it used, the files are found in thessl.crt folder.
Rundll32.exe ahsetup.dll RunDllGenCerts <eposerver_name> <console_HTTPS_port> <admin_username> <password> <"install_directory\Apache2\conf\ssl.crt">
Where:
<eposerver_name> is your ePO server's NetBios Name
<console_HTTPS_port> is your ePO Console Port (default is 8443)
<admin_username> is the administrator user name (use the default ePO administrator account)
<password> is the password for the ePO administrator console account
<install_directory\Apache2\conf\ssl.crt> is your installation path to the Apache folderC:\Program Files (x86)\McAfee\ePolicy Orchestrator\Apache2\conf\ssl.crt
Example:
Rundll32.exe ahsetup.dll RunDllGenCerts eposervername 8443 administrator password "C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Apache2\conf\ssl.crt"
- Start the following ePO services:
McAfee ePolicy Orchestrator Event Parser
McAfee ePolicy Orchestrator Server
- Look in
DB\logs\server.log , and make sure that the Agent Handler (Apache server) started correctly. It states something similar to the following:
20090923173647 I #4108 NAIMSRV ePolicy Orchestrator server started.
If it doesn’t, there might be an error similar to the following or other errors:
20090923173319 E #4736 NAIMSRV Failed to get server key information.
Related Information
Affected Products
Languages:
This article is available in the following languages: