This article describes the recommended procedure to change the credentials that ePO and the Agent Handlers use to connect to the ePO SQL database.
NOTES:
- ePO and its Agent Handlers can use either Active Directory or SQL credentials to connect to the ePO database.
- The credentials might be different from one server to another, depending on the needs of the environment.
- The credentials you use must be assigned the appropriate SQL Server role and permissions. See: KB75766 - SQL permissions required to install and use ePolicy Orchestrator.
Change the database account credentials in either Active Directory or SQL Management Studio.
Step 1 - Stop the Event Parser and Server services on the Agent Handlers. This action prevents them from accessing the database with invalid credentials:
- Access the Agent Handlers.
- Click Start, Run, type services.msc, and click OK.
- Right-click on each on the ePO services below, and click Stop:
McAfee ePolicy Orchestrator Event Parser
McAfee ePolicy Orchestrator Server
- Close the Services window on the Agent Handler servers.
Step 2 - Change the database account credentials in either Active Directory or SQL Management Studio (if not already completed).
NOTE: This procedure is done by the customer's account team, or Database Administrator (DBA), and is outside the scope of this article.
Step 3 - Change the credentials in the ePO console and test:
- On the ePO server, go to the core/config-auth page. By default, this page is https://localhost:8443/core/config-auth.
- Change the user name in the fields provided.
- Click the User password field, and enter the new password.
- To verify that the new credentials are valid, click Test Connection.
- Click Apply.
Step 4 - Stop the ePO Server service on the ePO server.
- Click Start, Run, type services.msc, and click OK.
- Right-click the service below, and click Stop:
McAfee ePolicy Orchestrator Application Server
- Restart the ePO services in the order specified below:
- Right-click the services listed below, and click Start:
McAfee ePolicy Orchestrator Application Server
McAfee ePolicy Orchestrator Event Parser
McAfee ePolicy Orchestrator Server
- Close the Services window.
Step 5 - Modify the remote Agent Handler settings to change the credentials:
- Implement Option 1 or 2 to access the Agent Handler installation menu:
Option 1 - Use msiexec to access the remote Agent Handler's installation menu.
- Open an administrator command prompt.
- Click Start, All Programs, Accessories.
- Right-click Command Prompt, and click Run as administrator. If you’re prompted for an administrator password, enter the authentication details.
- At the command prompt, type the commands provided below, and press Enter:
msiexec /I{72E9A6B1-F36E-4283-9867-A283B46D9C7D}
Option 2 - Run the Agent Handler Setup.exe:
- On the Agent Handler server, find the Agent Handler folder you extracted from the ePO software installation package.
- Double-click Setup.exe. The Agent Handler InstallShield wizard runs.
- Click Next.
- In the Program Maintenance dialog box, click Modify.
- Configure the following settings:
- Type the computer name of the ePO server with which the Agent Handler must communicate.
- Specify which port to use for the Agent Handler-to-server communication. The default port is 8444.
NOTE: Using the default port enables the Agent Handler-to-server communication to be performed using only port 8444. You can optionally specify port 8443. Port 8843 is the Console-to-application server communication port. But doing so, requires that port 8444 remains available for the Agent Handler communication.
- Type the ePO administrator user name, and ePO administrator password, for a user with global administrator rights.
- Click Next, to use the ePO administrator credentials to access the database.
- Configure the credentials to access the database, and then click Next:
- Database Server with instance name. Example: DB-SERVER\SERVERNAME
- Authentication type.
- Domain name, where the restored database server is hosted.
- User name and password.
- Database name, if not provided automatically.
- Click Install.
- After the installation completes, enable your remote Agent Handler from within the ePO interface.
- Log on to the ePO console.
- Go to Menu, Configuration, Agent Handlers.
- To list all Agent Handlers, select the Agent Handlers link in the Handler Status window.
- If the Actions column for an Agent Handler has an Enable link, click to enable.
Overview
- Stop the ePO Event Parser and Server services on the ePO server, and all Agent Handlers.
- Change the database account credentials. Active Directory, or SQL Management Studio (if not already completed).
- Change the credentials in the ePO console, and test.
- Restart the ePO services on the ePO server.
- To change credentials, modify the remote Agent Handler settings.