The remnant entries of MOVE 3.6.x in the database with old certificates cause the
MOVE 4.9.x SVA-manager to fail to sync with ePO. To determine if these entires are sent from ePO, you need to validate the entries in the
svaManagerPolicy.xml file. This file is available in
/opt/McAfee/movesvamanager/etc/svaManagerPolicy.xml.
If the XML file contains the following strings, it confirms that the old MOVE 3.6 entries are being sent from ePO.
<Setting name="brokerCert36"
<Setting name="brokerPrivateKey36"
<Setting name="caCert36"
<Setting name="brokerCert"
<Setting name="brokerPrivateKey"
<Setting name="caCert"
The
svaManagerPolicy.xml must contain only the following strings:
<Setting name="brokerCert"
<Setting name="brokerPrivateKey"
<Setting name="caCert"
Also, you must check the ePO DB for old certificate information entries by running the SQL script below.
- Log on to SQL Server Management Studio.
- Right-click the McAfee ePO database and select New Query.
- Copy and paste the SQL script shown below and click Execute to get the results.
Select * from EPOPolicySettingValuesMT where SettingName in ('brokercert36', 'brokerprivatekey36', 'cacert36')
The following screenshot shows an example output of the previous command, listing the certificate information.