McAfee ePO 4.5 backup and restore procedure

Environment

Windows 2008 Server
Windows 2003 Server

Solution

IMPORTANT:
  • This procedure is intended for use by network and ePO administrators only. McAfee does not assume responsibility for any damage incurred because they are intended as guidelines for disaster recovery. All liability for use of the following information remains with the user.
  • The procedure is for use with ePO 4.5 servers only.
  • This will not work if you rename the ePO server. See KB66620 for steps on handling this situation.


NOTES:

  • The Agent uses either the last known IP address, DNS name, or NetBIOS name of the ePO server. If you change any one of these, ensure that the Agents have a way to locate the server. The easiest way to do this would be to retain the existing DNS record and change it to point to the new IP address of the ePO server. After the Agent is able to successfully connect to the ePO server, it downloads an updated SiteList.xml with the current information.
  • The procedure can also be used by customers who want to migrate the ePolicy Orchestrator (ePO) 4.5 server to another system.

Preparation
To ensure a smooth recovery, do not perform a backup while the server is in the middle of installing an extension.
 

Before backing up

If possible, shut down the McAfee ePolicy Orchestrator 4.5.0 Application Server service (Tomcat) entirely when doing the backup. Otherwise, ensure that no one is performing the following actions during the backup:

  • Installing, uninstalling, or upgrading an extension
  • Updating the ePolicy Orchestrator database configuration 

Backing up
Use the following to back up the SQL database (Normally named ePO4_<ServerName>, where the <ServerName> is your ePO 4.5 server name):

  • KnowledgeBase article KB59562 – How to back up the ePO/PrP databases using OSQL commands
  • DBBAK utility
  • SQL Enterprise Manager 
The following folder paths must be backed up (NOTE: The default installation path is used where your installation might differ):
 
C:Program FilesMcAfeeePolicy OrchestratorSERVER
All installed extensions and configuration information for the ePO Application Server service is found here.

NOTE:
If you want to reduce the number of items to back up from the SERVER folder backup, consider excluding only the following:
  • C:Program FilesMcAfeeePolicy Orchestrator serverlogs (server log files)
  • C:Program FilesMcAfeeePolicy Orchestratorservercache (contains cached information created and used by ePO, such as generated chart images. ePO will regenerate that information, if deleted.)
  • C:Program FilesMcAfeeePolicy Orchestratorserverwork (contains cached information about web applications registered with Tomcat. Tomcat will regenerate that information, if deleted.)
C:Program FilesMcAfeeePolicy OrchestratorDB SOFTWARE
All Products that have been checked into the Master Repository are located here.

C:Program FilesMcAfeeePolicy OrchestratorDB KEYSTORE
The Agent, Server, and Repository Keys that are unique to your installation are located here. Failing to restore this folder results in re-pushing the agent to all your systems, and checking in all of your deployable packages again.

C:Program FilesMcAfeeePolicy OrchestratorAPACHE2CONF
The Server configuration settings for Apache, the SSL Certificates needed to authorize the server to handle agent requests, and Console Certificates are located here. Failure to backup and restore this directory results in a re-installation of ePO to create new ones and possibly using a clean database installation.
 

Recovery
  1. Delete or rename the ePO database on the SQL server.

    NOTE:
    Contact Microsoft Support if you do not know how to perform the MSSQL operation.

     

  2. Reinstall ePO 4.5.

    IMPORTANT: 
    You must reinstall ePO to the exact same directory path as the previous installation or initialization of extensions will fail when the restore is complete. Also, it is not necessary to specify the same port configuration except for the database. The ports are restored to the previous installation values during the restore.
     
     
  3. Apply any patches to ePO 4.5 that had been applied before. 

    If you had previously installed Policy Auditor 5.x for use with ePO, install the same version of Policy Auditor (including the Hotfix release) that had been installed before.

    NOTE:
    The ePO 4.5 patch level can be verified by looking at the Version field in the backed up Server.ini file (C:Program FilesMcAfeeePolicy OrchestratorDB) and cross referencing it with article KB59938.
     
     

  4. After installing, stop and disable all ePO 4.5.0 services:
    1. Click Start, Run, type services.msc and click OK.
    2. Right-click each of the following services and select Stop:

      McAfee ePolicy Orchestrator 4.5.0 Application Server
      McAfee ePolicy Orchestrator 4.5.0 Event Parser
      McAfee ePolicy Orchestrator 4.5.0 Server
       
       

    3. Double-click each of the following services and change Startup type to Disabled:

      McAfee ePolicy Orchestrator 4.5.0 Application Server
      McAfee ePolicy Orchestrator 4.5.0 Event Parser
      McAfee ePolicy Orchestrator 4.5.0 Server
       
       

  5. Restore the database.
    NOTE: Restore the database so that you do not require the ePO database configuration to be updated (for example, same name, host, port, and so on). Otherwise, you have to update the restored DB.PROPERTIES file in C:Program FilesMcAfeeePolicy Orchestrator serverconfOrion with the new information before starting up the server.
     
     
  6. Restore the following folders to their original locations. 

    C:Program FilesMcAfeeePolicy OrchestratorSERVER
    C:Program FilesMcAfeeePolicy OrchestratorAPACHE2CONF
    C:Program FilesMcAfeeePolicy OrchestratorDB SOFTWARE
    C:Program FilesMcAfeeePolicy OrchestratorDB KEYSTORE  
     
     

  7. Before you enable and start the ePO 4.5 services, ensure that the contents (version numbers) of the C:Program FilesMcAfeeePolicy Orchestratorserverextensionsinstalled folder match the extensions listed in the OrionExtensions table.

    To check the contents of the OrionExtensions table, access the SQL Tools and run the following T-SQL command:

    Select * from OrionExtensions

     
    NOTE: If there is a mismatch on server startup, the server removes each extension not listed in the OrionExtensions table. If this happens, check in these extensions again and also restore the database again.

     

  8. Start the McAfee ePolicy Orchestrator 4.5.0 Application Server service. 

    NOTE:
    This has to be started for the RunDllGenCerts to work. 

     

  9. Click Start, Run, type cmd and click OK.
  10. Change directories to your ePO installation Path (default: C:Program FilesMcAfeeePolicy Orchestrator).
  11. In the ePO Directory, run the following command:

    IMPORTANT: This command will fail if User Account Control (UAC) is enabled on this server. If this is a Windows Server 2008 or later, this feature must be disabled. More information about UAC can be found at:  http://technet.microsoft.com/en-us/library/cc709691(WS.10).aspx

    Rundll32.exe ahsetup.dll RunDllGenCerts <eposervername> <console HTTPS port> <admin username> <password> <“installdirApache2confssl.crt”>

    where:
    <eposervername> is your ePO server’s NetBios Name
    <console HTTPS port> is your ePO Console Port (default is 8443)
    <admin username> is admin (use the default ePO admin account)
    <password> is the password to the ePO Admin console account
    <installdirApache2confssl.crt> is your installation path to the Apache folder (default installation path: C:Program FilesMcAfeeePolicy OrchestratorAPACHE2CONFSSL.CRT)

    Example:
    Rundll32.exe ahsetup.dll RunDllGenCerts eposervername 8443 administrator password “C:Program FilesMcAfeeePolicy OrchestratorAPACHE2CONFSSL.CRT”
     
    NOTE: The ahsetup.log (found in the <installdirApache2confssl.crt>) provides information about if the command succeeded or failed. It will state if it used the files located in the ssl.crt folder.
     
     

  12. Start the following services:

    McAfee ePolicy Orchestrator 4.5.0 Event Parser 
    McAfee ePolicy Orchestrator 4.5.0 Server

    NOTE: Look in the DB/logs/server.log to ensure that the Agent Handler (Apache server) started correctly.  It should state something similar to the following:

    “20090923173647        I           #4108  NAIMSRV      ePolicy Orchestrator server started.” 

    If it does not then there was an error  similar to:

    “20090923173319       E          #4736  NAIMSRV      Failed to get server key information.” 

3 thoughts on “McAfee ePO 4.5 backup and restore procedure”

  1. I was wondering if you can help me here, i’m building a new server that will have epolicy 4.6, the old server has 4.5. How do i move the info from 4.5 to the new fresh install of 4.6

  2. Hi Nicolle,
    You can export and import your policies and push a new agent to your machines (based on imports of your AD) and you should be good to go.

    A full export/import isn’t available to my knowledge.

    HTH,
    Jack

Leave a Reply

Your email address will not be published. Required fields are marked *