McAfee KnowledgeBase - ePO 4.5 and 4.6 Cluster Backup ... - CUNY

Document Sample
McAfee KnowledgeBase - ePO 4.5 and 4.6 Cluster Backup ... - CUNY Powered By Docstoc
					McAfee KnowledgeBase - ePO 4.5 and 4.6 Cluster Backup and Disaster Recovery procedure                       8/14/12 4:11 PM




 Corporate KnowledgeBase
 ePO 4.5 and 4.6 Cluster Backup and Disaster Recovery procedure

  Corporate KnowledgeBase ID:                       KB75497
               Last Modified:                       July 26, 2012


 Environment
 McAfee ePolicy Orchestrator 4.6
 McAfee ePolicy Orchestrator 4.5

 For details of all supported operating systems, see KB51109 (index?page=content&id=KB51109) .

 Summary
 Cluster Backup and Disaster Recovery steps for ePolicy Orchestrator (ePO) 4.5 and 4.6.

 Solution
 IMPORTANT:
 This procedure is intended for use by network and ePO administrators only. McAfee does not assume
 responsibility for any damage incurred because they are intended as guidelines for Disaster Recovery. All
 liability for use of the following information remains with the user.

          The following procedure is for use with ePO 4.5 and 4.6 servers only.
          This will not work if you rename the ePO server. See KB66620 (index?page=content&id=KB66620) for steps on
          handling this situation.
          The Operating System (OS) must be the same if you are going to re-install the OS.
          You must reinstall ePO to the exact same directory path as the previous installation or initialization of
          extensions will fail when the restore is complete. See KB70685 (index?page=content&id=KB70685) for a Product
          Management statement regarding this limitation.

 NOTES:

          The agent uses either the last known IP address, DNS name, or NetBIOS name of the ePO server. If
          you change any one of these, ensure that the agents have a way to locate the server. The easiest way to
          do this would be to retain the existing DNS record and change it to point to the new IP address of the
          ePO server. After the agent is able to successfully connect to the ePO server, it downloads an updated
          SiteList.xml with the current information.

          The procedure can also be used by customers who want to migrate the ePO 4.5 Cluster or 4.6 Cluster to
          another system.
https://kc.mcafee.com/corporate/index?page=content&id=KB75497&pmv=print&viewlocale=en_US                         Page 1 of 5
McAfee KnowledgeBase - ePO 4.5 and 4.6 Cluster Backup and Disaster Recovery procedure                      8/14/12 4:11 PM




 Preparation
 To ensure a smooth recovery, do not perform a backup while the server is in the middle of installing an
 extension.

 Before backing up
 If possible, open the Windows Cluster Administrator/Management tool and set all ePO services to offline:

          On Windows Server 2003: Click Start, Program Files, Administrative Tools, Cluster
          Administrator.
          On Windows Server 2008: Click Start, Programs, Administrative Tools, Failover Cluster
          Management.

 Otherwise, ensure that no one is performing the following actions during the backup:

          Installing, uninstalling, or upgrading an extension
          Updating the ePO database configuration

 Backing up
 Use the following to back up the SQL database (normally named ePO4_<ServerName>, where the
 <ServerName> is your ePO 4.5 / 4.6 server name):

          See KB59562 (index?page=content&id=KB59562) - How to back up the ePO database using OSQL commands, or
          KB52126 (index?page=content&id=KB52126) - How to back up and restore the ePO database using Enterprise
          Manager/ Management Studio.
          DBBAK utility
          SQL Enterprise Manager

 The following folder paths must be backed up from the Share drive which was specified during installation:

          Example: (S:\ ePolicy Orchestrator\...)

          S:\ ePolicy Orchestrator\BIN\
          All installed extensions and configuration information for the ePO Application Server service is
          found here.

          S:\ ePolicy Orchestrator\DB \SOFTWARE\
          All Products that have been checked into the Master Repository are located here.

          S:\ ePolicy Orchestrator\DB \KEYSTORE\
          The Agent, Server, and Repository Keys that are unique to your installation are located here.
          Failing to restore this folder results in re-pushing the agent to all your systems, and checking in
          all of your deployable packages again.

          S:\ ePolicy Orchestrator\APACHE2\CONF
          The Server configuration settings for Apache, the SSL Certificates needed to authorize the server
          to handle agent requests, and Console Certificates are located here. Failure to back up and restore
          this directory results in a re-installation of ePO to create new ones and possibly using a clean

https://kc.mcafee.com/corporate/index?page=content&id=KB75497&pmv=print&viewlocale=en_US                        Page 2 of 5
McAfee KnowledgeBase - ePO 4.5 and 4.6 Cluster Backup and Disaster Recovery procedure                      8/14/12 4:11 PM



          database installation.


 Recovery

      1. Delete or rename the ePO database on the SQL server.
         NOTE: If you do not know how to perform the MSSQL operation, contact Microsoft Support.

      2. Reinstall ePO 4.5 / 4.6.

          IMPORTANT: You must reinstall ePO Cluster to the exact same directory path as the previous
          installation or initialization of extensions will fail when the restore is complete. Also, you do not have
          to specify the same port configuration except for the database. The ports are restored to the previous
          installation values during the restore. Installation must follow the steps found in ePO Product guide
          (PD22974 (index?page=content&id=PD22974) ) Page 20, Performing Cluster installation.

      3. Apply any patches to ePO 4.5 / 4.6 that had been previously applied.

          NOTE: You can verify the ePO 4.5/4.6 patch level by looking at the Version field in the backed up
          Server.ini file (S:\ePolicy Orchestrator\DB\) and cross referencing it with KB59938 (index?
          page=content&id=KB59938) - Version information for the ePO 4.x server.


      4. After installing, open the Windows Cluster Administrator/Management tool and set all McAfee
         ePO services to offline:

                   On Windows Server 2003: Click Start, Program Files, Administrative Tools, Cluster
                   Administrator.
                   On Windows Server 2008: Click Start, Programs, Administrative Tools, Failover Cluster
                   Management.

      5. Restore the database.
         NOTE: Restore the database so that you do not require the ePO database configuration to be updated
         (for example, same name, host, port, and so on). Otherwise, you have to update the restored
         DB.PROPERTIES file in S:\ePolicy Orchestrator\Bin \server\conf\Orion with the new information
         before starting up the server.

      6. Delete the following folders, replacing them with the corresponding folders that were backed up
         earlier:

          S:\ePolicy Orchestrator\BIN\
          S:\ePolicy Orchestrator\DB \SOFTWARE\
          S:\ePolicy Orchestrator\DB \KEYSTORE\
          S:\ePolicy Orchestrator\APACHE2\CONF

      7. Before you set to online and start the ePO 4.5 / 4.6 Cluster services, ensure that the contents (version
         numbers) of the S:\ePolicy Orchestrator\Bin \server extensions\installed folder match the extensions
         listed in the OrionExtensions table.

https://kc.mcafee.com/corporate/index?page=content&id=KB75497&pmv=print&viewlocale=en_US                        Page 3 of 5
McAfee KnowledgeBase - ePO 4.5 and 4.6 Cluster Backup and Disaster Recovery procedure                            8/14/12 4:11 PM




          To check the contents of the OrionExtensions table:

               a. Access the SQL Tools and run the following T-SQL command:

                 Select * from OrionExtensions
              b. If there is a mismatch on server startup, the server removes each extension not listed in the
                 OrionExtensions table. If this happens, check in these extensions again and also restore the
                 database again.

      8. Set only the McAfee ePO 4.x Application Server Service resource to online.
         NOTE: You have to start this service for RunDllGenCerts to work.

     9. Click Start, Run, type cmd and click OK.
    10. Change directories to your ePO installation path (default: S:\ePolicy Orchestrator\).
    11. In the ePO Directory, run the following command:

          IMPORTANT: This command will fail if you have enabled User Account Control (UAC) on this
          server. If this is a Windows Server 2008 or later, disable this feature. You can find more information
          about UAC at: http://technet.microsoft.com/en-us/library/cc709691(WS.10).aspx (http://technet.microsoft.com/en-
          us/library/cc709691(WS.10).aspx) .



          Rundll32.exe ahsetup.dll RunDllGenCerts <eposervername> <console HTTPS port> <admin
          username> <password> <"installdir\Apache2\conf\ssl.crt">

          where:
          <eposervername> is your ePO server's NetBIOS Name
          <console HTTPS port> is your ePO Console Port (default is 8443)
          <admin username> is admin (use the default ePO admin account)
          <password> is the password to the ePO Admin console account
          <installdir\Apache2\conf\ssl.crt> is your installation path to the Apache folder (default installation
          path: S:\ePolicy Orchestrator\APACHE2\CONF\SSL.CRT)

          Example:
          Rundll32.exe ahsetup.dll RunDllGenCerts eposervername 8443 administrator password "S:\ePolicy
          Orchestrator\APACHE2\CONF\SSL.CRT"

          NOTE: The RunDllGenCerts command is case-sensitive. The ahsetup.log (found in
          <installdir\Apache2\conf\ssl.crt>) provides information about whether the command succeeded or
          failed. It will state if it used the files located in the ssl.crt folder.

    12. Set the following Service resources to online, then start each:

                   ePO 4.X Event Parser
                   ePO 4.X Server



https://kc.mcafee.com/corporate/index?page=content&id=KB75497&pmv=print&viewlocale=en_US                              Page 4 of 5
McAfee KnowledgeBase - ePO 4.5 and 4.6 Cluster Backup and Disaster Recovery procedure                      8/14/12 4:11 PM



 Related Information
 KB66616 (index?page=content&id=KB66616) - ePO 4.5 and 4.6 server backup and disaster recovery procedure




https://kc.mcafee.com/corporate/index?page=content&id=KB75497&pmv=print&viewlocale=en_US                        Page 5 of 5

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:10
posted:3/21/2013
language:English
pages:5