Loading...

Knowledge Center


How to update an ePolicy Orchestrator Master Repository from another ePolicy Orchestrator server
Technical Articles ID:   KB82581
Last Modified:  7/10/2018
Rated:


Environment

McAfee ePolicy Orchestrator (ePO) 5.x

Summary

In certain circumstances it is necessary or advantageous to pull content from one ePO server to another. This article describes the best way to achieve this.

Solution

Perform the following steps to update an ePO Master Repository from another ePO server:

NOTE: In the following steps, ePO-B is the ePO server that is will be updated from the Master Repository of ePO server ePO-A.
  1. Export the Master Repository Public Key(s) from ePO-A:
     
    1. Log on to the ePO-A console.
    2. Click Menu, Configuration, Server Settings.
    3. Select Security Keys in the Setting Categories list, and then click Edit.
    4. Next to Local master repository key pair, make a note of the number of key pairs. You may have one or two key pairs - a 1,024-bit pair and/or a 2,048-bit pair.
    5. Click Export Public Key for the first key.
    6. Click OK.
    7. Click Save.
    8. Browse to a shared location that can be accessed by both servers (the default file name is rp<bit_size><server_name>.zip, for example rp2048ePO-A.zip).
    9. Click Save.
    10. If you have two key pairs, click Export Public Key for the second key and save it in the same location.
       
  2. Import the Public Key(s) from ePO-A into ePO-B:
     
    1. Log on to the ePO-B console.
    2. Click Menu, Configuration, Server Settings.
    3. Select Security Keys in the Setting Categories list, and then click Edit.
    4. Next to Import and back up keys, click Import.
    5. Browse to the location where you saved the exported .zip file(s), select the .zip file, and then click Next.
    6. Verify this is the appropriate Master Repository Public Key, and then click Save.
    7. If you exported more than one key from ePO-A, repeat these steps for the remaining key.
    8. Confirm that you can see ePO-A's Public Key(s) listed in the Other repository public keys section.
       
  3. On ePO-A, create a new UNC distributed repository. The repository must to be in a location that is accessible from ePO-B. It can be on ePO-A itself, but this is not required.
     
    IMPORTANT: It is critical that the guidelines in this step are followed exactly. If not, ePO-B could pull ePO-A's Agent package and keys, which can result in ePO-B's client systems being moved to ePO-A.
     
    When configuring the repository, under Package Types, select the content that you want to provide to ePO-B. When you select packages, do not choose All Packages; instead, choose Selected Packages, and select only the packages that you want to replicate. Do not select any of the following package types:
    • McAfee Agent
    • ePO Agent Key Updater
     
    It is recommended that you select only the packages listed under Signatures and engines. Do not select the Replicate legacy DATs option.
     
    The new distributed repository should be used only for providing content to ePO-B. Disable it in your McAfee Agent policies, so that client systems do not try to update from it.
     
  4. After you have configured the new repository, run a Replicate Now task to populate it with the selected content.
  5. On ePO-B, define a new Source Site and configure it to point to the new distributed repository:
     
    1. In the ePO-B console, click Menu, Configuration, Server Settings.
    2. Select Source Sites in the Setting Categories list, and then click Edit.
    3. Click Add Source Site.
    4. Specify a Repository name, and select UNC as the Type, then click Next.
    5. Specify the UNC path to the distributed repository on ePO-A (for example, \\ePO-A\Repository). Click Next.
    6. Specify the download credentials and then click Test Credential. After the Credentials are valid message displays, click Next.
    7. Verify the settings are correct, and then click Save.
       
  6. Create a Repository Pull task to update ePO-B from ePO-A:
     
    1. In the ePO-B console, click Menu, Automation, Server Tasks.
    2. Click New Task, name the task, and keep the Schedule status as Enabled. Click Next.
    3. Select Repository Pull from the Action drop-down menu.
    4. Select ePO-B as the Source Site, select the packages you want to update from the Available Source Site Packages, click OK, then click Next.
    5. Schedule the task, and then click Next.
    6. Verify the settings are correct, and then click Save.
This Repository Pull task will now update ePO-B using content from ePO-A.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.