The remnant entries of MOVE 3.6.x in the database with old certificates cause the
MOVE 4.9.x SVA-manager to fail to sync with ePO. To determine if these entires are sent from ePO, you need to validate the entries in
svaManagerPolicy.xml file. This file is available in
/opt/McAfee/movesvamanager/etc/svaManagerPolicy.xml.
If the XML file contains the following strings, it confirms that the old MOVE 3.6 entries are being sent from ePO.
<Setting name="brokerCert36"
<Setting name="brokerPrivateKey36"
<Setting name="caCert36"
<Setting name="brokerCert"
<Setting name="brokerPrivateKey"
<Setting name="caCert"
The
svaManagerPolicy.xml must contain only the following strings:
<Setting name="brokerCert"
<Setting name="brokerPrivateKey"
<Setting name="caCert"
Also, you must check the ePO DB for old certificate information entries by running the SQL script below.
- Log on to SQL Server Management Studio.
- Right-click the McAfee ePO database and select New Query.
- Copy and paste the SQL script shown below and click Execute to get the results.
Select * from EPOPolicySettingValuesMT where SettingName in ('brokercert36', 'brokerprivatekey36', 'cacert36')
The following screenshot shows an example output of the previous command, listing the certificate information.
