- CheckMates
- :
- Products
- :
- Harmony
- :
- Endpoint
- :
- R77.30 sandblast to new virtual machine
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R77.30 sandblast to new virtual machine
Hello,
i have a customer that have r77.30 management server with sandblast. It is currently running in vmplayer as a virtual machine.
We want it to migrate to ESX as a new virtual management center running r77.30.
My question is , how much problems can i encounter if i make a clean install of r77.30 with sandblast if we have around 200 workstations with sandlast agents running.
Do i need to reinstall agents with new server or will they automatically be registered if the IP address of management center remains the same ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why not just do a migrate export/import of the existing configuration to the new VM?
Or even just simply copy the existing VM?
Otherwise, I imagine you'll have to re-register all the clients.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have done the export/import and for the first it looked perfect.
I could see old clients and rules but problem arrised with new installations of endpoint client. I get the message in client
" Endpoint Security Client cannot register to the server. The Security ID of this machine was not found. Contact your administrator."
I don't know what to do from this point on ?
Any ideas ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Suggest engaging with the TAC.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any other solution because the customer doesn't have payed support so i can't engage with TAC ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Solved the problem with migration.
When you change a Security Management Server , the new Active Security
Management Server can have an older Policy Assignment Table (PAT) version than the clients.
If the PAT version on the server is lower than the PAT version on the client, the client will not
download policy updates.
To fix this, update the PAT number on the Active server.
To get the PAT version:
If the Active Security Management Server is available, get the last PAT version from it.
On the Active Server:
Run: uepm patver get
If the Active Security Management Server is not available, get the last PAT version from a client
that was connected to the server before it went down.
On the client computer:
1. Open the Windows registry.
2. Find HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\EndPoint Security\Device
Agent
3. Double-click the PATVersion value.
The Edit String window opens.
4. Copy the number in the Value data field. This is the PAT version number.
To change the PAT version on the server:
1. Open a command prompt.
2. Run the Endpoint Security Management Security utility (uepm.exe) and set the new PAT
version:
uepm patver set <old_PAT_version_number> + 10
3. Make sure the new PAT version is set by running:
uepm patver get
In my example patver on server was lower then the clients.
I have set it to 1000 with command uepm patver set 1000 , followed by cpstop;cpstart;
After that client started showing in the dashboard.