cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

R77.30 sandblast to new virtual machine

Hello,

i have a customer that have r77.30 management server with sandblast.  It is currently running in vmplayer as a virtual machine.

We want it to migrate to ESX as a new virtual management center running r77.30.

My question is , how much problems can i encounter if i make a clean install of r77.30 with sandblast if we have around 200 workstations with sandlast agents running.

Do i need to reinstall agents with new server or will they automatically be registered if the IP address of management center remains the same ?

5 Replies
Admin
Admin

Re: R77.30 sandblast to new virtual machine

Why not just do a migrate export/import of the existing configuration to the new VM?

Or even just simply copy the existing VM?

Otherwise, I imagine you'll have to re-register all the clients.

0 Kudos

Re: R77.30 sandblast to new virtual machine

I have done the export/import and for the first it looked perfect.

I could see old clients and rules but problem arrised with new installations of endpoint client. I get the message in client

" Endpoint Security Client cannot register to the server. The Security ID of this machine was not found. Contact your administrator."

I don't know what to do from this point on ?

Any ideas ?

0 Kudos
Admin
Admin

Re: R77.30 sandblast to new virtual machine

0 Kudos

Re: R77.30 sandblast to new virtual machine

Any other solution because the customer doesn't have payed support so i can't engage with TAC ?

0 Kudos

Re: R77.30 sandblast to new virtual machine

Solved the problem with migration.

When you change a  Security Management Server , the new Active Security
Management Server can have an older Policy Assignment Table (PAT) version than the clients.

If the PAT version on the server is lower than the PAT version on the client, the client will not
download policy updates.
To fix this, update the PAT number on the Active server.
To get the PAT version:
If the Active Security Management Server is available, get the last PAT version from it.
On the Active Server:
Run: uepm patver get
If the Active Security Management Server is not available, get the last PAT version from a client
that was connected to the server before it went down.

On the client computer:
1. Open the Windows registry.
2. Find
HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\EndPoint Security\Device
Agent
3. Double-click the PATVersion value.
The
Edit String window opens.
4. Copy the number in the
Value data field. This is the PAT version number.
To change the PAT version on the server:
1. Open a command prompt.
2. Run the Endpoint Security Management Security utility (
uepm.exe) and set the new PAT
version:
uepm patver set <old_PAT_version_number> + 10
3. Make sure the new PAT version is set by running:
uepm patver get

In my example patver on server was lower then the clients.

I have set it to 1000 with command uepm patver set 1000 , followed by cpstop;cpstart;

After that client started showing in the dashboard.

0 Kudos