Unable to change Management Server Address for Client Security or Server Security hosts (Keyreplacer) - F-Secure Community
<main> <article class="userContent"> <h3 data-version="13" data-article="000003212">Issue:</h3> <p>Unable to change Management Server Address on Client Security or Server Security hosts because the public and private admin keys do not match.<br>Need to migrate hosts between two Policy Manager Servers without having to do a re-installation of the software client side. </p> <h3>Resolution:</h3> <p>If your Policy Manager <b>ONLY</b> manages clients running Client Security <b>14.00 or newer</b>, you can create a Keyreplacer yourself with a tool that can be provided to you by support. <br>The tool comes with instructions on how to create the keyreplacer-file. You will need to know the IP-address or hostname of the new Policy manager, the http- and https-ports that it uses, and depending on the situation, its admin.pub-file (see steps to download admin.pub below). To deploy the keyreplacer, see steps for "Instruction to deploy the Key Replacer fix" below.<br><br>In case you are also managing other installations, kindly provide us with the following information from the new Policy Manager for assistance to create Key Replacer fix.<br></p><ol><li>Admin.pub file</li><li>The Policy Manager management address</li><li>The http- and https-ports used by the Policy Manager</li></ol> ( On Linux systems the port information can be found in the following log:<br>/var/opt/f-secure/fspms/logs/fspms-stderrout.log )<br><br>To download admin.pub file, please follow these steps: <ol><li>Login to the PM console</li><li>In the top menu, click Tools > Server Configuration > Keys</li><li>Click Export to download admin.pub and admin.prv files</li></ol> Attach the admin.pub file to your e-mail reply and we will create the Key Replacer hotfix file for you. <p><u><b>Instruction to deploy the Key Replacer fix</b></u></p> <ol><li>Please close the Policy Manager Console and stop Policy Manager Server service in services.msc</li></ol><p><br>You can also stop Policy Manager service by opening a command prompt with elevated mode and typing in the below command.<br><br><i>net stop fsms</i></p> <ol start="2"><li>Configure the registry on the Policy Manager Server</li></ol><p>Locate this registry key:<br><br>"<i>HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Server 5</i>" for - <b>32bits OS</b><br><br>"<i>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432node\Data Fellows\F-Secure\Management Server 5</i>" for -<b> 64bits OS</b></p> <ol start="3"><li>Right-click on Management Server 5 Registry Key and add a new String Value with the following:</li></ol><p><br>Name: additional_java_args<br>Data field: <i>-DallowUnsignedWithRiwsAndMibs=true</i><br><br>Note: Please don't remove the <i>-D</i> on the beginning of the string or it will not work properly.<br> </p> <p>The same works for Linux, but you need to use config file <em>/etc/opt/f-secure/fspms/fspms.conf</em> instead of the registry. Create a new line with parameter <em>additional_java_args</em> and specify Java system properties in its value in quotes in the following format: -DpropertyName=value. Multiple properties can be specified using space as a delimiter. Property names and values are case sensitive.</p> <p><strong>Example:</strong> additional_java_args=-DallowUnsignedWithRiwsAndMibs=true -Dh2ConsoleEnabled=true -DmaxSynchronousPackageRetrievalRequests=100<br> </p> <ol start="4"><li>Start the Policy Manager Server service and open the Policy Manager Console</li><li>Go to the Installation-tab and click Installation packages</li><li>Click Import to import "KeyReplacer_unsigned.jar" file to the Policy Manager Console as an Installation package</li><li>Deploy the KeyReplacer file to all clients, for example using a policy-based installation</li></ol><p><br>After the deployment is finished import the hosts in the Policy Manager Console by going to the Installation tab and clicking "<i>Import new hosts</i>".</p> <p>Article no: 000003212</p> </article> </main>