Move Policymanager to other server WITH content

Hello everyone!Smiley Happy

 

We are facing the migration / movement of fspm to a new server. Is there any option to export all preferences as well as all clients?

I don't want to set up the whole thing again including all policies and so on...

 

I guess the only thing I can do is a whole backup of the folders. This procedure is discribed in the manual of fspm.

Are the clients also backupped?!

 

Thanks for some hints!

Accepted Answer

Comments

  • i don't need to change IPs or Hostname on the clients. I'll use the same IP so nothing must be changed.


    Thanks for your help. It agrees to my consideration how to move the fspm... Hope it will work for me.

  • PopeyePopeye Posts: 36

    Am I misunderstanding something, or are you trying to migrate/copy the policy hierarchy?

     

    That can be done during/after installing the new policy manager server (PMS). If you upgrade the PMS on the same server, you will be asked if you want to upgrade the current installaton. If you are performing a fresh install on a new server you can run a simple command that will migrate the old policy hierarchy to the new server.

     

    First, map the folder with the old PMS installation as a network drive on the new server. Then run the command

     

    <F-Secure installation>\Management Server 5\bin\fspms-migrator-launcher.exe

     

    That will launch the migrator that will guide you through the migration process. Remember to copy the keys from the old server!

     

    Note: The Admin guide states that the migration will not change anything on the old server, so you can roll back if necessary. On one of my two migrations, the old install was corrupted somehow and could not be rolled back. It wasn't a big deal for me as I managed to fix the new PMS installation, but if I wanted to I could not roll back. I hope this was just me, and not a problem others experience.

  • MJ-perCompMJ-perComp Posts: 1,099 Superuser

    Popeye wrote:

    Note: The Admin guide states that the migration will not change anything on the old server, so you can roll back if necessary. On one of my two migrations, the old install was corrupted somehow and could not be rolled back. It wasn't a big deal for me as I managed to fix the new PMS installation, but if I wanted to I could not roll back. I hope this was just me, and not a problem others experience.



    There is a domain recovery tool that would fix a broken PM9-commdir. But after a couple of weeks the old commdir is pretty useless, depending on the size of your installation and your own activity in the PMC. Most important is BACKUP the H2-databases, but do not forget to stop PMS before the backup!!!

     

  • Hi

     

    I am migrating policy manager 10 from one server to a new server.  I have copied the H2 database (with  PMS stopped) and have changed the DNS record that the clients use to now point to the new policy manager server.  However, all of my clients are now booting with errors saying:

     

    An error occurred when trying to use the key that is in the file C:\Program Files\F-Secure\Common\admin.pub.

     

    F-Secure Management Agent: The file C:\Program Files\F-Secure\Common\policy.bpf did not pass signature verification. The file may have been manually modified. If the problem persists, please contact the system administrator.

     

    I expected that this was because the keys were not transferred but how can this be if they are now in the H2 database?

     

    For now I have changed the DNS back to point at the old server but I need to get this resolved.

     

    Thanks

     

    Matt

  • etomcatetomcat Posts: 1,319 Superuser

    Hello,

     

    There is a menu within F-Secure Policy Manager Console to replace the signing key pair (admin.pub and admin.prv):

    Tools / Server Config / Keys / Replace Keys. You may need to use that.

     

    Sincerely: Tamas Feher, 2F 2000, Hungary.

  • Hi

     

    I have just imported the keys but I still have the errors...

  • etomcatetomcat Posts: 1,319 Superuser

    Hello,

     

    You need to distribute policies after changing the keys.

  • Hi

     

    Thanks for this.  I have distributed policies but this hasn't helped as the clients can't connect to the management server anymore.  Once I change the DNS record to point at the new management server and restart the client computer the policy file cannot be read and F-Secure reverts to the default policies and the management server address is blank (http://) so there is no way for the client to actually talk to the new server.  As soon as I revert the DNS record to point at the old management server and restart the client F-Secure works fine again.

  • ChrissyChrissy Posts: 438

    Hi MattWilson84!  I just wanted to check in and see if you are still having this issue, or if everything is now working.  If you still need help, we'll be happy to guide you in the right direction!

     

    ChrissyT

    F-Secure Community Manager

This discussion has been closed.