Clean Installation - same IP address

The objective of this procedure is to install an entirely new instance of ESMC Server that does not use the previous database, but retains records for client computers. This new ESMC Server will have the the same IP address as your previous server, but will not use the database from the old ESMC Server.

migration_of_clients_same_server

Click here to view the image larger

On your current (old) ESMC Server:

1.Export a server certificate from your current ESMC Server and save it to external storage.

Export all Certification Authority Certificates from your ESMC Server and save each CA certificate as a .der file.

Export Server Certificate from your ESMC Server to a .pfx file. The exported .pfx will include a private key as well.

2.Stop the ESMC Server service.

3.Turn off your ESMC Server machine (optional).

validation-status-icon-warning IMPORTANT

Do not uninstall/decommission your old ESMC Server yet.

 

On your new ESMC Server:

validation-status-icon-warning IMPORTANT

Make sure the network configuration on your new ESMC Server (IP address, FQDN, Computer name, DNS SRV record) matches that of your old ESMC Server.

1.Install ESMC Server/MDM using the All-in-one package installer (Windows) or choose another installation method (Windows manual installation, Linux or Virtual Appliance).

2.Connect to ESMC Web Console.

3.Import all CAs that you have exported from your old ESMC Server. To do so, follow the instructions for importing a public key.

4.Change the ESMC Server certificate in your Server settings to use the Server certificate from your old ESMC Server (exported in step 1.).

5.Import all required ESET licenses to ERA.

6.Restart the ESMC Server service, see our Knowledgebase article for details.

Client computers should now connect to your new ESMC Server using their original ESET Management Agent certificate, which is being authenticated by the imported CA from the old ESMC Server. If clients are not connecting, see Problems after upgrade/migration of ESMC Server.

details_hoverNOTE

When adding new client computers, use a new Certification Authority to sign the Agent certificates. This is done because an imported CA cannot be used to sign new peer certificates, it can only authenticate ESET Management Agents of client computers that were migrated.

Old ESMC Server/MDM uninstallation:

Once you have everything running correctly on your new ESMC Server, carefully decommission your old ESMC Server/MDM using our step-by-step instructions.