Clean Installation - same IP address

The objective of this procedure is to install an entirely new instance of ESET PROTECT Server that does not use the previous database, but retains records for client computers. This new ESET PROTECT Server will have the the same IP address as your previous server, but will not use the database from the old ESET PROTECT Server.


Click here to view the image larger

On your current (old) ESET PROTECT Server:



If the client computers are encrypted with ESET Full Disk Encryption, decrypt them before migrating to another ESET PROTECT Server to avoid the loss of recovery data. After the migration, you can encrypt the client computers again using the new ESET PROTECT Server.

1.Export a server certificate from your current ESET PROTECT Server and save it to external storage.

Export all Certification Authority Certificates from your ESET PROTECT Server and save each CA certificate as a .der file.

Export Server Certificate from your ESET PROTECT Server to a .pfx file. The exported .pfx will include a private key as well.

2.Stop the ESET PROTECT Server service.

3.Turn off your ESET PROTECT Server machine.



Do not uninstall/decommission your old ESET PROTECT Server yet.

On your new ESET PROTECT Server:



To use a new ESET PROTECT Server with the same IP address, make sure the network configuration on your new ESET PROTECT Server (IP address, FQDN, Computer name, DNS SRV record) matches that of your old ESET PROTECT Server.

1.Install ESET PROTECT Server/MDM using the All-in-one package installer (Windows) or choose another installation method (Windows manual installation, Linux or Virtual Appliance).

2.Connect to ESET PROTECT Web Console.

3.Import all CAs that you have exported from your old ESET PROTECT Server. To do so, follow the instructions for importing a public key.

4.Change the ESET PROTECT Server certificate in your Server settings to use the Server certificate from your old ESET PROTECT Server.

5.Import all required ESET licenses to ESET PROTECT.

6.Restart the ESET PROTECT Server service, see our Knowledgebase article for details.

Client computers should now connect to your new ESET PROTECT Server using their original ESET Management Agent certificate, which is being authenticated by the imported CA from the old ESET PROTECT Server. If clients are not connecting, see Problems after upgrade/migration of ESET PROTECT Server.



When adding new client computers, use a new Certification Authority to sign the Agent certificates. This is done because an imported CA cannot be used to sign new peer certificates, it can only authenticate ESET Management Agents of client computers that were migrated.

Old ESET PROTECT Server/MDM uninstallation:

Once you have everything running correctly on your new ESET PROTECT Server, carefully decommission your old ESET PROTECT Server/MDM using our step-by-step instructions.