Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1176
  • Last Modified:

Can't update McAfee ePO from 4 to 4.5

I've been trying to get ePO updated from 4 to 4.5, I tried to run the 4.5 install but it said "Incompatible product detected so stop the install".  The minimum requirements for 4.5 is 4 with patch 3 or higher so I installed patch 6 while is the latest for 4.0 but still getting the same message.  Below are the relevant lines from the install log.

1: 13:30:10 ePO450CALog: Setup detected ePO 4.0 without Patch 3 or higher. This upgrade is not supported so stopping the install.
1: 13:30:10 ePO450CALog: Patch install NOT detected so skip patch number detection.
1: 13:30:13 ePO450CALog: FAILURE: Incompatible product detected so stop the install.


I found this article but this key exists and all the values check out.  I've tried incrimenting the version values to see if that's what the installer checks for but apparently not...

https://kc.mcafee.com/corporate/index?page=content&id=KB65548
0
ebooyens
Asked:
ebooyens
  • 11
  • 9
4 Solutions
 
Justin OwensITIL Problem ManagerCommented:
Are you logging into the machine as your EPOAdmin account or as the local administrator of the server to do the install?
0
 
ebooyensAuthor Commented:
Thanks, what I know about McAffe AV is dangerous so this might be the issue.  I'm logging on as the domain admin account but I can see this account is also a member of "ePO User Group" in AD.  I was able to do the 4.0 patch 6 install so would that be sufficient?
0
 
Justin OwensITIL Problem ManagerCommented:
No.  Log into the machine with the local administrator account (this should NOT be a DC, so you should be OK with this).  During the setup process, you will need to input info about the ePOAdmin account.  Again, this should NOT be your Domain Admin account, but it should be an account with sufficient privileges to install and modify software across all computers in your domain (and members of the Domain Admins group have that right).
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
ebooyensAuthor Commented:
OK thanks.  But I'm not getting to that stage yet, any ideas on getting around this version check or why it thinks I don't have the right patch level?
0
 
Justin OwensITIL Problem ManagerCommented:
Well, for kicks, can you try to run the install again logged in as the local Administrator account?  ePO can be persnickety.
0
 
ebooyensAuthor Commented:
I just realised this is in fact a DC...  So is it a requirement of ePO to be installed on a member server?

I've re-installed 4.0 patch 6 now logged in as a different domain admin account but the 4.5 install still fails with the same error.

Thanks
0
 
Justin OwensITIL Problem ManagerCommented:
It is not a requirement, but it causes a LOT of extra traffic to the server, which can adversely affect the performance of AD.  It also changes how you install.

First, replace this line:

"InstallSource"="C:\\Documents and Settings\\Administrator\\Desktop\\ePO400P4\\"

with this:

"InstallSource"="C:\\Documents and Settings\\USER PROFILE PATH\\Desktop\\ePO400P4\\"

where USER PROFILE PATH is the correct location of the ePO installation media (assuming it is indeed, on your desktop).
0
 
ebooyensAuthor Commented:
So this is to the path of the 4.0 install files?  So in my case ePO400P6?

And this is the line in registry I assume?  I'm guessing from the double back-slashes that this would be if I did a registry import, so the actual registry entry should be single single back-slashes?

With the path pointing to the ePO400P6 folder with single slashes I still get the same I'm afraid.

I'm tempted to just uninstall and install 4.5 from scratch.
0
 
Justin OwensITIL Problem ManagerCommented:
Well, that is an option.  You can uninstall the server ePO software but retain the database.  You should be able to use the database you have to do your install of the new software.  How big is your deployment and how much customization of ePO policy do you have in place?
0
 
Justin OwensITIL Problem ManagerCommented:
Sorry... I accidently hit the TAB.

Another option would be to do an export of your custom policies (if you have any).  In this way you would be able to import them into a new install, if you choose that path.
0
 
ebooyensAuthor Commented:
Yeah, I think I'll just have to do that now.  The export sounds like a plan, could you run me roughly through where to find the ability to export?

Thanks
0
 
Justin OwensITIL Problem ManagerCommented:
This is from memory, as I don't have access to an ePO 4.0 server at the moment...

In the main dashboard, you should be able to get to your policy catalogue.  You can also get to individual policies from the "browser" type window showing your groups/folders.  Each policy which is not the McAfee default should be exported.

A decent resource of a real world scenario:

https://community.mcafee.com/message/55614


Justin
0
 
ebooyensAuthor Commented:
Thanks, I'll have a go
0
 
ebooyensAuthor Commented:
Right, so I've exported the important policies and made a backup of the security keys.  Any ideas on how to re-import these keys so the clients can start talking to the server?

Thanks!
0
 
ebooyensAuthor Commented:
Would help if I tried the EDIT button in the corner...
0
 
ebooyensAuthor Commented:
It seems I didn't export the keys in the right way so can't import them again.  Is there a simple way to get those system back on ePO or would I need to run something on the clients to get them registered again?

Thanks
0
 
Justin OwensITIL Problem ManagerCommented:
On the new server, just send out an Agent Wake Up call and force a new client install over the existing client.
0
 
ebooyensAuthor Commented:
Thanks for all the help on this, could I ask one last quick thing and I'll close this one then

I've pushed out the client to all machines, tried a number of ways, but there are still a couple of machines showing as unmanaged.  Is there a way I can just do the install manually from in front of the PC themselves to get them back as managed in ePO?

Thanks!
0
 
Justin OwensITIL Problem ManagerCommented:
Yes.  Use the ePO server to create an agent install package.  You can then copy that exe to any machine you need to manually run the install.

KB: https://kc.mcafee.com/corporate/index?page=content&id=KB51661

Justin
0
 
ebooyensAuthor Commented:
That's great, thanks all
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 11
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now