[KB7710] Migrate managed computers from an existing ESET PROTECT Server to a new ESET PROTECT Server (Windows)

Issue

Required user permissions

This article assumes that you have the appropriate access rights and permissions to perform the tasks below.

If you use the default Administrator user or are unable to perform the tasks below (the option is unavailable), create a second administrator user with all access rights.

  1. Install the new ESET PROTECT Server
  2. Export the Certificate Authority from the new ESET PROTECT Server
  3. Export the Agent Certificate
  4. Import the Certificate Authority (CA) .der file to the existing ESET PROTECT Server
  5. Migrate client computers from the old server

Solution

Before Migration

Before any migration, decrypt all workstations encrypted with ESET Full Disk Encryption. You can encrypt them once the migration is finished. 

I. Install the new ESET PROTECT Server

  1. Install ESET PROTECT Server using the All-in-one package installer (Windows) or choose another installation method (Windows manual installation, Linux or Virtual Appliance).

  2. Import all required ESET licenses to ESET PROTECT On-Prem.


II. Export the Certificate Authority from the new ESET PROTECT Server (Server One in this example)

  1. Open ESET PROTECT On-Prem in your web browser and log in.

  2. Click the More icon → Certification Authorities.

  3. Click ESET PROTECT Certification authority and select Export Public Key.

  4. The file is saved with a .der file extension.

    Figure 1-1

III. Export the Agent Certificate .pfx file from the new ESET PROTECT Server

  1. Open ESET PROTECT On-Prem in your web browser and log in.
  2. Click the More icon ...→ Peer Certificates.

  3. Click Agent certificate and select Export.

  4. The file is saved with a .pfx file extension.

  1. Save the .pfx and .der files to a shared location that is accessible from Server Two.
    Figure 2-1

 

IV. Import the Certificate Authority (CA) .der file to the existing ESET PROTECT Server (Server Two in this example)

  1. Open ESET PROTECT On-Prem in your web browser and log in.

  2. Click the More icon ... Certification Authorities.

  3. Click Actions and select Import Public Key.

    Figure 3-1
  1. Click Choose file to upload, navigate to the shared location where you saved the Certificate Authority (CA) .der file, select the file and then click Open.
    Figure 3-2
  1. Type a Description and click Import.

    Figure 3-3
  1. After the Certificate has successfully imported, click Close. The Certification Authority from Server One is now in the Certification Authorities list on Server Two.

    Figure 3-4

Make sure the exported Agent certificate .pfx file is accessible to the existing ESET PROTECT Server (Server Two) and continue to migrate client computers from the existing ESET PROTECT Server to the new ESET PROTECT Server.


V. Migrate client computers from the old server

Warning

If the client computers are encrypted with ESET Full Disk Encryption, decrypt them before migrating to another ESET PROTECT Server to avoid the loss of recovery data. After the migration, you can encrypt the client computers again using the new ESET PROTECT Server.

  1. Open ESET PROTECT On-Prem in your web browser and log in.

  2. Click Policies.

  3. Click Actions → New.

    Figure 4-1
  1. Type a Name and optional Description for the policy in the appropriate fields.

    Figure 4-2
  1. Click Settings, select ESET Management Agent from the drop-down menu and click Edit server list.

    Figure 4-3
  1. Click Add. Type the FQDN / IP address of the new server in the Host field and click OK.

    Figure 4-4
  1. Verify the FQDN / IP address for the new server is correct and click Save.

    Figure 4-5
  1. Click Change certificate.

    Figure 4-6
  2. Select Custom certificate and click the folder icon.

    Figure 4-7
  3. Navigate to the Agent Certificate .pfx file exported from the new ESET PROTECT Server, select the file and click OK.

    Figure 4-8
  4. The Agent certificate is in the policy.

    Figure 4-9
  1. Click Assign → Assign, select a client computer (only select one to start) to migrate to the new server. Click OK.

    Figure 4-10
  2. Click Finish.

  3. Verify the test client computer is now connected to the new ESET PROTECT Server and the Agent policy has the correct certificate.

  4. After a successful migration of the test client computer, assign the new policy you created to the rest of your client computers to complete the migration to the new ESET PROTECT Server.

  5. Client computers should now connect to your new ESET PROTECT Server. If clients are not connecting, see Problems after upgrade/migration of ESET PROTECT Server.

  6. When you have everything running correctly on your new ESET PROTECT Server, carefully decommission your old ESET PROTECT Server.