[KB7710] Migrate managed devices from an existing ESET PROTECT Server to a new ESET PROTECT Server (Windows)

Solution

1. Install the new ESET PROTECT Server
2. Export the Agent certificate .pfx file from the new ESET PROTECT Server
3. Export the Certification Authority .der file from the new ESET PROTECT Server
4. Import the Certification Authority .der file exported from the new ESET PROTECT Server to the current one
5. Migrate client devices from the current ESET PROTECT Server to the new one

I. Install the new ESET PROTECT Server

1. Install ESET PROTECT Server using the ESET PROTECT On-Prem All-in-one installer or ESET PROTECT Server standalone installer.

2. Import all required ESET subscriptions to ESET PROTECT On-Prem.

II. Export the Agent certificate .pfx file from the new ESET PROTECT Server

1. Log in to the ESET PROTECT On-Prem Web Console of the new ESET PROTECT Server.

2. Click More → Peer Certificates → Agent certificate → Export. Save the exported .pfx file to a location accessible from the current ESET PROTECT Server.

   

III. Export the Certification Authority .der file from the new ESET PROTECT Server

1. Log in to the ESET PROTECT On-Prem Web Console of the new ESET PROTECT Server.

2. Click More → Certification Authorities → ESET PROTECT Certification Authority → Export Public Key. Save the exported .der file to a location accessible from the current ESET PROTECT Server.

   

IV. Import the Certification Authority .der file exported from the new ESET PROTECT Server to the current one

1. Log in to the ESET PROTECT On-Prem Web Console of the current ESET PROTECT Server.

2. Click More → Certification Authorities → Actions → Import Public Key.

   

3. Click Choose file to upload, navigate to the location with the Certification Authority .der file exported from the new ESET PROTECT Server, select the file and click Open.

   

4. Type a Description for the Certification Authority and click Import.

   

V. Migrate client devices from the current ESET PROTECT Server to the new one

1. Log in to the ESET PROTECT On-Prem Web Console of the current ESET PROTECT Server.

2. Click Policies → Add.

   

3. Type a Name and optional Description for the policy.

   

4. Click Settings, select ESET Management Agent from the drop-down menu and click Edit server list.

   

5. In the Servers dialog box, click Add. In the Host field, type the IP address of the new ESET PROTECT Server; use the format xxx.xxx.xxx.xxx. If you do not use the default ESET PROTECT Server port 2222, type your custom port number in the Port field. Click OK. Ensure that the new ESET PROTECT Server address is listed first in the Server dialog box. Click Save.

   

6. Click Change certificate.

   

7. In the Certificate dialog box, select Custom certificate and click the folder icon. Navigate to the location with the Agent certificate .pfx file exported from the new ESET PROTECT Server, select the file and click Open.

   

8. Click OK.

   

9. Click Assign → Assign.

   

10. Select one test client device to be migrated to the new ESET PROTECT Server and click OK.

    

11. Click Finish.

    

12. Verify that the test client device is connected to the new ESET PROTECT Server with the correct policy using the correct Agent certificate.

13. After you confirm that the test client device is migrated successfully, assign the migration policy you created to the rest of the client devices. After you assign the policy to the the client devices, they should connect to the new ESET PROTECT Server. If they are not connecting, troubleshoot the migration process.

14. After all devices are migrated successfully, decommission the ESET PROTECT Server you used previously.