Enabling and disabling security while upgrading DAgent for Ghost Solution Suite 3.2 and higher

book

Article ID: 185021

calendar_today

Updated On:

Products

Ghost Solution Suite

Issue/Introduction

Ghost Solution Suite 3.2 and higher has enhanced security by incorporating the latest and safer version of OpenSSL.

Resolution

With this update, the DAgent from previous version of Ghost Solution Suite cannot
auto upgrade. It is observed that if the security is enabled between the server and
the clients, then the agents cannot connect to the server after the upgrade.
To facilitate a hassle free upgrade process, the Ghost Solution Suite 3.2 and higher installer
is enhanced to check if the security setting is enabled between the client and the
server. If the installer detects that security is enabled, it prompts you to disable the
security feature.
However, if you decide to complete the upgrade process with security set as enabled,
the Ghost Solution Suite 3.2 and higher installer creates following files at <IP_address>\DSSetup:

 

  • AgentsWithEnabledSecurity.txt
    This file contains information of the clients such as Computer Name, Domain,
    OS, Agent Version, OSBit, and IP address.
  • RAIWithMachineIP.txt
    The Remote Agent Installer (RAI) can use this file and includes IP addresses
    of computers.
    RAIWithMachineName.txt
    You can use this file and import into the Remote Agent Installer (RAI) and
    includes the computer names.

Ensure to save these files. If you choose to upgrade to Ghost Solution Suite 3.2 or higher
with security feature enabled, the RAI can use these files to reconnect the clients
with the server.

For more information on how to upgrade Ghost Solution Suite with security enabled,
refer to the following article:

https://support.symantec.com/en_US/article.TECH235043.html

To disable security between client and server

  1. Right click on All Computers and navigate to Change Agent Settings >
    Production Agent
    .
  2. On the Production Agent Settings page, select the Security tab.
  3. Clear the following check boxes and click OK:
    • Require encrypted session with any server
    • Encrypt session communication with Ghost Solution Suite Server

      Note: The new settings are applied to all the active agents after the agents
      reconnect to the server. The inactive agents continue to have the old settings.
      You can use the RAI files to reconnect to the server.
  4. On the Ghost Solution Suite Server, navigate to Start > Symantec Ghost
    Solution Suite Configuration
    .
  5. Click Options and click on the Transport tab.
  6. Clear the Allow encrypted session and click OK.

After you disable the security feature, all the client computers disconnect and
reconnect with the server.

After you upgrade to Ghost Solution Suite 3.2 or higher, all clients for which the security was
disabled and which were active, connect back to the server. The inactive clients,
before upgrade are unable to connect to the server.

Attachments