Why you should not Upgrade Windows on an ePO Server

Trellix ePO is a product that helps simplify and extend endpoint security management with native controls, threat intelligence and third-party integrations. In this article, we shall discuss Why you should not Upgrade Windows on an ePO Server. Please see ePO Server Settings: Trellix ePO AD integration and ENS Agents Installation, and how to Disable SQL Auto Close: Auto Close is enabled for both ePO and ePO Events Databases.

Note: As Microsoft releases new operating systems or Service Packs, the original product guides might not reflect the current support policy for those platforms. Therefore, pay careful attention.

Note: You can upgrade a Upgrade Microsoft SQL Server used by Trellix ePO as described in this guide “How to upgrade Microsoft SQL Server 2019 to 2022“.

The image below shows the capabilities of the ePolicy Orchestrator. It empowers simplified management by bringing together different endpoints with native controls and reduce security operations dependency on multiple tools.

Also, see Fixes to Trellix ePolicy Orchestrator Installation Errors, and How to upgrade Trellix ePolicy Orchestrator. Also, see how to perform Trellix ePolicy Orchestrator Installation on Windows Server.

Do not Perform an In-place Upgrade of an ePO Server

Since every version of Windows Server bring performance enhance, security and longer support terms. You might be tempted to perform an in-place upgrade to the newer Windows Server version.

Just to learn how to perform in-place upgrades. Please see how to fix Keep personal files and apps option greyed out during Upgrade. Here is how to Perform an in-place upgrade from Windows Server 2016 to Windows Server 2019.

Please do not upgrade Windows on an ePolicy Orchestrator Server based on the following reasons below.

Also, see how to install Windows Server 2022 on VMware Workstation, how to install Windows Server 2022 on VirtualBox, and how to Upgrade Windows Server 2019 to 2022 via iDRAC.

If you upgrade the Microsoft Windows operating system to a new major version. The computer on which ePO is installed can become damaged if the version due to compatibility etc. For example, the upgrade might be from Windows Server 2016–2022.

Very importantly, please see the “Supported Upgrade Paths for on-Premises ePO 5.10 Service Pack 1“. Lastly, it is also very wise to pay attention to the supported server OS. So when an ePO supported version permitted to run on an older version of Windows OS. And the OS is upgraded. You will have issues as ePolicy Orchestrator can be permanently damaged as discussed above.

What then should we do?

Good question! Since upgrade the Windows operating system on a computer with ePO installed. Instead, use one of the following options:

• Use the ePO Disaster Recovery Snapshot function to restore an ePO server to a new computer. Even if the computer is running a different operating system. For more information about the Disaster Recovery Snapshot process.
   
• If you are transitioning to a new computer with the preferred operating system. Follow the manual migration process described here: KB71078 – How to migrate ePO from a 32-bit system to a 64-bit system or to a different installation path.

Note: You could install a fresh ePO on the latest version version of Windows Server say 2025. At the time of wring this guide, this is the newest Windows OS. And redirect the Agents to be managed by this server. Just ensure you have the right IP etc set and integrated with AD. You may want to read more here. See how to how to redirect the communication of McAfee Agent to a new ePolicy Orchestrator server.

Note: If you can’t follow the Trellix Product recommendations, be certain that you have the backups/snapshots needed to perform disaster recovery. These backups are needed if the operating system upgrade leaves ePO in an inoperable state.

I hope you found this article useful on “why you should not Upgrade Windows on an ePO Server”. Please feel free to leave a comment below.