Migrating the Server configuration keys
When running the migration of the BigFix Server from a Windows system to another Windows system with the same version of BigFix Server installed, the configuration keys must be migrated from the old BigFix Server to the new BigFix Server.
The ServerKeyTool allows you to decrypt the set of available keys on the old server and to encrypt them on the new server. The tool decrypts or encrypts at once all the keys available in the input folder. To see the usage of the tool simply type ServerKeyTool and click enter.
Download from this link the ServerKeyTool to run on BigFix Servers installed on Windows 64bit platform.
Note: ServerKeyTool doesn't depend on the BigFix version
You must run the following steps in sequence to migrate the configuration keys:
- 1. Decrypt the keys on the old server.
- Run the ServerKeyTool to decrypt the keys as follows:
- ServerKeyTool.exe /sitePvkLocation:<absolute_path> /sitePvkPassword:<password> /decrypt
/dirIn:<absolute_path> /dirOut:<absolute_path> [ /hideUI ]
where:
-
-
sitePvkLocation:<absolute_path>
Specifies the full path to the BigFix license pvk file
sitePvkPassword:<password>
Specifies the BigFix license pvk password
dirIn:<absolute_path>
Specifies the full path to the BigFix Enterprise\BES Server folder containing the files with the encrypted keys on the old server. If you chose the default setting when installing the BigFix Server, the path is %PROGRAM FILES%\BigFix Enterprise\BES Server. The ServerKeyTool fails if the input directory does not exist.
- dirout:<absolute_path>
- Specifies the full path to the folder on the old server where you want to store the files containing the decrypted keys. If the destination folder does not exist, it is automatically created. If the destination folder contains at least one existing key, the ServerKeyTool command fails.
- hideUI
- Use this option to avoid pop-up windows notifying action results.
Note: The files containing the decrypted keys are created in the destination folder with the filename prefix Decrypted*. Do not rename the files because files with different names are not recognized by the tool during the encryption.
-
- 2. Copy the files containing the decrypted keys to the new server.
- 3. Encrypt the keys on the new server.
- Run the ServerKeyTool to encrypt the keys as follows:
- ServerKeyTool.exe /sitePvkLocation:<absolute_path> /sitePvkPassword:<password> /encrypt
- /dirIn:<absolute_path> /dirOut:<absolute_path> [ /hideUI ]
- where:
sitePvkLocation:<absolute_path>
Specifies the full path to the BigFix license pvk file
sitePvkPassword:<password>
Specifies the BigFix license pvk password
dirIn:<absolute_path>
Specifies the full path to the folder containing the files with the decrypted keys on the new server.
- dirout:<absolute_path>
- Specifies the full path to the BigFix Enterprise\BES Server folder on the new server where to store the files containing the encrypted keys. If you chose the default setting when installing the BigFix Server, the path is %PROGRAM FILES%\BigFix Enterprise\BES Server.
- If the destination folder does not exist, it is automatically created. If the destination folder contains at least one existing key, the ServerKeyTool command fails.
- hideUI
- Use this option to avoid pop-up windows notifying action results.
Note: The files containing the encrypted keys are created in the destination folder with the filename prefix Encrypted*. Do not rename the files because files with different names are not recognized by the tool during the decryption.