| Description |
This article describes that if the Windows server that hosts the EMS server is installed with a different localization configuration rather than represented in the system requirements in the documentation of the EMS server, it causes the SQL Express Server (a sub-component of the EMS server) to be installed with a different collation rather than the SQL_Latin1_General_CP1_CI_AS.
This wrong collation can affect all of the EMS' components like generating installers &deployments, LDAP synchronization, endpoint policy, and profile configurations, ZTNA Tag issues, and many more.
|
| Solution |
At this point, a total re-installation of the EMS server and its host server is recommended because of the DB collation issue exporting and importing the old EMS' backup will result in the new EMS having the same collation configuration.
Therefore, the following path should be followed;
- Install a fresh Windows Server with the default language, timezone, and keyboard settings: System requirements
- Do not forget about installing the latest Windows Security Updates.
- Any third-party security product and any third-party feature other than the EMS Server itself is not supported or recommended.
Third-party security products can interfere with the EMS process and cause issues. To install a security product on the EMS Server, install FortiClient without the Application Firewall and Sandbox features (those features are not supported for the Windows Server family).
- Remember that it is not supported to have another OS feature/role or 3rd party application installed on the EMS Server.
- Install the EMS Server on the fresh Windows Server you have prepared.
- Export and Import all of the Endpoint Profiles from the old EMS server to new one: OLD EMS -> Endpoint Policies and Components -> Manage Policies, select the one Policy Group to export -> Edit > Download Profile XML, rename the notepad based on the profile with '.xml' extension -> NEW EMS -> Endpoint Profiles -> 'One of the Sub-categories' Import From File, select the file, import All Components and select 'Enabled'.
- If using Endpoint Policies, create the endpoint policies according to the old EMS server under NEW EMS -> Endpoint Policies and Components -> Manage Policies.
- If using On-fabric Detection Rules, create the on-fabric detection rule according to the old EMS server under NEW EMS -> Endpoint Policies and Components -> On-fabric Detection Rules.
- Configure the additional configuration on System Settings if necessary (like SMTP Settings, EMS Certificate configuration, Group Assignment Rules, On-fabric Detection Rules, etc).
At this point, the migration of the endpoints is ready. Assign the hardware ID to the license.
- After changing the assigned HID on the license, the old EMS will be unavailable to sync the current license. Therefore, before changing the HID on the license, block the internet access of the old EMS server to *.fortinet.com, *.fortiguard.com, and *.forticloud.com. In that way, old EMS will still have the license during the migration of the endpoints.
- Create a separate ticket to the CS and request them to assign the new HID to the license (inform about the old EMS' HID as well). To check HID go under EMS -> Dashboard -> Status -> License Information -> Config License.
- After the license has been assigned to the new EMS, transfer endpoints to the new EMS. under EMS -> Endpoints -> All Endpoints, select the desired endpoints -> Action -> Switch EMS, choose a different IP, type the New EMS' FQDN or IP address.
- After all the endpoints have been transferred, shut down the old EMS.
|
