RE: WinPE Module, Second TOEM Server for Failover, Replication, SMB

@theopenem_admin Ahh I see. Ok which should they be for my WinPE images? One image has it set to dynamic, one has standard. I may have changed one during troubleshooting. Thanks.

@theopenem_admin The Default LIE Block has it set to dynamic but the WIE says standard. Should I adjust this setting? Thank you for your time.

@theopenem_admin

Thank you for taking the time to reply to these. I took your suggestion about simply sharing the local storage from one of the two servers. So I have the two local storage locations as well as the SMB which is the toems local storage from the original server shared as an SMB. I'll get rid of the external hard drive that I was using as the SMB originally. I also deleted the secondary com server cluster and have both the primary toems server and the second toems server in the one main cluster, both as active and all features checked.

I take regular images of the entire primary server and the secondary server so included in that image should be the database. So as long as I maintain this backup process, I should always be able to restore communication with my endpoints should anything happen correct?

Since I have the two seperate servers utilizing the same database both turned on, I suppose this acts as like a load balancer since we have double the resources then? If I could figure out a way to replicate the database to both like you said, whats the benefit... just easier more automatic failover vs restoring the original server from my backup image if it goes down?

I went ahead and uploaded those files and the WinPE module as well as the new deploy through toec feature worked very well. Off the top of your head, any reason we can upload images just fine when booting from the flash drive into the new windows imaging environment but when we try to deploy an image we get an error determining minimum hard drive size? Thanks again!

Hello,

I've been using TOEM for a little over a year and had a few setbacks here and there with endpoints communicating from time to time, had to rebuild once also. It's been working very well for the most part. Yesterday, I upgraded us to the latest version and have a few questions that maybe you can clear up.

Failover:

My primary TOEM server is at an ip address ending in .39 so I built a second TOEM server at .40 to be used as a failover in case anything happens to the main .39 server. It's up and running, it's accessible and looks great. While it may seem obvious for some, I just want to clarify what the settings should be for a failover type situation. The same credentials seem to work for both .39 and .40 so it doesn't appear that they are two separate servers. The endpoints are all listed there just like the primary also. My few questions where this is concerned are...

Do I leave the com server at .40:8888 and just change it 39 should there be any issue with the primary server?

Or would that even matter since theres a unique ID that all the endpoints use to communicate and check in which would probably be different on the second server right?

Sorry to complicate this just want to be sure... should I have the upload interface and the com server address the same on both the primary and failover or should they be different on both? I'm not using it for load balancing or anything unless you recommend it this way. My primary reason for building the second one was for failover I suppose.

Should I have a primary com server cluster with both com servers and then a secondary com server cluster with just the failover com server? Should they be set to active active or active passive?

Replication:

During one of the previous upgrades, I interpreted the wording in the documentation to indicate that I now need to have a SMB share since I have more than one server. I added an external hard drive and titled it EMS_SMB. It's connected to one of my administrative systems and shared on the network. So now I have toems_local storage on the c drive on the primary server, toems_local storage on the c drive of the failover server and the external hard drive which is a network share. We have 4 or 5 images that we captured and use regularly. They took a while but finally replicated after that upgrade (two upgrades ago) now its really taking its time replicating so I just want to make sure of what these settings should be...

Do I need to use the external hard drive or is there a better way to do this? If so, should I be utilizing the direct to smb function that I see in the settings?

WinPE

Lastly, I was able to successfully create an image and deploy it using the new Windows Imaging Environment and the new "Super ISO" that works well... a couple of questions though..

I will have to recapture the other images that I previously made with the linux environment correct? If I want to use the new Windows 11 UEFI/Legacy friendly WIE method?

When trying to follow the documentation for building the WIE, that all went fine but I couldn't figure out how to take advantage of the new feature where you can deploy an image to a computer directly through the TOEM web gui using the Toec Client on that machine. I adjusted the image settings for a particular endpoint, then I saw a section for a WinPE module so figured I had to create this module. I went to modules and created a default WinPE module but wasn't sure exactly which file to upload... I uploaded the Super ISO but when trying to deploy the image via toec to an endpoint in the webgui, it said files were missing. Do I need to upload different files? Perhaps other boot files that were creating during the WIE build?

Sorry for all these questions at once. Answer only when time allows. I appreciate all of the hard work you put into this product.

Thanks!

• Novice TOEM user.

@anx98049 So even though the new server shows all my endpoints... it's just grabbing that from the original server right? The endpoints are still primarily communicating with the original server right now then? Also, before I go down a rabbit hole.. Doesn't the time zone appear off here? I'm on eastern and it's 9:55PM. Check out these logs of recent functions on the original server.

@theopenem_admin Ok got it. I exported the existing certs and installed them on the new server in the proper locations. I configured an smb like in your video tutorial and got that all set in the storage location under admin settings also. No here's the thing.. If I set the old server as passive... and the endpoints start communicating with the new server like you said... the end goal is to get rid of the problematic server I assume... Wouldn't I have to migrate the database over to the new server? Because the new server just has the app server/com server right now.

@anx98049 I grabbed the connection string from the main server config file, grabbed the db encryption key from there also, then just updated the ip address in the connection string to point to the primary database/server. I did get the com server unique ID from the new com server entry and updated that within the new config file as well.

@theopenem_admin Ok new VM is up and running. TheOpenEM 4.8 installed on Server 2019. I've done just about everything except the certificates... I kind of expected to have to log in with toemsadmin and toemsadmin but it carried over my login credentials from the primary server... all endpoints are listed. I have this secondary server listed as passive right now within the com server settings of the main server. Where do I go from here? Did I do something wrong that it doesn't have it's own seperate credentials for this seperate server? Do I log into this new server, log in to toems and generate,export and install the certificates on the new server now? Then should I test sending a message to one of the endpoints? They are all there but I feel like this is more of a duplicate or mirroring. Thanks for your guidance.

@theopenem_admin Building new vm with server 19 now, Will report back. Thanks again!

@theopenem_admin I really do appreciate your help on this as I'm not sure where to go with it. Let me ask you this... I have this TOEMS server running on a VM, before I installed the latest update to 4.8 and clicked on prepare toec clients to push out the 4.5 version of toec on all my endpoints, I took a snapshot... If I restore the vm to that snapshot, which will bring me back to 4.4 I believe (and of course it wouldn't restore the toec clients) will I still be able to communicate with my endpoints? (And is this even worth it since some of these errors predate the update) I'm not sure why because I just pushed a software/policy module in september with no issues whatsoever... the message feature never worked for me but just about everything else did. Should I maybe build a new vm with a fresh install of theopenem and use the current server ID and fingerprint etc? just a fresh IP?