How-to re-associate a ZeroLock® Agent with a new ZeroLock® Management Console.
To move a ZeroLock Agent (ZA) from one ZeroLock Management Console (ZMC) to another is a simple process requiring only that both ZMCs have network connectivity to the ZA and that the Agent be version 2.0.8 or later.
Re-associate ZeroLock Agent with new ZMC
The first step is to stop the ZA that you wish to move to another ZMC. If the Lockdown Rule, “Anti-Tampering” is enabled, it must be disabled, or it will not allow the service to be stopped.
Stopping the ZeroLock service is done by opening a ssh session to the target ZA and running the command:
sudo systemctl stop zerolock.service
To verify that the service is stopped:
sudo systemctl status zerolock.service
Now, the new Collector IP address and token must be entered. The IP address is that of the destination ZMC. In this example, it is 10.0.0.1. The token may be found on the Deploy homepage of that ZMC.
When the ZeroLock service was stopped, the ssh session was terminated, so you will have to open another session to the agent. Copy the new token from the Deploy homepage (see above).
Once this has been done, enter the following commands to update the ZA with the new settings.
cd /usr/bin/
zerolock-tyr -update -host <server2-collector> -token <server-2-token>
Now restart the ZeroLock service with:
sudo systemctl start zerolock.service
Verify Agent
There are two (2) methods to verifying if a ZeroLock Agent is active.
- The first is to run the ‘status’ command on the agent as we did earlier.
- The second method is to look on the Endpoint homepage of the destination ZeroLock Management Console. The moved endpoint should be added and a green indicator in the STATUS column reflects a successful ZeroLock Agent installation.
Key Commands:
stop service
sudo systemctl stop zerolock.service
update server info
/usr/bin/zerolock-tyr -update -host <server2-collector> -token <server-2-token>
start service
sudo systemctl start zerolock.service
service status
sudo systemctl status zerolock.service