Moving ZeroLock® Agents between ZeroLock® Management Consoles

How-to re-associate a ZeroLock® Agent with a new ZeroLock® Management Console.

    To move a ZeroLock Agent (ZA) from one ZeroLock Management Console (ZMC) to another is a simple process requiring only that both ZMCs have network connectivity to the ZA and that the Agent be version 2.0.8 or later.

    Re-associate ZeroLock Agent with new ZMC

    The first step is to stop the ZA that you wish to move to another ZMC.  If the Lockdown Rule, “Anti-Tampering” is enabled, it must be disabled, or it will not allow the service to be stopped.

    Stopping the ZeroLock service is done by opening a ssh session to the target ZA and running the command:

    sudo systemctl stop zerolock.service

    To verify that the service is stopped:

    sudo systemctl status zerolock.service


    Now, the new Collector IP address and token must be entered.  The IP address is that of the destination ZMC.  In this example, it is  The token may be found on the Deploy homepage of that ZMC.

    Deploy screen v3.0.2


    When the ZeroLock service was stopped, the ssh session was terminated, so you will have to open another session to the agent.  Copy the new token from the Deploy homepage (see above).

    Once this has been done, enter the following commands to update the ZA with the new settings.

    cd /usr/bin/

    zerolock-tyr -update -host <server2-collector> -token <server-2-token>

    Now restart the ZeroLock service with:

    sudo systemctl start zerolock.service


    Verify Agent

    There are two (2) methods to verifying if a ZeroLock Agent is active.

    1. The first is to run the ‘status’ command on the agent as we did earlier.

    2. The second method is to look on the Endpoint homepage of the destination ZeroLock Management Console.  The moved endpoint should be added and a green indicator in the STATUS column reflects a successful ZeroLock Agent installation.
      New Endpoint_2

    Key Commands:

    stop service

    sudo systemctl stop zerolock.service

    update server info

    /usr/bin/zerolock-tyr -update -host <server2-collector> -token <server-2-token>

    start service

    sudo systemctl start zerolock.service

    service status

    sudo systemctl status zerolock.service