How to re-associate a ZeroLock Agent with a new ZeroLock® Management Console.
Moving a ZeroLock Agent (ZA) from one ZeroLock Management Console (ZMC) to another requires only that both ZMCs have network connectivity to the ZA and that the Agent be version 2.0.8 or later.
Re-associate the ZeroLock Agent with the new ZMC
The first step is to stop the ZA that you want to move to another ZMC. If the Lockdown Rule, “Anti-Tampering,” is enabled, it must be disabled for the service to be stopped.
Stopping the ZeroLock service is done by opening an SSH session to the target ZA and running the command:
sudo systemctl stop zerolock.service
To verify that the service is stopped:
sudo systemctl status zerolock.service
At this point, the new Collector IP address and token must be entered. The IP address is the destination ZMC. In this example, it is 10.0.0.1. The token may be found on the Deploy homepage of that ZMC.
When the ZeroLock service stops, the SSH session is terminated, so you must open another session to the agent. From the Deploy homepage, copy the new token (see above).
Once this has been done, enter the following commands to update the ZA with the new settings.
cd /usr/bin/
zerolock-tyr -update -host <server2-collector> -token <server-2-token>
Restart the ZeroLock service with:
sudo systemctl start zerolock.service
Verify Agent
There are two (2) methods to verify if a ZeroLock Agent is active.
- The first is to run the ‘status’ command on the agent as we did earlier.
- The second method is to look at the Endpoint homepage of the destination ZeroLock Management Console. The moved endpoint should be added, and a green indicator in the STATUS column reflects a successful ZeroLock Agent installation.
Key Commands:
stop service
sudo systemctl stop zerolock.service
update server info
/usr/bin/zerolock-tyr -update -host <server2-collector> -token <server-2-token>
start service
sudo systemctl start zerolock.service
service status
sudo systemctl status zerolock.service