Running Agent Mover

  1. On the Apex One server, go to <Server installation folder>\PCCSRV\Admin\Utility\IpXfer.
  2. Copy IpXfer.exe to the Security Agent endpoint. If the Security Agent endpoint runs an x64 type platform, copy IpXfer_x64.exe instead.
  3. On the Security Agent endpoint, open a command prompt and then go to the folder where you copied the executable file.
  4. Run Agent Mover using the following syntax: <executable file name> -s <server name> -p <server listening port> -c <agent listening port> -d <domain or domain hierarchy> -e <Certificate location and file name> -pwd <agent unload and unlock privilege password>
    Table 1. Agent Mover Parameters



    <executable file name>

    IpXfer.exe or IpXfer_x64.exe

    -s <server name>

    The name of the destination Apex One server (the server to which the Security Agent will transfer)

    -p <server listening port>

    The listening port (or trusted port) of the destination Apex One server (for local servers only)

    To view the listening port on the Apex One web console, click Administration > Settings > Agent Connection in the main menu.

    -sp <server HTTPS listening port>

    The listening port (or trusted port) of the destination Apex One server for HTTPS communication

    -c <agent listening port>

    The port number used by the Security Agent endpoint to communicate with the server

    -d <domain or domain hierarchy>

    The agent tree domain or subdomain to which the agent will be grouped

    The domain hierarchy should indicate the subdomain.

    -e <Certificate location and file name>

    Imports a new authentication certificate for the Security Agent during the move process

    If this parameter is not used, the Security Agent automatically retrieves the current authentication certificate from its new managing server.


    The default certificate location on the Apex One server is:

    <Server installation folder>\PCCSRV\Pccnt\Common\OfcNTCer.dat.

    When using a certificate from a source other than Apex One, ensure that the certificate is in Distinguished Encoding Rules (DER) format.

    -pwd <agent unload and unlock privilege password>

    The unload and unlock privilege password configured in Privileges and Other Settings


    If the unload and unlock password is required and you do not provide the password, Agent Mover prompts you before attempting to move agents.


    Enables connection debug logging


    • For Apex One servers using HTTP communication:

      ipXfer.exe -s Server01 -p 8080 -c 21112 -d Workgroup -pwd unlock

      ipXfer_x64.exe -s Server02 -p 8080 -c 21112 -d Workgroup\Group01 -pwd unlock

    • For Apex One servers using HTTPS communication:

      ipXfer.exe -s Server01 -sp 443 -p 8080 -c 21112 -d Workgroup -pwd unlock -dbg 1

  5. To confirm the Security Agent now reports to the other server, do the following:
    1. On the Security Agent endpoint, right-click the Security Agent program icon in the system tray.
    2. Select Component Versions.
    3. Check the Apex One server that the Security Agent reports to in the Server name/port field.

      If the Security Agent does not appear in the agent tree of the new Apex One server managing it, restart the new server's Master Service (ofservice.exe).