Frequently Asked Questions | OS Deployer

Last Updated On: 06 May 2026|

21 minutes read |

This page provides answers to frequently asked questions (FAQs) related to OS Deployer.

General

What are the Operating Systems supported by OS Deployer?

OS Deployer supports a wide range of Windows desktop and server operating systems. For the complete list of supported operating systems, refer to the System Requirements page.

What are the ports used by OS Deployer?

For the complete list of ports used for OS Deployment refer to the this page.

OS Deployment

Does OS Deployment support Windows Surface Pro?

Yes, OS imaging and deployment is supported on Windows Surface Pro machines.

Why is WinPE media required?

WinPE media is required to boot the machines in to Windows Pre-installation environment to perform deployment and offline imaging.

How is OS Deployment Licensed?

OS Deployment supports machine based licensing, that is the number of workstation and server machines on which you want to perform deployment. Here the licenses are tied to the machine's MAC address and once you purchase a license for a machine, you can perform any number of deployments on that machine. Depending on the operating system, you need to have either a workstation or a server license. E.g., to perform deployment on 100 workstation machines, you need to purchase 100 workstation licenses.

We have Dell and HP machines in our organisation. Does OS deployment support deployment of image on dissimilar hardware?

Yes, you can deploy images on dissimilar hardware as hardware-independent imaging is supported in OS deployment.

How to delete a driver repository?

A driver repository is used to store the drivers which are collected during image creation process. You can delete the repository from the product console itself. However, the repository will get deleted only in the UI and the drivers in the network share has to be manually deleted by the user. It is always required to have at least one configured driver repository to store the automatically collected drivers.

When will the driver repositories get synced?

All driver repositories will get synced every 4 hours.

Where will the applications be replicated for remote office deployments?

The applications required for remote office deployment will be replicated automatically to the Endpoint Central Distribution Server installed location (<DesktopCentral_DistributionServer installed location>\replication\osdrepository) in the Distribution Server computer.

Where will the drivers be replicated for remote office deployments?

The drivers required for remote office deployment will be replicated automatically to the driver repository available in the remote office.

How to copy an image from one image repository to another?

Currently, the image has to be manually copied from one repository to another. After copying the image to a new repository, you have to modify the repository path in the image details. To modify the repository, select the image and view the image details. Here, near the image repository, select the edit icon to modify the repository path.

How does OS Deployer activate the Windows license?

OEM license: If the Windows OS version of the image is the same as the OEM license, then the license will be automatically activated.
Volume-based license: Let us assume you've created an image by imaging a machine with a volume-based license. Depending on the availability of the license, if you deploy it to another machine the license will be automatically activated.

How to resolve insufficient space for creating image?

To resolve the “Insufficient space for creating image” issue, please increase the available free space in the existing image repository. Alternatively, you can create a new image repository at a different location with sufficient free space and use that repository to create the new image.

How to resolve the error "The specified path cannot be found" during USMT backup?

Navigate to the server installed directory: Server Installed Directory\webapps\DesktopCentral\agent
Locate the zip file named "USMTComponents.zip". If the size of the file is 1kb, it indicates that its empty.
Delete the USMTComponents.zip file and initiate USMT again. The zip must be recreated with required files.

Note

Make sure the Windows ADK is installed properly on the server machine.

How to resolve Inaccessible Boot device?

Download the target machine's model specific rapid storage driver. Extract the driver files and add them to your driver repository.
Once drivers were added, do a scan for the driver repository and try deployment.
Alternatively access the BIOS settings of one of the target machines affected by the BSOD.
Change the SATA configuration to AHCI or AHCI to RAID mode vice versa and attempt to boot the machine into Windows.
Verify whether the system successfully boots into Windows.

If the issue persists, kindly contact support.

Windows 10/Windows 11 Imaging

What is Windows 10/Windows 11 image?

A Windows 10/Windows 11 image file is an exact copy of a hard drive that contains the Windows 10/Windows 11 operating system, executables, drivers, and other files.

What does imaging Windows 10/Windows 11 mean?

Windows 10/Windows 11 imaging is the process of creating an image of a Windows 10/Windows 11 computer that includes the OS, files, settings, and the required applications.

How do I create a Windows 10/Windows 11 image?

Prepare a machine with Windows 10/Windows 11 OS and the data to be included in the image. You can then image the prepared machine using a Windows 10/Windows 11 imaging tool like OS Deployer.

Can I add relevant applications to my Windows 10/Windows 11 image before deployment?

Yes, using the Add Applications feature under the deployment template, you can include all the required applications in your Windows 10/Windows 11 image. These applications will be automatically installed after all post-deployment activities are completed.

Can I create a Windows 10/Windows 11 image offline?

Yes, you can create an image of a Windows 10 or Windows 11 computer even when it is shut down using the offline image creation process.

Can I download Windows 10/Windows 11 ISO?

Yes, using OS Deployer, you can download Windows 10 or Windows 11 ISO files and deploy them through USB, CD, DVD, or virtual machines.

PXE Boot Server

What does PXE boot stand for?

PXE boot stands for Preboot Execution Environment — a network booting process using a DHCP or TFTP server that enables computers to boot via network-based software instead of local drives.

What does PXE mean?

PXE (Preboot Execution Environment) is a client-server interface that allows computers to boot over a network.

How to ensure clients from other subnets can boot using PXE?

If the OS Deployer server, DHCP server, and client are on the same network, PXE booting can be extended to other subnets using DHCP relay or IP helper configurations.

How to PXE boot computers over LAN?

Configure DHCP Option 66 with the OS Deployer server IP and Option 67 with the appropriate boot file (Legacy or UEFI). Then boot clients through the LAN.

What is a PXE server?

The PXE server in OS Deployer operates as a Windows service alongside the Central Server, enabling OS image deployment across networks.

What is PXE boot in Windows?

PXE boot in Windows allows network-based OS deployment across multiple devices simultaneously using a DHCP and TFTP-based process.

How do I run a PXE boot?

Configure your DHCP server with the appropriate options and initiate boot from LAN on target devices. PXE will automatically fetch OS deployment data.

How to enable PXE on a server?

To enable PXE on an Intel NUC:

Enter BIOS setup using F2.
Navigate to the Boot Menu.
Uncheck Boot Network Devices Last.
Enable UEFI PXE & iSCSI.
Select Ethernet1 Boot or Ethernet2 Boot.
Press F12 during POST to boot from LAN.

Refer to Intel’s official guide for more details.

Boot Windows via USB Media

Can we boot Windows from USB using OS Deployer?

Workstation OS
The following operating systems are supported for booting Windows from USB using OS Deployer:

Windows 10
Windows 8.1
Windows 8
Windows 7
Windows Vista
Windows XP

Server OS
The following Windows Server operating systems can be booted using the Windows bootable USB:

Windows Server 2016
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2
Windows Server 2008
Windows Server 2003 R2
Windows Server 2003

Why is WinPE media required?

WinPE media is required to boot the machines into the Windows Pre-installation Environment to perform deployment and offline imaging.

Which versions of WinPE media are supported for OS Imaging and Deployment?

Windows PE 10.0 Media - Windows 10, Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012
Windows PE 5.0 Media - Windows 10, Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012
Windows PE 4.0 Media - Windows 10, Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008
Windows PE 3.0 Media - Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008
Windows PE 2.0 Media - Windows Vista, Windows Server 2008, Windows XP, Windows Server 2003

What are the WinPE architectures supported by OS Deployer?

OS Deployer supports only x64 WinPE architectures.

What are the supported operating systems?

OS Deployer supports creating bootable USBs from ISO for all client-based and server-based Windows operating systems, including Windows XP through Windows 11.

Can I automate WinPE installation while booting from ISO?

Yes. OS Deployer automatically downloads and installs the WinPE tool on its server. You can include WinPE while creating the ISO bootable media, which can then be converted to USB.

What drivers are included while booting from ISO?

The ISO bootable media includes essential network, hard disk, keyboard, and mouse drivers.

Does OS Deployer support UEFI boot?

Yes. OS Deployer supports both Legacy and UEFI boot modes.

Can I boot Windows machines using USB?

Yes. OS Deployer supports booting Windows computers using USB bootable media as well as PXE boot.

Can I extract Windows ISO to USB?

Yes. You can extract the Windows ISO to a USB or CD/DVD depending on your requirements.

Boot Windows via ISO Media

What are the supported operating systems?

OS Deployer supports creating bootable USBs from ISO for all client-based and server-based Windows operating systems, including Windows XP through Windows 11.

Can I automate WinPE installation while booting from ISO?

Yes. OS Deployer automatically downloads and installs the WinPE tool on its server. You can include WinPE while creating the ISO bootable media, which can then be converted to USB.

What drivers are included while booting from ISO?

The ISO bootable media includes essential network, hard disk, keyboard, and mouse drivers.

Does OS Deployer support UEFI boot?

Yes. OS Deployer supports both Legacy and UEFI boot modes.

Can I boot Windows machines using USB?

Yes. OS Deployer supports booting Windows computers using USB bootable media as well as PXE boot.

Can I extract Windows ISO to USB?

Yes. You can extract the Windows ISO to a USB or CD/DVD depending on your requirements.

How do I transfer Windows ISO to USB?

You can use tools like Rufus, UltraISO, or YUMI to burn the ISO file to a USB drive of your choice.

How to burn ISO media to DVD?

Create a new ISO bootable media.
Download the generated ISO file.
Use any third-party software to burn or copy the ISO file onto a DVD.
Once the media files are successfully written to the DVD, the customer can boot the machine using the DVD.

Can I automate the booting process?

Yes. Using OS Deployer’s Zero-touch deployment, you can completely automate the booting and image deployment process, allowing multiple computers to be deployed remotely.

Windows ISO Download and Creation

Can I get Windows 10 ISO for free?

Yes, Microsoft allows free ISO downloads for licensed users from their official website.

Is Windows 10 ISO bootable?

Yes. The ISO file can be mounted on a USB or DVD to create installation media. For mass deployment, explore

How do I download Windows 10 ISO 64-bit?

Download the Media Creation Tool from Microsoft’s website. Choose Create installation media to generate a 64-bit ISO file. To learn more about downloading Windows 10 ISO file and creating installation media, refer to this document.

How many GB is Windows 10 64-bit ISO?

The Windows 10 Enterprise 64-bit ISO is approximately 5.2 GB, and the Media Creation Tool is about 18.6 MB.

Is Windows 11 ISO free?

Yes, download it for free from the Microsoft website.

Microsoft Windows Deployment Toolkit

What is Microsoft Deployment Toolkit (MDT) used for?

The Windows deployment tool is used for automating the deployment of Windows-based operating systems starting from Windows 7. This includes both client-based and server-based operating systems.

Is Microsoft Deployment Toolkit free?

Yes, the Windows deployment toolkit is a free tool developed by Microsoft. The Microsoft Deployment Toolkit (MDT) can be downloaded from the Microsoft official website.

What is the difference between Microsoft Deployment Toolkit (MDT) and SCCM?

SCCM (now officially known as Microsoft Configuration Manager) is an endpoint management tool that assists users in app management, patch management, analytics, OS deployment, etc. Microsoft Deployment Toolkit is primarily an OS deployment solution that automates the deployment of Windows operating systems.

How do I install Microsoft Deployment Toolkit?

Using OS Deployer, you can completely automate the installation process of the Windows Deployment Toolkit. You can also manually download and install the Microsoft deployment tool if necessary.

How can I leverage MDT using OS Deployer?

OS Deployer accelerates the deployment process by automating the download, installation, and deployment of Microsoft deployment tool that includes Windows Assessment and Deployment Kit (ADK) and Windows Pre-installation Environment (Windows PE) tool. You can also leverage the Assessment and Deployment Kit by manually downloading the deployment tool.

Service Tag Based Target Identification

How will this update affect my existing OSD licenses?

Your existing OSD licenses are MAC Address-based. After this update, the system will automatically create a Service Tag association for each MAC license using details from the last successful deployment. No manual action is required — existing licenses remain valid.

Will my machines be identified by Service Tag going forward?

Yes. Going forward, each license will be identified by the deployed machine's Service Tag. MAC Address will only be used in cases where the Service Tag is found to be invalid.

How does this update change how I add deployment targets?

Previously, deployment targets could only be added using a MAC Address. This update introduces a field that accepts either a MAC Address or a Service Tag, giving you more flexibility when configuring deployment targets.

Will my existing deployment task targets still work?

Yes. Existing deployment task targets are not modified by this update and will continue to function as before. You do not need to reconfigure them.

How does this update affect target configuration in Standalone Tasks?

Previously, MAC Address was mandatory when adding a target in a Standalone Task, while the Service Tag was optional. With this update, the form now accepts either a Service Tag or a MAC Address — MAC Address is no longer mandatory. We recommend providing the Service Tag as the primary target identifier, since modern machines often do not have a built-in Ethernet MAC address.

What happens to existing Standalone Task targets after the update?

Existing targets will remain in place and continue to work. However, the behavior depends on how the target was originally configured:

Target configured with a Service Tag: After the update, the Service Tag will be prioritized and only the Service Tag will be displayed for that target.
Target configured without a Service Tag: No change occurs. The MAC Address-based target will still be shown and function as intended.

How does this update affect the Computer Specific Settings form?

Previously, MAC Address was mandatory when adding computer settings, while the Service Tag was optional. With this update, the form now accepts either a Service Tag or a MAC Address — MAC Address is no longer mandatory.

We recommend providing the Service Tag, as modern machines often do not have a built-in Ethernet MAC address.

Will my existing Computer Specific Settings still work after the update?

Yes. Existing computer settings will remain in place and continue to work. However, the behavior depends on how the setting was originally configured:

Computer Setting configured with a Service Tag: After the update, the Service Tag will be prioritized over the MAC Address and only the Service Tag will be shown for that Computer Setting.
Computer Setting configured without a Service Tag: No change occurs. The MAC Address-based Computer Setting will still be shown and function as intended.

How does this update affect the Deployment Status view?

Previously, the hyperlink for accessing deployment details was only available for MAC Address entries. After this update, the hyperlink will also be shown for Serial Number (Service Tag) entries, making it easier to navigate to deployment details for machines identified by Service Tag.

Note

If you had previously personalized the column layout in the Deployment Status view, this update may have repositioned the MAC Address and Service Tag columns to the end of the list. Use the column selector to rearrange them to your preferred order.

How does this update affect licensing in the UEM or Security edition?

In the UEM/Security edition, OSD licensing is integrated with the Endpoint Central. Previously, the overlap between OSD and EC was determined by MAC addresses, which frequently caused licensing inconsistencies when external network adapters were linked to multiple managed agents.

This issue has been resolved by switching to Service Tag verification. A machine that is both Deployed and Managed will now be counted as a single license, regardless of its MAC address associations.

How might this update affect environments that use external adapters or docking stations?

Previously, the common device count for DC and OSD was verified using MAC addresses. In environments where a single external adapter or docking station was used across multiple machines during OS deployment, this method could result in inaccurate license counts. Consequently, the reported license usage was often lower than the actual consumption.

With this upgrade, the common count verification will instead rely on device serial numbers. This change is expected to address the limitations associated with MAC address—based identification and should provide a more accurate representation of license usage.

What happens if the Service Tag is invalid in a UEM/Security environment?

If the Service Tag is found to be invalid, the system will automatically revert to MAC address-based verification to ensure the machine is still accounted for correctly.

Build Number and Versions FAQ

Where do I find my current build number?

Click the profile icon at the top-right of the console. Your build number appears in the panel that opens — for example, Build: 11.5.2605.01. Click the build number itself to open the Version Details panel, which shows the individual version installed for each component: Central Server, Distribution Server, and each agent type (Windows, Mac, and Linux).

How do I know if an upgrade is available for my current setup?

Click the profile icon at the top-right of the console. If a newer build is available, an upgrade prompt appears in that same panel alongside your current build number. For a broader view to plan the upgrade ahead, the ManageEngine's OS Deployer lists the latest released build and the recommended upgrade sequence for your version but rather wait for the in-console upgrade notification.

What is the difference between a Service Pack and a Hotfix?

A Service Pack is a cumulative release that consolidates all fixes from prior builds into a single new baseline. Every customer upgrading beyond it must pass through it — there is no way to skip it. In the build string, the SP level is the second digit: in 11.5.2605.01, the 5 denotes SP5. An SP release also significantly reduces the size of subsequent PPM files, because older patch-handling code gets cleaned up during consolidation.

A Hotfix is smaller and targeted — it addresses specific bugs found after the last SP and applies on top of it. Hotfixes can be applied incrementally and are lighter than a full Service Pack.

The practical rule: install the SP first to establish the baseline, then apply hotfix builds on top as they are released.

My console shows a build number which is higher than the "latest released" build. How?

This is a custom fix or specialised hotfix build — not a general release. ManageEngine engineers assign a version number at the time a custom fix is compiled, which can produce a service-pack segment (2534) that appears numerically higher than the current public GA release (2528). This does not mean your environment has a "newer" or superior build — it means it's on a non-standard release branch.

Implications for upgrades:

Standard PPM files for the GA release path (2528.x) will likely be rejected by your Update Manager, because the installer detects a higher version number already installed.
Standard in-product upgrade notifications may not appear, since the server knows it deviates from the GA release path.
You must not attempt to downgrade or apply a lower-versioned PPM without Support guidance.

Recommended action: Contact ManageEngine Support and provide:

Your current build number as shown in the console
The contents of <UEMS_CentralServer>\conf\fixes_id.properties

Support will confirm your correct upgrade path — typically a custom-to-GA consolidation PPM — and whether the fix from your custom build has been merged into the current GA release.

Upgrade notification not appearing — but the server has internet access. Why?

Internet access alone does not guarantee that the upgrade notification will appear. There are four distinct causes, each requiring a different resolution. Work through the table below to identify which applies to your environment before resorting to a manual PPM download.

Cause	How to Identify	Resolution
Customised or Hotfix Build Installed	Console build number ends in an unusual patch suffix (e.g., `.12` on a build not listed on ME's official website). The server knows it deviates from the standard release path and suppresses standard notifications.	Contact ManageEngine Support with your current build number. They will confirm the correct next step and whether a standard notification will appear once you return to the standard build path.
AMS (Annual Maintenance & Support) Subscription Expired	Navigate to Admin → License. If the AMS expiry date is in the past, notifications for builds released after that date are suppressed.	Renew your AMS subscription via your ManageEngine account manager. Notifications will resume once the subscription is active and the console re-contacts the update server.
Proxy or Firewall Blocking Update Server	From the server, try to reach `autoupgrade.manageengine.com` on port 443 using a browser or `curl`/`telnet`. If the connection times out, outbound traffic is being blocked despite general internet access being available.	Whitelist `autoupgrade.manageengine.com` and `downloads.manageengine.com` on port 443 in your firewall or proxy. After whitelisting, click "Check for updates" again in the console.
In-Product Notification Setting Disabled	Navigate to Profile Icon → Build Version → Settings. Check whether "Display in-product notifications about updates" is disabled.	Enable the notification setting and save. The notification will appear at the next update-check interval (typically within a few minutes).

Info

If none of the above causes apply and notifications are still missing, download the PPM manually from ME's official website using the build number shown in your console and apply it via UpdateManager.bat. Refer to the Downloading the PPM section for instructions.

How do I distinguish between a Service Pack and a Minor Version from the build string alone?

The position and digit count of each segment tells you the upgrade type required:

Segment	Position	Example	Upgrade Type Required
Service Pack	3rd (4 digits)	`2528`	Manual PPM download + planned downtime required
Minor Patch	4th (2 digits)	`21`	Auto Upgrade eligible — no PPM download or downtime needed

Side-by-side comparison examples:

11.4.2528.19 → 11.4.2528.21 — only Segment 4 changed → Minor Version → Auto Upgrade eligible
11.4.2516.39 → 11.4.2528.21 — Segment 3 changed → Service Pack → manual PPM required
11.4.2528.21 → 11.5.2528.21 — Segment 2 changed → Major version upgrade → check ME's upgrade path guide first

Info

Practical rule: Compare builds left-to-right. If only the last two digits changed, it's a minor patch. If the 4-digit segment changed, plan a maintenance window. If Segment 1 or 2 changed, verify the full upgrade path on ME's official website before proceeding.

PPM Upgradation

Where do I find my current build number?

To find your current build number, click the profile icon at the top-right corner of the Endpoint Central console. The build number is displayed in the panel that appears (for example, Build : 11.5.2605.01). To view a detailed breakdown of the version for each component — Central Server, Distribution Server, and Agents (Windows, Mac, Linux) — click on the build number to open the Version Details panel.

How do I know if an upgrade is available for my current setup?

Endpoint Central notifies you of available upgrades directly within the console. Click the profile icon at the top-right corner — if a newer build is available, an upgrade prompt will be displayed in the panel alongside your current build number. You can also refer to the Service Packs page to check the latest available build and the recommended upgrade path for your current version.

Do agents and Distribution Servers need to be upgraded manually after a PPM upgrade?

No. Agents and Distribution Servers upgrade automatically — no manual intervention is required. Distribution Servers upgrade automatically based on their configured replication interval. WAN Agents associated with a Distribution Server upgrade within 90 minutes after their respective Distribution Server has completed its upgrade. Direct Agents upgrade automatically within the 90-minute refresh interval upon their next contact with the Central Server.

Is it necessary for all component versions to match the upgraded server build version?

No. A component upgrade is triggered only when the PPM build includes a version change for that specific component. If no version change is introduced for a component in the PPM build, its existing version remains fully compatible with the upgraded Central Server and continues to operate without any reinstallation. Therefore, it is not mandatory for all component versions to match the server build version at all times.

Why do I need to apply multiple PPM upgrades to reach the latest version?

If your current build is older than the latest Service Pack (SP) build, you must first upgrade to the SP build before applying any subsequent hotfix builds. Skipping the SP is not supported — the upgrade must follow the prescribed path. The recommended upgrade sequence for your specific version is always displayed on the Service Packs page.

What is the difference between a Service Pack (SP) and a Hotfix?

A Service Pack (SP) is a major cumulative release that consolidates all fixes and changes up to that point into a single unified build. It is introduced primarily for code maintenance and to establish a common baseline across all customers. Any customer wishing to upgrade to a build beyond the SP must pass through the SP first — it cannot be skipped. In the build number format, the Service Pack level is indicated by the second digit (for example, in 11.5.2605.01, the 5 denotes the Service Pack). An SP release also significantly reduces the PPM file size and the time taken to apply it, since all prior patch-handling code is consolidated and cleaned up.

A Hotfix is a smaller, targeted release that addresses specific bugs or issues identified after the last SP. Hotfixes can be applied incrementally on top of the SP baseline and are lighter in size compared to a Service Pack.

In summary: Apply the SP first to establish the baseline, then apply hotfix builds on top to stay current.

Backup FAQs

Does the server go down during a scheduled backup?

No. Scheduled backup is an online backup — the OS Deployer server stays fully operational while the backup runs in the background.

What happens if the server is stopped at the scheduled backup time?

The backup will not run. There is no retry — it will only attempt again at the next scheduled time. Make sure the EC service is running.

How much disk space do I need?

At least 2—2.5× the current database size of free space on both the local drive and your backup destination. For example, if your DB is 10 GB, keep at least 20—25 GB free.

Can I back up to a network folder?

Yes. Ensure the OS Deployer service account has write access to the network folder. For MSSQL, the SQL Server service account also needs write access. Test the connection before relying on it.

My backup is taking a long time. Is this normal?

It depends on your database size and storage speed. Network backups are slower than local ones. For Remote PostgreSQL, the backup runs over the network — speed depends on bandwidth between the EC server and the remote DB server. Schedule backups during off-peak hours to minimize impact.

What is the recovery key email I keep receiving?

Every 45 days, a recovery key is emailed to all administrators. This key lets you restore a backup even if you forget your custom password. Do not delete these emails.

Backups have stopped running. Are they disabled?

No. Backups are never automatically disabled. If 3+ consecutive failures occur, a dashboard warning appears, but backups continue to run on schedule. Fix the underlying issue (disk space, permissions, or network access) and the next run should succeed.

Can I disable scheduled backups?

It is not recommended. VM snapshots and SQL-only backups do not cover application files . We recommend keeping OS Deployer's built-in backup enabled for complete protection.

Is a backup taken automatically before updates?

Yes. The system automatically creates a pre-upgrade backup before every update or patch.

Is it safe to delete files in the ScheduledDBBackup folder?

No, it is not safe to delete files in the ScheduledDBBackup folder manually. It is recommended to have atleast 7 days of backup files in the folder. The system automatically manages the backup files based on the retention count you set in the Admin → Database Settings → Database Backup section. Deleting files manually can lead to loss of critical backup data and may affect your ability to restore in case of an issue.

Restore FAQs

Can I restore a backup taken on a different build version?

No. The backup must be from the exact same build number. If you need to restore on a newer build, install the matching version first, restore, then upgrade.

Do I need to stop the server before restoring?

Yes, always. The restore will not proceed if the service is running. Stop the service via Windows Services before starting the restore.

Will I lose data made after the backup date?

Yes. Restoring replaces all current data with the backup data. Any changes made after the backup date will be lost.

I forgot my backup password. What can I do?

Use the recovery key emailed to all administrators every 45 days. Check your email archive for a message from OS Deployer containing the key. If you can't find it, contact ManageEngine Support.

Do I need to reinstall Endpoint Central before restoring?

Only if you're restoring on a new server. On the same server, just stop the service and run the restore utility — no reinstallation needed.

Will managed agents reconnect after the restore?

Yes, if the server hostname and IP address remain the same. Agents reconnect automatically within few minutes.

Can I restore a backup from a different database type?

No. Cross-type restore is not supported. The backup must match the exact database type of your installation (e.g., you cannot restore a Remote PostgreSQL or MSSQL backup on a Bundled PostgreSQL setup).

Can I restore to a different server?

Yes. Install the exact same version on the new server, copy the backup file, and restore. The build number, database type, and architecture (32-bit/64-bit) must all match.

Server won't start after VM snapshot restore

VM snapshot restore not recommended, in OS Deployer files and database should be in sync so restoring either files or database alone separately using VM snapshot might lead to inconsistency, so always use the Backup-Restore Utility instead of VM snapshots.

I need the exact installer version to restore but my server crashed

Contact support with your backup file details. They can help you locate the exact build installer matching your backup so you can install it on the new server and restore.

How do I change or reset my backup password?

Go to Admin → Database Settings → Database Backup → Backup Protection. The new password applies only to future backups. For existing backups, use the original password or the recovery key.

How do I change the backup schedule, location, or retention count?

Go to Admin → Database Settings → Database Backup. You can change the backup time, retention count, and destination path. After saving, new backups use the updated settings. Existing backups at the old location are not moved automatically.

How do I change the backup failure notification recipients?

Go to Admin → Database Settings → Database Backup. Update the email addresses under the failure notification section. A working mail server must be configured in Admin → Mail Server Settings.

What is the default backup location?

<Install Dir>\UEMS_CentralServer\ScheduledDBBackup\. We strongly recommend changing this to a different drive or network share.

How do I check which database type my server is using?

Go to Admin → Database Settings. The database type (Bundled PostgreSQL, Remote PostgreSQL, or Microsoft SQL Server) is displayed on this page.

How does backup work with a Failover Server (FOS)?

Backups should always be performed on the primary server. The Failover Server does not run independent backups. After restoring on the primary, run SyncSecondary.bat Restore from the primary server's bin folder to sync the secondary server.

Mail Server Settings

Which mail servers support OAuth?

OAuth authentication is tested with Microsoft Outlook (Office365) and Gmail (Gsuite).

Can I configure OAuth for an existing mail account?

Yes, OAuth authentication can be configured for an existing mail account.

Why should I switch to OAuth2.0?

Google and Microsoft deprecated basic authentication for mail servers on May 30, 2022, and October 1, 2022, respectively.To ensure secure and uninterrupted mail communication, it is recommended to use OAuth authentication.

What is a Redirect URL, and where should I configure it?

A Redirect URL (Reply URL) is where the Authorization Server sends response data. Copy and paste the Redirect URL into the application details in the Authorization Server settings.

Why do I get an error stating "Redirect URL invalid/mismatch" when saving settings?

Ensure that the Redirect URL is added to the authorization server’s list of allowed Redirect URLs and that the settings are saved correctly.

What happens when my access token expires?

When the access token expires, a new token is automatically generated using the refresh token.

Was this article helpful?

Yes

Visit Community

Ask questions and get answers