We have a Child relay in our DMZ running RHEL 7. I built a new Child running RHEL 9 and most of our clients have moved to using it (We use auto relay selection.). But there are a dozen systems or so that aren’t moving to the new relay. How do I “retire” a relay so the clients won’t try to use it?
If you are sure that the clients that haven’t moved are able to communicate with the new relay (ICMP + tcp on BigFix port, default 52311) then I would stop the relay (leave the server on for a while but stop the relay service). They should eventually have to auto-select new relay and assuming the new relay is in the same location they should pick it.
If all goes as expected you have essentially taken it out and it’s ready for retire; IF it doesn’t and you find blocked traffic or whatever you can always start back the old relay.
This may or may not be applicable to your environment but in case its of interest for you in the future, one approach we use is to have the DMZ as one of the tertiary failover relays and we reference it using a CNAME. This means when the time comes to refresh the hardware or OS, we can built the replacement, validate eveything then the switchover is then a simple and very quick change to DNS. This removes the dependency that clients need to have refreshed their relays list…and I’m sure many of us suffer those cases of devices that sit in desk drawers for 6 months 
1 Like
I verified that the problem clients could commincate with the new relay, and they could. They just didn’t want to move to the new relay. I finally used @SLB’s solution. I just aliased the old relay name to the new one and they are communicating again. I may shift to specifying just a CNAME but since this is RHEL9 I have plenty of time to work on it. 