Symantec Endpoint Protection Manager: Moving from the embedded database to Microsoft SQL Server

Article:TECH102547  |  Created: 2007-01-27  |  Updated: 2012-08-16  |  Article URL http://www.symantec.com/docs/TECH102547
Article Type
Technical Solution


Issue



You would like to know the process for moving from the embedded database to Microsoft SQL Server as the database for the Symantec Endpoint Protection Manager (enterprise version).

 


Solution



Before you begin, do the following:

  • Sever communications with the client computers before backing up the database. This will prevent any data loss between the backup and the actual database upgrade. The easiest way to do this is to stop the Symantec Endpoint Protection Manager service.
     
  • Remove any replication partnerships established with this Symantec Endpoint Protection Manager.
     
  • Install an instance of a supported version of Microsoft SQL Server.
    For the supported versions of Microsoft SQL Server for your version of Symantec Endpoint Protection, see the following document: Release Notes and System Requirements for all versions of Symantec Endpoint Protection and Symantec Network Access Control

Note: You must uninstall and reinstall the Symantec Endpoint Protection Manager as part of this process. This is currently the only way of removing the embedded database (after backing it up) and reconfiguring the Symantec Endpoint Protection Manager for Microsoft SQL. During the Symantec Endpoint Protection Manager reinstallation, it is recommended that you let the installer create and initialize the database; you may optionally use a SQL database that you have created and initialized yourself.

The procedure you follow depends upon whether the file Recovery_timestamp.zip (where timestamp represents the date and time of the creation of the file) exists on the machine that runs Symantec Endpoint Protection Manager. This file is found by default under C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Server Private Key Backup\. Your installation location may vary.

 

To upgrade from the embedded database to SQL with a recovery_timestamp.zip

Note: Do not select the recovery file during any portion of this procedure.

  1. Back up the Database with the Symantec Endpoint Protection Manager Database Back Up and Restore tool (Start > Programs > Symantec Endpoint Protection Manager > Symantec Endpoint Protection Manager Tools > Database Back Up and Restore > Back Up).
     
  2. Copy Recovery_timestamp.zip to another location, and then extract both keystore.jks and settings.properties from the Recovery_timestamp.zip. Open settings.properties with Notepad.
     
  3. Uninstall Symantec Endpoint Protection Manager and reboot.
    Do not remove the database backup files.
     
  4. Reinstall Symantec Endpoint Protection Manager with the Microsoft SQL Server database.
    Do not select the recovery file.
     
  5. Log on to the Symantec Endpoint Protection Manager, and then restore the keystore.jks file.
    1. Click the Admin tab, and then click Servers.
    2. Under View Servers, expand Local Site, and then click the computer name that identifies the local site.
    3. Under Tasks, click Manage Server Certificate.
    4. In the Certificate dialog box, click Next > Update the Server Certificate > Next > JKS Keystore (JKS) > Next.
    5. Click Browse, and then browse to and select your extracted keystore.jks file.
    6. In the settings.properties file that you opened in Notepad, copy the keystore.password and then paste it, using Ctrl + V, into the Keystore Password and Key Password boxes. The only supported paste mechanism is Ctrl + V.
    7. Click Next until you have completed restoring the certificates, and then log out of the Symantec Endpoint Protection Manager.
       
  6. Stop the Symantec Endpoint Protection Manager and Symantec Endpoint Protection Manager Webserver services.
     
  7. Restore the database with the Symantec Endpoint Protection Manager tool (Start > Programs > Symantec Endpoint Protection Manager > Symantec Endpoint Protection Manager Tools > Database Back Up and Restore > Restore).
     
  8. When the database is restored, the Management Server Configuration Wizard starts.
    Do not select the recovery file.

    Note: While reconfiguring the management server, you may receive the warning, "The management server name already exists. Do you want to replace it with the new server?" Click Yes. Otherwise, the Symantec Endpoint Protection Manager lists the server name twice.
     
  9. When configuration is complete, log on to Symantec Endpoint Protection Manager.

 

To upgrade from the embedded database to SQL without a recovery_timestamp.zip

  1. While logged on to the Symantec Endpoint Protection Manager, back up the Symantec Endpoint Protection Manager server certificate.
    Do not simply copy or move the Server Private Key Backup folder. This folder may have multiple files, none of which is necessarily the current certificate.
    1. Click the Admin tab, and then click Servers.
    2. Under View Servers, expand Local Site, and then click the computer name that identifies the local site.
    3. Under Tasks, click Manage Server Certificate.
    4. In the Certificate dialog box, click Next > Back up the Server Certificate > Next.
    5. Choose a new backup location, such as the Desktop.
    6. Click Next until you have completed backing up the certificates.
             
      Your certificate backup will consist of two files: keystore_timestamp.jks and keystore_timestamp.xml.
       
  2. Back up the database with the Symantec Endpoint Protection Manager Database Tool (Start > Programs > Symantec Endpoint Protection Manager > Symantec Endpoint Protection Manager Tools > Database Back Up and Restore > Back Up), and then move or copy the backup from the following default directory:
    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\backup\
     
    It is important you move the *.zip file from this location, as it may be removed during the uninstallation of the Symantec Endpoint Protection Manager.

    Warning: When moving the database backup file to another location, assure the integrity of the copied archive. If the archive is corrupted it will not be possible to restore the database!

    Note: Backups created using the built-in backup utility that are larger than (or that result in a zip file that is) 4 GBs will appear corrupt or invalid to third party zip utilities.
     
  3. Uninstall the Symantec Endpoint Protection Manager and embedded database.
    Use the Change installation option in Add/Remove Programs.

    Warning: You must uninstall the Symantec Endpoint Protection Manager with the Change installation option or the database upgrade process will fail. This option allows for the removal of the embedded database. The Remove option does not uninstall the embedded database.
     
  4. Reinstall Symantec Endpoint Protection Manager with the Microsoft SQL Server database.
    You can create a new database. You can also use an existing database if you are using a manually initialized database. You will be overwriting this database with your backup later in this procedure.

    Note: The Symantec Endpoint Protection Manager must be reinstalled to the same computer that it was removed from, or on a computer with the same IP address and host name.
     
  5. Log on to the Symantec Endpoint Protection Manager, and then restore the keystore.jks file.
     Do not simply replace the contents of the Server Private Key Backup folder with your certificate backup from a previous step.
    1. Click the Admin tab, and then click Servers.
    2. Under View Servers, expand Local Site, and then click the computer name that identifies the local site.
    3. Under Tasks, click Manage Server Certificate.
    4. In the Certificate dialog box, click Next > Update the Server Certificate > Next > JKS Keystore (JKS) > Next.
      If you have implemented one of the other certificate types, select that type.
    5. Click Browse, and then browse to and select your keystore_timestamp.jks file.
    6. With Notepad, open the keystore_timestamp.xml file from the server certificate backup made in Step 1, and locate the keystore password by searching for keystorePass=.
    7. Copy the value between quotes and then paste it, using Ctrl + V, into the Keystore Password and Key Password boxes.
    8. Click Next until you have completed restoring the certificates, and then log out of the Symantec Endpoint Protection Manager.

      Note: If you get an error message that says you have an invalid keystore file, you may have entered invalid passwords. Retry the password copy and paste. The only supported paste mechanism is Ctrl + V.
       
  6. Stop the Symantec Endpoint Protection Manager service.
     
  7. Restore the backup copy of the database (Start > Programs > Symantec Endpoint Protection Manager > Symantec Endpoint Protection Manager Tools > Database Back Up and Restore > Restore).
             
  8. Reconfigure the Symantec Endpoint Protection Manager management server to recognize the Microsoft SQL database.
    This step is necessary to reconfigure the restored database so that it is recognized as part of a SQL server installation.
    1. Run the Management Server Configuration Wizard from the Start menu.
    2. Select Reconfigure the management server, and then click Next.
    3. Customize Server and Web console port as desired. The Server name should remain the same. Click Next.
    4. Click Microsoft SQL Server for database type, and then click Next.
    5. Specify the Microsoft SQL server (name\instance), port, database name and password.
    6. Click Next until you have completed the wizard.

      Note: While reconfiguring the management server, you may receive the warning, "The management server name already exists. Do you want to replace it with the new server?" Click Yes. Otherwise, the Symantec Endpoint Protection Manager lists the server name twice.
       
  9. Log on to Symantec Endpoint Protection Manager.

 

Technical Information

During the Symantec Endpoint Protection Manager installation, rather than let the installer initialize the database, you may use a Microsoft SQL Server database that you have created and initialized yourself:

Planning for Microsoft SQL database creation and management with Symantec Endpoint Protection 11.x
http://www.symantec.com/business/support/index?page=content&id=TECH105256&locale=en_US

Symantec Endpoint Protection Manager: How to create and use a custom SQL 2005 database and user
http://www.symantec.com/business/support/index?page=content&id=TECH104988&locale=en_US

 




Legacy ID



2007092722095248


Article URL http://www.symantec.com/docs/TECH102547


Terms of use for this information are found in Legal Notices