Preparing for and Recovering from Disaster with Symantec Endpoint Protection
|Article:TECH105658|||||Created: 2008-01-19|||||Updated: 2011-06-03|||||Article URL http://www.symantec.com/docs/TECH105658|
What steps should I take to prepare for a hardware or software disaster on the Symantec Endpoint Protection Manager (SEPM)? How do I recover the SEPM from a hardware or software disaster after following these steps?
- Encryption password (set during installation of the SEPM)
- IP address
- Host name
- Site name
- Website name (if running on a custom website)
- Website port (if running on a custom port)
- Database type
- Database name (sem5 by default)
- Database account name (sa for SQL, DBA for embedded)
- Database account password
Be sure to back up your database on a regular basis, preferably weekly, and store the backups off site.
Backups in the default location may be lost when the manager is uninstalled.
Database backups are located in:
\Program Files\ Symantec\Symantec Endpoint Protection Manager\data\backup
Warning: When moving the database file to another location, assure the integrity of the copied archive. If the archive is corrupted it will not be possible to restore the database!
Note: Backups created using the built-in backup utility that are larger than (or that result in a zip file that is) 4 GBs will appear corrupt or invalid to third party zip utilities.
Create new JavaKeystore backup
In the SEPM console, under admin and then servers.
Click on the local site, and then manage server certificate.
Choose Backup Certificate
Copy or move the following to another folder:
For purposes of this document, we will use a target folder named C:\SymBAK
× The database backup, named <Date>
× The folder \Program Files\Symantec\Symantec Endpoint Protection Manager\Server PrivateKey Backup
Create a new text file and save it to C:\SymBAK – we will call it SEPM_Backup.txt
× Open the \Program Files\Symantec\Symantec Endpoint Protection Manager\Server PrivateKey Backup\server_timestamp.xml file
× Copy/paste the password string that looks like keystorePass="WjCUZx7kmX$qA1u1" (without the quotations)
Copy/Paste the Domain ID into the text file
Go to > Admin > Domains > The Domain ID displays in the main screen; Ctrl-C to copy.
Paste the Domain ID into the text file, along with identifying information. For example:
Domain Name – Default
Domain ID 653769769B408C7D016D756EF6240C2C
Domain Name – New York
Domain ID 668942569B408F3E016D756EE6791C4C
Later, you must enter the identical key if you do not have a database backup to restore.
It is not required if you have a back up, but it is a best practice.
Gather additional information about your environment
Gather the following information about the SEPM and enter it into the SEPM_Backup.txt file:
If you have a catastrophic hardware failure, the new hardware on which you reinstall the SEPM must have the same IP address and host name as the failed machine.
Save and close the text file, as it now contains the essential information required for disaster recovery.
Copy these files to removable media and store in a safe place.
Depending on database type (SQL or Embedded), your text file should look like:
Disaster recovery process requires sequentially completing the following:
- Reinstall the Symantec Endpoint Protection Manager
- Restore the server certificate
- Restore client communications
- Prepare for SEPM recovery
Recover the files that were secured in preparation.
If you had a catastrophic hardware failure and had to rebuild the computer, you must assign the original IP address and host name.
This information will be in the SEPM_Backup.txt file.
- Reinstalling the Symantec Endpoint Protection Manager
During the installation, in the Welcome panel, check Install my first site,
Continue until prompted for the pre-shared key.
In the Site Information panel > Encryption Password boxes, enter the <password name>
Note: If you are restoring without a backed up database, your restoration will fail if you do not enter the password correctly.
Continue with the installation, creating the same type of database as the previous installation when prompted.
Continue until the "Management Server Installation Wizard - Configuration Completed" panel appears.
When complete, do not run the Migration and Deployment wizard.
- Restoring the server certificate
The server certificate is a Java keystore, containing the public certificate and the private-public key pairs.
You must enter the password that is contained in the SEPM_Backup.txt file.
Log on to the Console
Go to > Admin > Servers > Local Site >
Expand Local Site and Select the Computer Name that identifies the site
Under “Tasks,” Click Manage Server Certificate > Next
In the "Manage Server Certificate” panel, check Update the Server Certificate > Next.
In the "Specify server certificate type" panel, check JKS keystore > Next
Note: If you have implemented one of the other certificate types, select the one that applies.
Browse to your backed up keystore_<timestamp>
Copy/Paste the keystore password into the Keystore and Key boxes. (Use Ctrl-V)
Click Next > Finish
If you receive an error message indicating an invalid keystore file, you may have entered invalid passwords.
Retry the password copy/paste.
Exit the Console
To restore the certificate, go to Services in Administrative Tools and Restart the Symantec Endpoint Protection Manager service.
Restoring client communications
Restoring client communications depends on whether or not you have a database backup.
If you have a database backup, you can restore this database and then resume client communications.
The advantage to having a database backup is that clients reappear in their groups, and are subject to the original policies.
Without a database backup, you can still restore communication with clients, but they appear in the Temporary group.
You must then recreate your client group(s) and custom policies.
Restoring client communications with a database backup
Go to Services in Administrative Tools and Stop the Symantec Endpoint Protection Manager service.
Create the directory:
\Program Files\Symantec\Symantec Endpoint Protection Manager\data\backup
Copy your database backup file into this directory.
Go to your Start menu > Programs > Symantec Endpoint Protection Manager > Database Back Up and Restore.
Click Restore > Select the time stamped backup > OK.
Restore time varies, depending on the size of your database.
When complete, OK and Exit.
Reconfigure the Management Server
Go to your Start menu > Programs > Symantec Endpoint Protection Manager > Management Server Configuration Wizard
Welcome Screen > Check Reconfigure the Management Server > Next
Use the existing ports for the installation and enter the database password when prompted.
Configuration takes a few minutes.
When completed, click Finish.
Log on to the Symantec Endpoint Protection Manager Console.
In the Clients Tab, Right-click your Groups > Run Command on Group > Update Content.
If the clients do not respond after about one half hour, restart the clients.
Restoring client communications without a database backup
For each Endpoint Protection domain, you must create a new domain and insert the same domain ID into the database.
Best practice is to create a domain with a name identical to the previous name.
The Default domain is the System domain.
To recreate the Default domain, Add a new Domain and append some value to the name.
For example, Default_02. After restoring the domains, you can delete the old Default Domain, and rename the new one to Default.
Log on to the Symantec Endpoint Protection Manager Console
Go to > Admin > Domains > Add Domain > Enter the Domain Name
Click Advanced > Copy/Paste the Domain ID from the SEPM_Backup.txt file > OK
Repeat these steps for each domain to recover.
If you use only one domain:
× Administer the newly created Default_02 domain.
× Delete the unused Default Domain
× Rename the new domain to Default
Restart all client computers; they will appear in the Temporary group.
To re-connect to an existing SQL database while restoring your #1 SEPM see the following document:
Disaster/Recovery- How to rebuild and restore your #1 Symantec Endpoint Protection Manager and re-connect it to your existing SQL database
The information above references information covered in the Installation Guide
provided under the Documentation folder on CD1 (installation_guide.pdf)
The keystore file
The keystore file name is keystore_<timestamp>
The keystore contains the private/public key pair and the self-signed certificate.
The server.xml file name is server_<timestamp>
The server certificate is a Java keystore, containing the public certificate and private-public key pairs.
This password is also in the original server_<timestamp>
During installation, these files are backed up to the directory named:
\\Program Files\Symantec\Symantec Endpoint Protection Manager\Server PrivateKey Backup
You can also back up these files from the Admin panel in the Symantec Endpoint Protection Manager Console.
The password is used for both storepass and keypass.
Storepass protects the JKS file.
Keypass protects the private key.
These passwords restore the certificate
Domain IDs are required if you do not have a backup of the database.
This ID is in the sylink.xml file on the client computers in each domain.
The string in the sylink.xml file looks like: DomainId="B44AC676C08A165009ED819B746F1".
You add this ID to a new domain to contain your existing clients.
Article URL http://www.symantec.com/docs/TECH105658