Debugging a Symantec AntiVirus to Symantec Endpoint Protection migration

Article:TECH105976  |  Created: 2008-01-19  |  Updated: 2013-06-06  |  Article URL
Article Type
Technical Solution


You need to know how to debug a Symantec AntiVirus (SAV) to Symantec Endpoint Protection (SEP) migration.



  1. You enter legacy Symantec AntiVirus server data.
  2. The Migration Wizard launches extractor.exe for each server entry.
    Note: For Symantec Endpoint Protection 11.0.x, this was referred to as the Migration and Deployment Wizard.
  3. The extractor.exe generates the topology and policy xml files for all available data on this Symantec AntiVirus server.
  4. The Migration Wizard then attempts to process, parse, and import legacy topology/policy data into the Symantec Endpoint Protection database.


Log Files

  • install_log.err

    Location: \Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\install_log.err

    • Java exceptions in this file indicate possible error processing the xml output from the extractor.
    • ValidationExceptions result from a change in server schema, or error with xml output from the extractor.
  • install_log.out
  • Location: \Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\install_log.out

    • The Migration Wizard will write output errors from extractor.exe to this file. Unable to contact host is the most likely error message from the extractor in this file.


XML Files

  • The extractor dumps all of its output xml files into the following directory:
    \Program Files\Symantec\Symantec Endpoint Protection Manager\data\temp\SAVImport\

    The Migration Wizard will attempt to parse and import files from here.

  • Config.xml is the root file that drives the processing of all other policy xml files. All known server groups, servers, and
    client groups are listed along with their associated policies.


Client Side Debugging Steps and Tips

Migration error messages are usually generic, e.g " Migration failed." Check the log files first to see if this is client-side or server-side error. (See notes under section Log Files above).

If this is a client side problem (e.g. missing attributes causing parsing error), here are some steps to follow in order to debug on the client side:

    1. Obtain the registry export file from the old Symantec AntiVirus primary server.

      This is in the following location in the registry on the primary server:

      NOTE: Make sure you get the reg export BEFORE migration runs, as sometimes this hive is deleted by the migration tool depending on which step the error occurs.
    2. Locate a test client, preferrably a virtual machine (VM), where you can reproduce the migration error. Emulate the primary server by applying its registry key layout. For this purpose, find a test machine (or VM) that does not have Symantec AntiVirus installed.
    3. On the test client, import the registry file from step 1. Now you have a machine that emulates the primary server, in the sense that it has the same registry values that are important.
    4. Open a command prompt.
      1. Click Start, and then Run.
      2. Type cmd and press Enter.
    5. In the command prompt window, type the following text:
      cd c:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin
    6. Press Enter.
    7. Type the following text:
      extractor.exe -i -g -s
    8. Press Enter.
    9. A console window will pop up. In this window type the text:
      -o C:\\temp

    10. Press Enter.

This writes temporary files under C:\temp on the test client. The parameters entered tell the extractor to run in interactive, graphics mode, and points to a local server (instead of to a remote primary server).


Legacy ID


Article URL

Terms of use for this information are found in Legal Notices