Disaster/Recovery- How to rebuild and restore your #1 Symantec Endpoint Protection Manager and re-connect it to your existing SQL database

Article:TECH134475  |  Created: 2010-01-30  |  Updated: 2010-08-31  |  Article URL http://www.symantec.com/docs/TECH134475
Article Type
Technical Solution


Environment

Issue



How do you re-connect a restored SEPM to the existing SQL database?

 


Solution




Administrative Preparation
In order to recover your #1 Symantec Endpoint Protection Manager (SEPM), you must have the following information:
keystore_<timestamp>.jks
server.xml
SEPM server name and IP
Site Name
Domain ID
SEPM encryption password


1.) The keystore file- the file name is [keystore_<timestamp>.jks] (Note: this backup file should be updated on a regular basis) The keystore contains the private-public key pair and the self-signed certificate.

To create this file, in the SEPM Console select Admin>>Highlight the server name>> select Manage Server Certificate.
Follow the instructions and perform a Backup of the Server Certificate.
Save the file to secure location outside of the Symantec Endpoint Protection Manager folders.
The original file created during the install is located in \\Program Files\Symantec\Symantec Endpoint Protection Manager\Server Private Key Backup but should only be used if there is not a current backup.

2.) Save the server.xml file, located at:
\\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\server.xml
to your secure backup location.

Within this file is the keystorepass password. Open this file with Internet Explorer and find the password.
The password string looks like the following: keystorePass=WjCUZx7kmX$qA1u1 (the actual password will be unique)
Save this password to a text file, and save the text file to the secured location.

3.) Place the following information in the text file:
Site name
Encryption password
SEPM server name and IP
Domain ID#

There are 2 methods to obtain the Domain ID#.
a. In the SEPM Console- Admin>>Domain
b. Use the following SQL script (blue type) to query the SQL SEPM database directly (must be performed on the SQL server)
(Sem5 is the default database name- change the name to what you named the database)

use sem5
SELECT [NAME],[TYPE],[DOMAIN_ID]
FROM [sem5].[dbo].[IDENTITY_MAP]
Where type in (‘SemServer’,’SemSite’,’SemDomain’,’SemDomain’)

(Note the single quotes, periods and commas)

Recovery Process
Start the original setup from the downloaded CD/DVD to install a new SEPM. After the initial install is complete you will begin the configuration.

Select "Advanced"


Select "More than a 1.000"


Select "2nd" option


Enter your server name



Enter the SQL server name or its IP number



Select "YES"


After the configuration is complete the SEPM Console will start.
After you logon you must update the SEPM certificates with the saved Backup information.

Manage the Server Certificate


Select "Update the server certificate"


Select the JKS Keystore


Select the JKS file and enter the password you saved from the keystorepass in the server.xml file (use only the hashed password)


Certificate has been updated


Check and update the Domain ID#
(If you had a domain other than the Default Domain, add the backed up domain first and then delete the old domain)


Adding the backed up domain information


Reset the SEPM service and SMC client service
You must stop and restart the SEPM service in order for the new information to complete updating.
The SMC service on the SEP client must be restarted also. (Normal shutdown and restarting the clients daily is sufficient to accomplish this)



 



Legacy ID



2010063009544748


Article URL http://www.symantec.com/docs/TECH134475


Terms of use for this information are found in Legal Notices