Installing Symantec Endpoint Encryption version 8.0.0 for the first time.

Article:TECH155082  |  Created: 2011-03-08  |  Updated: 2011-06-02  |  Article URL http://www.symantec.com/docs/TECH155082
Article Type
Technical Solution

Issue



Attempting to install the SEE version 8.0.0 for the first time


Solution



Verify the environment

Pre-requisites for installation of Symantec Endpoint Encryption:
 
Verify the Environment and the System Requirements.
 
An Active Directory Domain with the SEE Manager Computer(s), SEE Servers and Client Computers in the same AD forest.
 
SQL Server Instance Software Requirements :
Microsoft SQL Server 2005 Express with Advanced Services, Standard, or Enterprise (32-bit x86 only)
Microsoft SQL Server 2008 Express with Advanced Services, Express with Advanced Services x64, Standard, Standard x64, Enterprise, or Enterprise x64
 
SQL Connection Type :
Local and remote connections using either TCP/IP or TCP/IP and named pipes
 
IIS version :
IIS 6.0, 7.0
 
At least one Manager Computer running:
Windows XP Professional SP2, Windows Vista SP1 or SP2, Business, Business 64-Bit, Ultimate, Ultimate 64-Bit, Enterprise, or Enterprise 64-Bit
Windows 7 Professional, Professional x64, Ultimate, Ultimate x64, Enterprise, Enterprise x64
 
Additional Software :
Microsoft .NET Framework 2.0.x, 3.0, or 3.5, MMC 3.0, Server 2003 Administration Tools Pack (adminpak.msi)
 
or
 
Windows Server 2003 Standard, Enterprise SP1 or SP2,
Windows Server 2003 R2 Standard, Enterprise SP2.
Windows Server 2008 Standard, Standard x64, Enterprise, or Enterprise x64 SP2
Windows Server 2008 R2 Standard or Enterprise
 
Additional Software :
Group Policy Management Console with SP1 (GPMC.msi)
Microsoft .NET Framework 2.0.x, 3.0, or 3.5
MMC 3.0
 
Client Computers running:
Windows XP Professional SP2, Windows Vista SP1 or SP2, Business, Business 64-Bit, Ultimate, Ultimate 64-Bit, Enterprise, or Enterprise 64-Bit
Windows 7 Professional, Professional x64, Ultimate, Ultimate x64, Enterprise, Enterprise x64
 
After verification of a supported environment, follow this specific install sequence:
1. Install the SEE Server
2. Install the SEE Manager
3. Install the SEE Clients
 
Mac Client Computer Software Requirements :
Apple Mac OS X 10.6.5 or later (Intel)
 
 
1. “MSIEXEC /i "[path]\Symantec Endpoint Encryption Management Server.msi"
2. The Welcome page of the Management Server Install Shield Wizard appears. “Click Next”.
3. The License Agreement page appears. Select the option I accept the terms in the license agreement, then click  “Next”.
4. Click the arrow to open the list and select an instance that is local to your current computer
5. Click Browse to select from a list of instances on the network.
6. Type the NetBIOS name of the instance, e.g., SEEDB-01. If it is a named instance, you must also include the name of the instance, e.g., SEEDB-01\NAMEDINSTANCE.
7. Click Next. The Database Access page will appear.
8. Click Search. The Browse for a user account window opens. Click Browse next to the Domain or server box.
9. The Select a Domain or Server window opens. Select a domain from the list and click OK.
10.Click Browse next to the User name box. The Select a User Name window opens. Select a user account from the list and click OK.
11.Click Next.
12.Click Change to choose a different location to install the Management Server files, or click Next to accept the default installation location.
13.The Ready to Install the Program page appears.
14.Click Install.
After the Symantec Endpoint Encryption Management Server Install Shield Wizard Completed page appears,
click Finish. The Management Server Configuration Wizard will launch.
 
The Management Server Configuration Wizard will launch with its first page displayed, Directory Service Synchronization Options.
 
1. Select the Microsoft Active Directory and/or Novell eDirectory check boxes to allow synchronization with the respective directory service.
2. Click Next
3. If you selected the Microsoft Active Directory check box on the Directory Service Synchronization Options page, the Active Directory Configuration area will be available.
4. In the Active Directory Forest Name box, type the name of the specified forest.
5. In the Preferred Global Catalog Server box, type the FQDN of a global catalog server of the specified forest.
6. In the Active Directory User Name, Password, and Confirm Password boxes, type the credentials of the Active Directory synchronization account.
7. In the User Domain box, type the NetBIOS name of the Active Directory synchronization account.
8. To synchronize with additional Active Directory forests, click Add. The status text above the right side of the Active Directory Forest Name field will update to display 2/2 AD Forest, indicating that the configuration settings for the second of a total of two forests are currently displayed. Type the configuration information for the new forest.
 
9. On the Web Service Configuration page, set the protocol and/or port used for communications between the Client Computers and the Management Server.
10.In the Account Name, Password, and Domain boxes, type the credentials and domain of the IIS client account
11.Select the HTTP port
11.Select the HTTPS option to encrypt these communications, if you are using the HTTPS
 
1. Open the Internet Information Service (IIS) Manager snap-in. Expand the Symantec Endpoint Encryption Management Server computer.
   For Windows Server 2003, expand and select Web Sites.
   For Windows Server 2008, expand Sites, then right-click Symantec Endpoint Encryption Services and choose Switch to Content View.
2. Verify that the Symantec Endpoint Encryption Services website is listed and that it is started.
3. Click on Symantec Endpoint Encryption Services, and verify that the right-hand pane contains the following
    three items:
 
1.        The bin subfolder,
2.        The GECommunicationWS.asmx file, and
3.        The web.config file
 
Verify the installation configuration in IIS and SQL
 
1. Open the Internet Information Service (IIS) Manager snap-in. Expand the Symantec Endpoint Encryption Management Server computer.
    For Windows Server 2003, expand and select Web Sites.
    For Windows Server 2008, expand Sites, then right-click Symantec Endpoint Encryption Services and choose Switch to Content View.
2. Verify that the Symantec Endpoint Encryption Services website is listed and that it is started.
3. Click on Symantec Endpoint Encryption Services, and verify that the right-hand pane contains the following
    three items:
1.        The bin subfolder,
2.         The GECommunicationWS.asmx file, and
3.        The web.config file
  
4. For Windows Server 2003, highlight Web Service Extensions. Check to make sure that ASP.NET v2.0.50727 is listed in the right-hand panel with a status of Allowed.
5. Open the Event Viewer snap-in and examine the Application event log to verify that there are no errors generated by the event sources ADSyncService or NovellSyncService.
 
6. In the Microsoft SQL Server Management Studio (part of an optional install of tools for SQL Server 2005) using administrator-level privileges, and verify the following:
    1. A new database has been created using either the name you specified or the default name, SEEMSDb.
    2. The Management Server account you specified in the Management Server Install Shield wizard has been added as a user of the new database.
    3. The new database has been populated with Symantec Endpoint Encryption–specific tables, for example, dbo.GEMSEventLog.
    4. If you selected eDirectory synchronization, the contents of the dbo.NovellContainers database table reflect the container structure of your eDirectory.
    5. Check the Windows System Event Viewer on the computer hosting the Symantec Endpoint Encryption database.
    6. Events related to the creation of the Symantec Endpoint Encryption database will be logged in the Application category with the source MSSQLSERVER. Ensure that no error messages were generated.
 
Install the .Net Framework on the Server
 
If the operating system is 32 bits, launch the Symantec Endpoint Encryption Framework.msi file. If the operating system is 64 bits, launch the Symantec Endpoint Encryption Framework x64.msi file.
 
1. The Welcome page of the Framework InstallShield Wizard appears. Click Next.
2. The Symantec Endpoint Encryption Multi-Factor Authentication page of the Framework Install Shield appears.
3. Click Next. The License Agreement page appears. Select the option I accept the terms in the license agreement, then click Next.
4. The Token Authentication page appears. (Choose one)
     1. Select None to use password authentication only.
     2. Select RSA USB tokens and cards to use devices that support the RSA data model.
     3. Select Common Access Card to use devices that support the CACv2 data model.
     4. Select Smart card to use devices that support the GSC-IS 2.1 data model.
     5. Select Aladdin eToken to use devices that support the Aladdin eToken data model.
     6. Select Personal Identity Verification to use devices that support the PIV-I/PIV-II or CAC NG (Transitional PIV) data model.
 
5. Choose a token type, or accept the default value of None, then click Next.
6. Click Change to choose a different location to install the Manager Console, or click Next to accept the default installation location.
7. Select the Use SEE Server check box selected to install this Manager Console in default mode
8. Select the Microsoft SQL Server instance hosting the Symantec Endpoint Encryption database.
9. Click Browse to select from a list of instances, or type the NetBIOS name of the instance in the Database Server box
 
Note : If the database was created using the default name of SEEMSDb, accept this name. Otherwise, type the unique custom name that the
database was created within the Database Name box. If the SQL Server instance was configured to use TLS/SSL encryption, select the Enable TLS/SSL check box. Select the Custom port check box if your database server has been configured to use a custom port. Selecting the Custom port check box will cause a port field to become available and allow you to type the custom port number.
 
10.Select Windows Authentication or Select SQL Account from the Authentication list box and type the SQL credentials of the Policy.
11.Click Next.
12.Enter the Symantec Endpoint Encryption Management Password page appears
13.Click Next
14.On the Ready to Install the Program click Install
15.After the Framework Install Shield Wizard Completed page appears, click Finish.
 
Full Disk Install Shield Wizard
 
1. Launch the Symantec Endpoint Encryption Full Disk Edition x64.msi file.
 
Note : If the operating system is 32 bits, launch the Symantec Endpoint Encryption Full Disk Edition.msi file
 
2. The Welcome page of the Full Disk Install Shield Wizard appears. Click Next.
3. The License Agreement page of the Full Disk Install Shield Wizard appears. Select the option I accept the terms in the license agreement, then click Next.
4. The Ready to Install the Program page appears. Click Install
5. After the Full Disk Install Shield Wizard Completed page appears, click Finish



Article URL http://www.symantec.com/docs/TECH155082


Terms of use for this information are found in Legal Notices