How to bypass the IIS proxy after migrating to Symantec Endpoint Protection 12.1

Article:TECH161964  |  Created: 2011-06-09  |  Updated: 2012-03-19  |  Article URL http://www.symantec.com/docs/TECH161964
Article Type
Technical Solution


Issue



You have migrated from a legacy version of Symantec Endpoint Protection to version 12.1 and want to bypass the IIS proxy (ISAPI) that is used to maintain functionality during the transition to the new version.


Environment



Symantec Endpoint Protection 12.1 (full version only)


Cause



Version 12.1 uses Apache instead of IIS for providing Web services to the Symantec Endpoint Protection Manager. To make sure that the migration goes smoothly, an ISAPI  proxy is used to pass SEP Client communications from IIS to Apache when you upgrade to Symantec Endpoint Protection 12.1. After the migration completes, you can bypass the proxy to improve server performance.


Solution



You bypass the ISAPI proxy by editing a pair of Apache and Tomcat configuration files on the Symantec Endpoint Protection Manager, and then turning off IIS. You can use any plain text editor to edit the configuration files.

WARNING: The following procedures have you stop or change ports in IIS. Other applications that rely on IIS will be affected if you stop IIS or reconfigure the ports that other applications are also using.

Workflow

Start this workflow after you migrate to version 12.1.

NOTE: As an optional step at the end of the workflow, you can uninstall IIS if it is not needed for another application.

Begin by editing the configuration files:

  1. In a plain text editor open C:\Program Files\Symantec\Symantec Endpoint Protection Manager\apache\conf \httpd.conf
  2. Find the line: Listen 8014
  3. Under Listen 8014, create another listen statement for port 80: Listen 80 
    Note: Port 80 is the HTTP default port. If you use a different port for HTTP, enter the port number you use in your network environment.



 

  1. Save and close the file.
    NOTE: DO NOT restart Apache. IIS is still running and a conflict will occur if you attempt to start Apache at this point.
     
  2. In a plain text editor open C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\conf.properties
  3. Find and delete the line, scm.iisproxy.http.port=80
  4. Find and delete the line, scm.iis.http.port=80
    NOTE: The port numbers shown here are the defaults.
     
  5. Save and close the file.

Additional information about the 'listen' statement is available at the following URL: httpd.apache.org/docs/2.2/mod/mpm_common.html#listen

Next, stop IIS from the IIS Control Panel, or if you are using IIS for other applications, change the port numbers for the Symantec Endpoint Protection Manager program.

  1. Go to Start > Settings > Control Panel > Administrative Tools > Internet Information Services (IIS) Manager.
  2. If you are not using IIS for other applications, you can stop the service. In the left pane, expand the tree to Default Web Site.
  3. Right-click on Default Web Site and click Stop.
  4. If you want to leave IIS running, right click on Default Web Site and select Properties.
  5. Change the TCP port numbers to your desired port numbers (those required by the other applications running on IIS) and then click OK.
  6. Close the IIS Manager.

Complete the workflow by restarting the Symantec Endpoint Protection Manager services:

  1. Go to Start > Settings > Control Panel > Administrative Tools > Services.
  2. Highlight the Symantec Endpoint Protection Manager Webserver service, and in the left pane, click Stop.
  3. Click OK on the message indicating the other service that will also be stopped.
  4. Highlight the Symantec Endpoint Protection Manager service, and in the left pane, click Start. The other dependent service will start at the same time.
  5. After a few seconds, refresh the Services list and verify that the Symantec services have restarted. If you made an error in either of the configuration files, the services will stop after initially trying to start.

The IIS (ISAPI) proxy is now disabled and SEP Client communication is now going directly to Apache.

If you do not want to use IIS at all, you can uninstall it from the Add/Remove Programs > Windows Components Control Panel.

 

 

 




Article URL http://www.symantec.com/docs/TECH161964


Terms of use for this information are found in Legal Notices