How to move the Symantec Endpoint Protection Manager server to a new VM or server machine with a different IP.

Article:TECH95311  |  Created: 2009-01-31  |  Updated: 2012-09-06  |  Article URL
Article Type
Technical Solution


Plans are to move the Symantec Endpoint Protection Manager (SEPM) to a new Virtual Machine (VM) or server machine with a new IP address but the machine name remains the same. Where are the steps to perform the move with minimal impact to installed Symantec Endpoint Protection (SEP) clients?


There is a need to decommission an old SEPM server.  There is no requirement to keep the same IP address.


This method will allow the migration of the SEPM to another VM or server machine with minimal use of the SylinkReplacer. The way to do this will require that both the old server and the new one are left online for a short time. These steps should help make the process quick and painless.

    1. Perform the steps in Symantec Endpoint Protection 11.x: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager for creating a disaster recovery plan and backup files.
    2. Clone the original SEPM server to your VM or new server machine with the new IP and same machine name.
      • Alternately choose to install everything fresh and restore the SEPM database and settings including the private key backup using the disaster recovery steps.
    3. Edit the Management Server List in the SEPM on the new server to change the IP the clients are reporting to.
        1. In the Symantec Endpoint Protection Manager console, click Policies.
        2. In the Policies page, under View Policies, click Policy Components > Management Server Lists
        3. Highlight the Default Management Server List and click Copy the List under the Tasks menu.
        4. Click Paste List under the Tasks menu.
        5. Double-click the new Copy of Default Management Server List.
        6. Rename the list as desired.
        7. Click the IP address listed for the old server and click Edit.
        8. Input the correct new IP and click OK.
        9. Delete any additional adaptor IPs, if any, that are not relevant.
        10. Verify the machine name is correct in the servers list and click OK.
        11. Click Assign the List in the Tasks menu.
        12. Check all of the boxes that are not grayed out.
        13. Click Assign to switch the list in use then click Yes to accept.
        14. There should now be a 0 in the Group and Location Use Count for the Default list and a non-zero number in the new list.
    4. Change the DNS entry for the server name to point to the new IP.
    5. Repeat the process in step 3 to edit the Management Server List for the SEPM on the old server.
    6. Allow all client machines to check into the old server at their regular interval.
    7. As they check into the new server there will be a green dot next to each client that is reporting properly.
    8. Once the clients have switched to the new server the old server can be decommissioned or uninstalled.
    9. Any remaining SEP clients that can not check in during this time should have their communications file updated using the SylinkReplacer utility.  Details can be found in Using the "SylinkReplacer" Utility 


Legacy ID


Article URL

Terms of use for this information are found in Legal Notices