Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey and tell us about your satisfaction level using Symantec Connect. One lucky winner will receive 500 Connect points!* Take the survey.

How to move SEPM from one server to another server.

Created: 31 Oct 2012 • Updated: 18 Feb 2015 | 91 comments
Language Translations
Chetan Savade's picture
+22 22 Votes
Login to vote

Hi,

There are multiple scenarios which we should consider while moving SEPM from one server to another server

1) SEPM is having same hostname and IP address

If the SEPM server keeps the same IP and host name, you can refer to "Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager"

SEP 11.x: http://www.symantec.com/business/support/index?pag....

SEP 12.1: http://www.symantec.com/docs/TECH160736

This solution is longer to implement but the new SEPM will be an exact copy of the current one.

2) SEPM server has a different IP and same hostname

OR

SEPM server has a same IP and different hostanme

In this scenario as well we need to follow disaster recovery

SEP 11.x: http://www.symantec.com/business/support/index?pag....

SEP 12.1: http://www.symantec.com/docs/TECH160736

Symantec Endpoint Protection clients will be able to reach the new SEPM using either unchanged IP or hostname. Management server list will then be updated accordingly and sent automatically to clients.

3) SEPM server has a differenet IP and different hostname.

If the new SEPM server has a different IP and host name, there are two alternatives:

1. Use replication to install a new SEPM and keep the policy the same with old SEPM. See "How to move Symantec Endpoint Protection Manager from one machine to another" 

http://www.symantec.com/business/support/index?page=content&id=TECH104389

Note: Replication is an option, if you do replication and remove the old server that is the Primary SEPM, in future if you want to do replication you will not be able to do so.

2.Follow disaster recovery method & Create a new MSL.as per following

  1. Follow "Best Practices for Disaster Recovery with Symantec Endpoint Protection" (see Related Articles below) to backup and reinstall SEPM on MACHINE_2
  2. Log in to the old SEPM on MACHINE_1
  3. Click Policies > Policy Components > Management Server Lists > Add Management Server List
  4. Click Add> Priority and a new Priority would get added named as "Priority2"
  5. Add MACHINE_1 under Priority 2 and add MACHINE_2 under Priority 1, and assign this New Management Server List to all the groups.
  6. Clients will then move from old SEPM to new one gradually
  7. Stop the "Symantec Endpoint Protection Manager" and "Symantec Embedded Database" service on MACHINE_1 to verify whether all client now report to the new SEPM on MACHINE_2
  8. Once verified that all the clients are reporting into the new SEPM, and have moved away from the old one, proceed to the next step.
  9. Uninstall SEPM from MACHINE_1
     

OR

Install a new fresh SEPM, then use the Sylink.xml file to establish the communication between new SEPM and the existing SEP clients with the help of Sylink replacer tool.

This option is effective if having limited number of clients in the network.

Helpful Publick KB Articles:

SEP 11

How to move Symantec Endpoint Protection Manager from one machine to another

http://www.symantec.com/docs/TECH104389

SEP 12.1

How to move Symantec Endpoint Protection Manager 12.1 from one machine to another

http://www.symantec.com/docs/TECH171767

Related Articles:

Best Practices guide for moving the Symantec Endpoint Protection Manager SQL Server database from one drive to another on the same machine

http://www.symantec.com/docs/TECH106213

Best Practices guide to moving the Symantec Endpoint Protection Manager SQL Server database from an existing SQL Server database to a new SQL Server database

http://www.symantec.com/docs/TECH104723

Best Practices guide to moving the Symantec Endpoint Protection Manager SQL Server database from an existing SQL Server database to a new SQL Server database

http://www.symantec.com/docs/TECH167300

How to move Symantec Endpoint Protection Small Business Edition (SEPM SBE) from one machine to another

http://www.symantec.com/docs/TECH183666

I hopt it's been informative.

Comments 91 CommentsJump to latest comment

Ashish-Sharma's picture

HI Chetan,

+1 Vote for artical

This artical will be provide good information :)

Thanks In Advance

Ashish Sharma

0
Login to vote
Chetan Savade's picture

Hello everyone,

Please share your experiences/followed methods with reference to moving SEPM from one server to another server.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+2
Login to vote
rupesh.naik45@yahoo.in's picture

if i have server private keys of 11.6 A version and dont have database , can i do disaster recovery on 12.1 Mp 1 with using old domain id(old sylink.). it will work or not.please explain. or call 9821401895.

0
Login to vote
Chetan Savade's picture

Hi,

It will work if certificates are matching with SEP clients.

If you do not have a database backup to restore

You can perform a disaster recovery without a database backup, but the following points apply in this case:

  • All policies must be re-created, or imported from other backups i.e. exported policy files.
  • Clients will be able to communicate with the SEPM but will re-appear in the console only after their next check-in.
  • Clients will reappear in the default group as they check in, unless you enable automatic creation of client groups on the re-installed SEPM by editing "scm.agent.groupcreation=true" to the conf.properties file.
  • If you originally had multiple SEPM domains beyond the default domain, you must re-create them using domain IDs from Backup.txt.

Check this article last para for more info :http://www.symantec.com/docs/TECH160736

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+3
Login to vote
rupesh.naik45@yahoo.in's picture

i am not understand that your point (It will work if certificates are matching with SEP clients) .

if privatekeys are letest then it work or not ? after chenge in (editing "scm.agent.groupcreation=true")

.

0
Login to vote
Chetan Savade's picture

Hi,

You should test the connection by importing certificate. It should work.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+2
Login to vote
Chetan Savade's picture

Hi Rupesh,

You found any success with this?

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
rupesh.naik45@yahoo.in's picture

i have checked on my one server with 70 clients but not get success.

0
Login to vote
Chetan Savade's picture

Hi Rupesh,

Thanks for the update.

You can use Sylink replacer tool to restore the communication.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
rupesh.naik45@yahoo.in's picture

Hiiii Chetan,

i have found success on 12.1 ru2 version, i have total 65 SEP Client on 1 server and i have server sertificate of 11x version sepm server .

i have done disaster recovery with using domin id and i have change setting in conf.properties and  "scm.agent.groupcreation=true" and after that. i have update server cerificate then it is working and now around 54 SEP clients connected and online with new server ru2 version.

now my question is is there need to change setting  "scm.agent.groupcreation=true" to  "scm.agent.groupcreation=false" again.

please answer me.

0
Login to vote
Chetan Savade's picture

Hi Rupesh,

You should revert back the settings.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
raju123's picture

thanks Chetan for valuable artical +1

0
Login to vote
Chetan Savade's picture

Thanks !!!

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
John Santana's picture

many thanks Chetan for sharing the steps here.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

0
Login to vote
BJHughey's picture

I understand this posting is over a year old...

To move from Server 2003 R2 to Server 2012 (in a 12.1 environment) IP's will remain the same, but the hostname will change.

1. I'll need to create a backup of the embedded DB

2. Stop replication

3. Restore the DB on the new server box

4. Create the replication 

That is all? It seems too easy...and if it seems that way, it usually isn't.

Thanks

+1
Login to vote
Chetan Savade's picture

If planning to migrate throgh replication method, no need to restore the database. Replication process will do the same.

I will suggest following method.

1) Install new SEPM

2) Start replication with old SEPM

3) After successfull replication, move all the client to the new SEPM by modifying Management Server List (MSL).

4) Once all the clients migrated successfully, decomission old SEPM.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
BJHughey's picture

Chetan,

Thank you for the reply.

We have not moved to 12.1.5 due to the replication issue that was reported with multiple SEPMs. Has that been resolved? I have not seen any documentation regarding that recently.

0
Login to vote
Chetan Savade's picture

Hi,

There is one knonw issue & KB article is available with solution.

Replication fails after upgrade to SEPM 12.1 RU5

http://www.symantec.com/docs/TECH225412

Total how many clients are in the network? Could you share the old server & new server details like Server OS, database size of existing SEPM, version, bandwidth etc.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
BJHughey's picture

It looks like that error is SQL related, only? So, it should not matter if we're using the embedded DB?

4,500 Clients~

Moving from Sever 2003 R2 to a Server 2012 box

Currently most of our machines are on 12.1.4. There are a few legacy machines that are being cleaned out.

SEPM console is 12.1.4104.4130

Sem5 DB size = 49GB

Our locations all have a dedicated T1

0
Login to vote
Chetan Savade's picture

Thanks for the update.

That error was for SQL only.

In your case first you will have to upgrade an existing SEPM to 12.1 RU5 because to initiate replication both the SEPM's should be on the same version.

Prior to upgrade be aware of new changes also, check this http://www.symantec.com/docs/TECH225587 

You should not face any problem however be always prepare with PLAN B to avoid undesirable situation.

Prior to start upgrade/replication take necessary backups.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
Itchley's picture

Hi,

I'm relatively new to Symantec Endpoint Protection.

I have a case in which the clients in a new domain operate with the SEPM (on Win7) in an old domain. The DomainController of the old domain is months ago shut down.

Hostname and IP-Adress will not be changed, only the FQDN changed like:
host.domainold.local --> host.domainnew.local

Here's the same procedure as described in the article to move with different hostname?
Or I can simply add the computer to the new domain?

Thx

Itchley

0
Login to vote
Chetan Savade's picture

You can follow the article to move with different hostanme. Client should be able to resolve new FQDN with IP address.

Let me know how it goes.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
Itchley's picture

OK,

I will do it so and report here after migration.

+1
Login to vote
v_sran's picture

Realy helpful artical !!

+1
Login to vote
Lebedev Dmitriy's picture

Hello.
Thanks for this article. It's help me to migrate new server. Used 3 situation

But i have some troubles.

SEP clients doesn't want connect to new server.

I create MSL for new server

120px_sepm1.PNG

In new SEPM i see that clients connected, but the values are always changing. When i open SEP client Troubleshooting Server is disconected. Only if i replace new sylink.xml by SyLinkDrop util client connected to new server. But i have 200 clients and replace sylink very bad idea ^_^

120px_SEPM2.PNG

In Admin-Server i see old SEPM, i delete it. But it's not help me.

120px_sepm3.PNG

Where i mistake?

0
Login to vote
Srinivas Rodda's picture

Hi,

Is there a seemless way of migration keep both the existing and new servers? and slowly making the old one redundant for decommission.

Am planning to migrate my SEPM server from Windows 2003 to 2012 R2 on a new box.

My current setup is as follows:

SEPM 12.1 RU5 server hosted on Windows 2003 SP2

Database : on a different SQL box (SQL 2012)

New Server: with Windows 2012 std R2

SEPM 12.1.6 may be.

Database: use the same existing DB on different SQL box.

is this possible without disrupting my old SEPM ?

Then slowly plan to migrate the client using SYLINK drop to change the communication settings on the clients.

are there any articles that i can refer to in doing this. please help !

Thanks!

0
Login to vote
Chetan Savade's picture

Hi,

Thank you for posting in Symantec community & would be glad to assist here.

" My current setup is as follows:

SEPM 12.1 RU5 server hosted on Windows 2003 SP2

Database : on a different SQL box (SQL 2012)

New Server: with Windows 2012 std R2

SEPM 12.1.6 may be.

Database: use the same existing DB on different SQL box.

is this possible without disrupting my old SEPM ?"

--> There are couple of ways to do this.

To suggest better option need more info from your end.

1) Total number of clients in the network

2) Are there any custom policies defined?

3) This is the catch "I do not have any replication setup right now.however once i move all the client to the new server i would like to setup replication using another SEPM  server hosted in a different site."

Note : If you wish to move SEPM from one machine to another with the help of replication, Replication is an option, decide whether to go or not. Beacuse if you do replication and remove the old server that is the Primary SEPM , in future if you want to do replication you will not be able to do so, Primary Server should always be present in the network for replication it's like Primary:Secondary relation.

See this article:

How replication works

http://www.symantec.com/docs/HOWTO55328

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
harshbarger's picture

I am looking to build a new SEPM for my company. We are currently running SEPM 12.1.4 on Server 2003 and I have built a new server running Server 2012 and was thinking about installing SEPM 12.1.6 on it.

What is the best way to go about migrating this? We have roughly 3,000 client machines and other SEPMs in other countries. I plan to decommision those and use only GUPs in those locations.

Right now the server will have a different IP address and different host name. There is also a secondary server that will act as a replication server.

0
Login to vote
Chetan Savade's picture

It's a good idea to use GUP's at remote sites. Prior to setup replication just make sure both the SEPM's on the same version, in your case first need upgrade existing SEPM to 12.1 RU6 version.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
harshbarger's picture

If I upgrade the SEPM to 12.1 RU6 will that require the clients to upgrade as well and have to restart? 

0
Login to vote
ℬrίαη's picture

You do not have to upgrade clients but it is recommended so that everything is on the same version across the board and they can take advanage of new features.

Yes, a restart would likely be required.

Click the "Mark as solution" link at bottom left on the post that best answers your question. This benefits admins looking for a solution to the same problem.

0
Login to vote
Chetan Savade's picture

Client upgrade is not required, only SEPM's to be on the same version to setup replication.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
BJHughey's picture

@Harshbarger

I did this move just a short while ago, as you can tell I was roughly in the same situation. I followed Chetan's instructions to the letter.

After installing 12.1.5 on the new server. I setup replication from the old server to the new server, I adjusted the MSL's and made sure the machines were pointing to my 2012 server as priority one. Once they were there, I was able to stop the services on the old servers to make sure everything stayed up. Once that was done, I decommed those old servers.

Best of luck!

0
Login to vote
Weslee's picture

I just made this account just to say thx for the really great article!

This really helped me in a great way!

0
Login to vote
Chetan Savade's picture

Thanks for the feedback. :)

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
amartinez5524's picture

Hello,

I fall under Scenario 3, where the new server has a different ip address and host name.

I installed the same version of SEP on the new server, 12.1.4, and follow the disaster recovery method & create a new MSL on the original server as instructed.

How long should it take for the clients to migrate to the new server? Is there a way to speed this up from the management console?

0
Login to vote
ℬrίαη's picture

Did you edit the MSL so that they go to the new one?

Clients should get the update on the next heartbeat in. How often is your heartbeat set for check in? This is what determines how quickly clients check in.

Click the "Mark as solution" link at bottom left on the post that best answers your question. This benefits admins looking for a solution to the same problem.

0
Login to vote
amartinez5524's picture

Hello,

Yes i created a new MLS and set the new server with priority 1.

I found what my problem was, i had not assigned the list to any client groups.

For anyone that wants detailed steps...

After creating the new 'Management Server List', Click on the new list to select it

Under the 'Tasks' section in the lower left click on 'Assign the List...',

I assigned it to all client groups and after several minutes clients started to communicate with the new server.

0
Login to vote
Chetan Savade's picture

Glad to know clients are communicating with the new server. Verify all the clients are communicating with the new server priro to decomission the SEPM.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
Phoenix80's picture

Hi

I kinda have scenario kinda similar to scenario 3 in your article. However I cannot access the existing SEPM console. I don't want to lose the connectioon to the existing clients. How would you advise to proceed.

The new server will have the same version of SEPM installed but hostname and IP address will be different.

0
Login to vote
Chetan Savade's picture

Why you can't access existing SEPM console?

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
RQD's picture

Hi Chetan,

I have a similar migration path as above but slightly different. 

We currently have a SEPM 12.1.4 run on Windows 2008 with embedded DB (Server1).  I have installed SEPM 12.1.6 (as a new site Server2) on Windows 2012 R2 and connect to the remote SQL 2012 DB on a cluster server.  I also have another Windows 2012R2 server for redundancy. 

  1. Server1, Server2, and Server3 have different hostnames and IP addresses.
  2. Can the embeded DB be restore to the SQL 2012 cluster and how?  Does SEPM 12.1.4 need to be upgrad to ver 12.1.6 first before backup and restore?
  3. What is the best practice for migration from server1 to server2?
  4. How can i setup server3 as fail-over or for redundancy?

Thanks in advance for your help.

RQD

0
Login to vote
Chetan Savade's picture

Hi,

Q. Can the embedded DB be restore to the SQL 2012 cluster and how?  Does SEPM 12.1.4 need to be upgrade to ver 12.1.6 first before backup and restore?

-->  In that case you need to do a fresh install of SEPM 12.1 RU6 & need to restore Embedded database into SQL database.

This article can be a reference guide: Symantec Endpoint Protection Manager: Moving from the embedded database to Microsoft SQL Server

http://www.symantec.com/docs/TECH102547

Q. What is the best practice for migration from server1 to server2?

--> As per requirements like new IP/hostname, old IP/New hostname etc, need to take approach accordingly.

Q.How can i setup server3 as fail-over or for redundancy?

--> First decide you want SEPM fail-over only or both SEPM & Database fail over.

In fail over case same SQL database will be shared by multiple managers, in replication SQL database will also replicated. For most robust design replication can be an option.

Go through these articles: 

About fail-over and load balancing

http://www.symantec.com/docs/HOWTO26809

About installing and configuring the Symantec Endpoint Protection Manager for fail-over or load balancing

http://www.symantec.com/docs/HOWTO26808

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
ekindseth@normalpl.org's picture

I recently finished migrating SEPM from a Windows 2003 server to a new Windows 2012 server through the replication process.  I have a few laptops that are rarely onsite, so they obviously have not started reporting to the new server yet.  What will happen if I remove the old SEPM before some of these start reporting to the new SEPM?  Would I need to uninstall and redeploy to those clients?

0
Login to vote
Chetan Savade's picture

Not necessary to unisntall and redeploy to those clients.

Can refer this guide: How do I replace the client-server communications file on the client computer?

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
ChadMarkley's picture

So I 've gone through this 5 times and I am still not doing it correctly. I am trying to migrate SEPM from a 2008 server to a new 2012R2 VM; different IP and Hostname. I am following the instructions "Moving SEPM from one machine to another" https://support.symantec.com/en_US/article.TECH104.... But in the DR instructions for 12.1, I am confused as to what steps I should be doing. Do I restore both the Recovery File AND the database? It seems to me that if I restore both those items that I will be essentially duplicating the server I already have online. I also can't figure out where I actually configure the replication. Do I install the new server into it's own site or as an additional server but in a new site, then setup the replication.

Hoping to get some clarification because I am just frustrated being at this for two days.

Thanks for the great article and all the help

Chad

0
Login to vote
BJHughey's picture

Chad,

You stated: 

"Do I restore both the Recovery File AND the database? It seems to me that if I restore both those items that I will be essentially duplicating the server I already have online."

Is this not what you want to do anyways? Although you're moving to a new server, you want the DB and all the information that's on the old one to be maintained so you're not starting over, right?

When I did this earlier this year, I installed SEPM on the 2012 VM and set up replication. I let that copy everything over to my new SEPM server and then I used an MSL to have all the machines point to that new server. Once I saw all the machines checking into the new SEPM server, I went and checked for legacy machines and machines that did not move over properly and remediated them manually. Once that was completed, I stopped the services on the old SEPM(s) that we had and made sure everything was on the up and up before decomissioning.

0
Login to vote
ChadMarkley's picture

Thank you for the reply! Don't mean to be stupid, but to clarify. I will setup the new server with no data in it. Then assoticate it to the existing server and replicate all the data over, correct? This in theory should push all the policies, database contents, etc from the existing server to the new one. This means I DO NOT do the DR method because I need both servers online because I am not yet ready to fully decomission the original server. Right?
 

0
Login to vote
Chetan Savade's picture

That's right.
 

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
Chetan Savade's picture

DR should be performed if there is a hardware failure OR If planning to perform DR on another machine need to remove existing machine from the network to avoid IP conflict.

To perform replication new server can be place at new site & existing site as well. It depends upon business requirements.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
Mani123's picture

Hi Chetan,

We have currently SEPM 12.1.6 (recently upgraded)on windows 2003 server. And now we would like to move it on 2012 R2 server with a new IP and host name. We created the new 2012 server, and trying to make it as Replication server.

 After entering the details like replication server name, default port, administrator username and password, As soon as I click Next, I get this error "Unable to connect to the server".

Could you please help me out to find the cause?

0
Login to vote
Chetan Savade's picture

Replication Server Name - The name or IP address of the remote Symantec Endpoint Protection Manager.

Replication Server Port - The default is 8443.

Administrator Name - The name that is used to log on to the console.

Password - The password that is used to log on to the console.

Refer this guide: http://www.symantec.com/docs/TECH104455

If still faced an issue post the screen-shot.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
Mani123's picture

I have cross checked everything is correct as per article.

Pleae see the screenshot.

Thanks,

sepm error.jpg

0
Login to vote
Chetan Savade's picture

Thanks for sharing screenshot, please follow the steps given in the following article:

"Unable to connect to the server specified" error during the replication of Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH106224

Above article is actually applicable for SEP 11.x product but no harm to try steps for 12.1 as well. Let me know how it goes or else can try to start look into the logs.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
Mani123's picture

Hi Chetan,

I went through the article provided and I am not able to adjust SEPM heap size. I only see the below in the specified location.

sep1.jpg

Thanks,

0
Login to vote
Chetan Savade's picture

Hi,

Try to create those string values manually. Also make sure Liveupdate is not running on primary SEPM while intiating replication.

If still not helped gather “Install Error” logs from New Site. Logs should be present under tomcat\logs folder on new site.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
harshbarger's picture

I ended up building a new server and have just been migrating all the machines over to the new one.

We are running into an issue now where if we put our citrix environment on it, it works for a couple days then starts looking back at the old server. Is there an explanation as to why this is happening?

0
Login to vote
Chetan Savade's picture

Make sure both the SEPM's have new server listed as a priority 1 under MSL (Management Server list).

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
harshbarger's picture

But if we are installing the new SEP client  that points to the new server on the the image, why is it even looking back to the old? 

0
Login to vote
harshbarger's picture

So. to be clear, I need to goto the old SEPM, and change the MSL to look at the new server as priority 1?

For the MSL, is that located under Admin -> Servers -> Local Site (AV)

It looks like there is a default. How would I change it?

0
Login to vote
Chetan Savade's picture

That's correct. Default MSL won't change. Create new MSL in the old SEPM & Assign new server IP address as a priority 1.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
harshbarger's picture

Great. I found the list. Once I assign new address. That will make all machines look at the new server. Will they begin showing there all the time? Then i can just kill the old server once they are all checking in?

Also will it put them in the same group or will I need to manage that on the new SEPM?

0
Login to vote
BJHughey's picture

Like Chetan said...once you create the new MSL and your machines check in* they will start pointing to the new server. When I did the migration, it probably took a few days for most of the machines to show up on the new server. I just let them do their thing. I then found ones that weren't moving over for one reason or another, and manually remediated those before decomissioning the old server.

The MSL doesn't define groups, only what server the clients are pointing to.

0
Login to vote
harshbarger's picture

What did you do about upgrading the client on the machines? Is it done automatically or do you have to push it.

0
Login to vote
Chetan Savade's picture

Upgrade is a different thing. Either you can push out new package or easiest way could be use of Auto upgrade feature.

Can refer the below article:

https://www-secure.symantec.com/connect/articles/sepm-121-auto-upgrade

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
Chetan Savade's picture

Most of the clients should migrate at new SEPM & after that stop SEPM services on old SEPM only.

Once all the clients migrated can decommission old SEPM.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
BJHughey's picture

Harshbarger,

You'll want to go to Policies, expand policy components, and then Management Server Lists. You should see your sites listed there, and you can add/remove management servers there.

0
Login to vote
harshbarger's picture

I have added the policy. It has been 2 days and nothing has moved over. Has something been done wrong?

manserver.JPGmanserver2.JPG

0
Login to vote
Chetan Savade's picture

Can you check MSL list on 1-2 clients by opening Sylink.xml file.

Try to stop SEPM service on the old SEPM and see if it makes any difference.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
Dennis Bos's picture

Hi,

Nice article!

We are migrating to a server with a differenet IP and different hostname (Option 3)

We used the methode: 2. Follow disaster recovery method & Create a new MSL.as per following

The clients are visible and online on both servers.

I’m stuck at step 6 of the description.

When we shutdown the old server the clients go offline.

The green dot on the SEP-icon in the tray of the client isn’t visible anymore. Also on the new server the appear to be offline.

Any suggestions?

0
Login to vote
Chetan Savade's picture

Thanks for the feedback.

On the old SEPM, create a new MSL & set the priority 1 & 2.

It should look like

Priority 1 --> New SEPM IP

Priority 2 --> Old SEPM IP

It means both the SEPM's will have the same priority. In short we are telling clients they should connect to the new SEPM. Once all the clients received latest MSL can stop SEPM service on old SEPM & let the client talk with the new SEPM.

Once everything verified can decommission old SEPM.
 

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
Dennis Bos's picture

Thanks for the reply! I already done that.

Where can I see to witch server a client is connecting?

0
Login to vote
Chetan Savade's picture

Did you create new MSL & assign it to all the clients? Open Sylink.xml file through Notepad to see the MSL listing.

All the clients should have new SEPM listed against priority 1.

Sylink file location is listed here:

http://www.symantec.com/docs/TECH165055

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
Hexnut's picture

Hi Chetan,

I am using your method to move my SEPM 12.1.6 MP3 on server 2003 to the same SEPM version on server 2012 R2 with a different hostname and different IP.  My business is 24 x 7 x 365.  I have nearly 500 SEP clients, many are laptops, some don't connect for 2 or 3 weeks at a time due to vacations, schedules etc.  Users do not have administrator rights on their machines. 

I have created the new MSL on the old server and created a new Test OU in AD to place test machines.  and assigned the new MSL to thie test AD group.  Once testing is done I will assign this MSL to all groups.  I have generated a new cert on the new server to allow the cert to match the hostname.  I've disabled secure communiction temporarily until all clients are communicating to the new server.  So far this is working very nicely.

Is there a way to determine from the SEPM server which server the client is connecting to?  I don't want to turn off the services on the old machine until I am certain that all of the clients are connecting to the new server. 

In the event that I turn off services on the old server and an old client is turned on, will a DNS CNAME on the ner server allow this client to migrate gracefully?

Will there be any issues on the clients when I enable secure communications in the future?

Many Thanks for this very helpful article!

Hex

0
Login to vote
Chetan Savade's picture

Hello Hex,

Actually in both the SEPM console should see clients with Green dots because they are directly connected. You just have to make sure all the clients have received latest policy which contains updates MSL list.

Q,In the event that I turn off services on the old server and an old client is turned on, will a DNS CNAME on the ner server allow this client to migrate gracefully?

--> If clients have received latest policy sylink.xml will be updated. Those clients will receive migrate gracefully. If clients haven't received latest policy won't migrate through DNS CNAME.

Will there be any issues on the clients when I enable secure communications in the future?

--> Ideally there shouldn't be but test it prior to decommision old SEPM 

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
Hexnut's picture

Is there a way to see from the new server which clients have connected without looking at the client machines?

Thanks.

0
Login to vote
Chetan Savade's picture

Login to the new SEPM console, under clients tab should have a list of all thh connected machines, if it's AD synch check particular Synch OU's.

 

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
Hexnut's picture

I have an issue with the new server, maybe this is due to creating a new cert on the new server or corruption in the policies or embedded database.

Many of the clients, consisting of versions 11.0 through 12.1.6608, most of them laptops which connect remotely and infrequently over VPN are connecting to the new server and getting green dots but the Policy serial number in the SEP Manger clients tab remains from the old server.  I am using the Policy serial number to determine which clients are successfully migrated as this number should match the new server.  I perform a Remote push of a new Communication package daily and the clients which receive this package are soon fixed (Policy serial number matches the new server at next heartbeat interval).

The problem is, many clients are not online during the push.

Is it possible to setup a scheduled task on the new server to run every 30 minutes or so that pushes the communication package to all clients listed in a text file?

If not, is there another solution?

Many Thanks!

Hex

0
Login to vote
Chetan Savade's picture

SEP 11.0 is end of life since long time so plan to upgrade those clients on priority & It's not possible to setup a scheduled task on the new SEPM to run check every 30 minutes & push out packages accordingly.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
BJHughey's picture

@Hexnut

When you're logged into the new server SEPM console, under clients, you should have a list of all the machines in your environment. If they have a green dot next to them, they're checking into that server, it it's a red arrow, they're checking into another server.

See this link for a breakdown of all the icons in SEPM.

https://support.symantec.com/en_US/article.TECH106...

0
Login to vote
ptech3369@gmail.com's picture

Hi Chetan,

I need couple of your advices. We have 2 servers 2008, one is SQL database and SEPM 11 and another server is failover cluster. We are going to migrate them into a server 2012R2. However, i have some doubts:

which of these scenarios can work

0
Login to vote
Chetan Savade's picture

Please make sure it's SEPM 11 OR SEPM 12.1 because SEPM 11 is end of life from long time. 

Also to suggest best option to go please provide following details

1) Total number of Clients per SEPM?

2)  Is there any existing Failover/loadbalancing or Replication in place between both the SEPM's?

3)  SEPM version details.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
ptech3369@gmail.com's picture

Hi chetan,

Thanks for your respond.

Here is the outline that i want to implement:

I have a server 2008 that has been installed by SEPM 11. I want to migrate SEPM 11 to a new server (different IP and different host name) through DR without losing client communication and then after migration, upgrade SEPM 11 to SPM 12.1.

However, as my frist experience i am not quite sure about the DR process:

The link below shows me how to prepare for DR

https://support.symantec.com/en_US/article.TECH102333.html

but i am not sure DR process

0
Login to vote
Chetan Savade's picture

Follow disaster recovery method & Create a new MSL.as per following. In case clients lost the connectivity can restore it by replacing Sylink.xml. 

  1. Follow "Best Practices for Disaster Recovery with Symantec Endpoint Protection" (see Related Articles below) to backup and reinstall SEPM on MACHINE_2
  2. Log in to the old SEPM on MACHINE_1
  3. Click Policies > Policy Components > Management Server Lists > Add Management Server List
  4. Click Add> Priority and a new Priority would get added named as "Priority2"
  5. Add MACHINE_1 under Priority 2 and add MACHINE_2 under Priority 1, and assign this New Management Server List to all the groups.
  6. Clients will then move from old SEPM to new one gradually
  7. Stop the "Symantec Endpoint Protection Manager" and "Symantec Embedded Database" service on MACHINE_1 to verify whether all client now report to the new SEPM on MACHINE_2
  8. Once verified that all the clients are reporting into the new SEPM, and have moved away from the old one, proceed to the next step.
  9. Uninstall SEPM from MACHINE_1

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
whizzard23's picture

Hi,

I am following option 2 where my new SEPM server has the same IP, but different hostname of the original SEPM server.

i.e.

Original Server:
SRV-SEP
192.168.1.100

New Server:
SRV-AV
192.168.1.100

I am therefore following the disaster recovery procedure for 12.1

Can you confirm if I should follow step 3 within the disaster recovery procedure and create the SEPBackup.txt file? If so, should I:

  • Include the IP address and hostname of the original server (SRV-SEP)?
  • Include the IP address and hostname of the new server (SRV-AV)?

Thanks.

0
Login to vote
Chetan Savade's picture

Is there any hardware failure? If not then I don't think you should follow step 3.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
whizzard23's picture

There isn't a hardware failure however my original server will be powered off so I can give the new server the same IP address.

0
Login to vote
Chetan Savade's picture

That's fine. You can perform DR without 3rd step.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote