Hot to move SEPM from one server to another server.
Hi,
There are multiple scenarios which we should consider while moving SEPM from one server to another server
1) SEPM is having same hostname and IP address
If the SEPM server keeps the same IP and host name, you can refer to "Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager"
SEP 11.x: http://www.symantec.com/business/support/index?pag....
SEP 12.1: http://www.symantec.com/docs/TECH160736
This solution is longer to implement but the new SEPM will be an exact copy of the current one.
2) SEPM server has a different IP and same hostname
OR
SEPM server has a same IP and different hostanme
In this scenario as well we need to follow disaster recovery
SEP 11.x: http://www.symantec.com/business/support/index?pag....
SEP 12.1: http://www.symantec.com/docs/TECH160736
Symantec Endpoint Protection clients will be able to reach the new SEPM using either unchanged IP or hostname. Management server list will then be updated accordingly and sent automatically to clients.
3) SEPM server has a differenet IP and different hostaname.
If the new SEPM server has a different IP and host name, there are two alternatives:
1. Use replication to install a new SEPM and keep the policy the same with old SEPM. See "How to move Symantec Endpoint Protection Manager from one machine to another"
http://www.symantec.com/business/support/index?page=content&id=TECH104389
Note: Replication is an option, if you do replication and remove the old server that is the Primary SEPM, in future if you want to do replication you will not be able to do so.
2.Follow disaster recovery method & Create a new MSL.as per following
- Follow "Best Practices for Disaster Recovery with Symantec Endpoint Protection" (see Related Articles below) to backup and reinstall SEPM on MACHINE_2
- Log in to the old SEPM on MACHINE_1
- Click Policies > Policy Components > Management Server Lists > Add Management Server List
- Click Add> Priority and a new Priority would get added named as "Priority2"
- Add MACHINE_1 under Priority 2 and add MACHINE_2 under Priority 1, and assign this New Management Server List to all the groups.
- Clients will then move from old SEPM to new one gradually
- Stop the "Symantec Endpoint Protection Manager" and "Symantec Embedded Database" service on MACHINE_1 to verify whether all client now report to the new SEPM on MACHINE_2
- Once verified that all the clients are reporting into the new SEPM, and have moved away from the old one, proceed to the next step.
- Uninstall SEPM from MACHINE_1
OR
Install a new fresh SEPM, then use the Sylink.xml file to establish the communication between new SEPM and the existing SEP clients with the help of Sylink replacer tool.
This option is effective if having limited number of clients in the network.
Helpful Publick KB Articles:
SEP 11
How to move Symantec Endpoint Protection Manager from one machine to another
http://www.symantec.com/docs/TECH104389
SEP 12.1
How to move Symantec Endpoint Protection Manager 12.1 from one machine to another
http://www.symantec.com/docs/TECH171767
Related Articles:
Best Practices guide for moving the Symantec Endpoint Protection Manager SQL Server database from one drive to another on the same machine
http://www.symantec.com/docs/TECH106213
Best Practices guide to moving the Symantec Endpoint Protection Manager SQL Server database from an existing SQL Server database to a new SQL Server database
http://www.symantec.com/docs/TECH104723
Best Practices guide to moving the Symantec Endpoint Protection Manager SQL Server database from an existing SQL Server database to a new SQL Server database
http://www.symantec.com/docs/TECH167300
I hopt it's been informative.
Comments 14 Comments • Jump to latest comment
HI Chetan,
+1 Vote for artical
This artical will be provide good information :)
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Hello everyone,
Please share your experiences/followed methods with reference to moving SEPM from one server to another server.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
if i have server private keys of 11.6 A version and dont have database , can i do disaster recovery on 12.1 Mp 1 with using old domain id(old sylink.). it will work or not.please explain. or call 9821401895.
Hi,
It will work if certificates are matching with SEP clients.
If you do not have a database backup to restore
You can perform a disaster recovery without a database backup, but the following points apply in this case:
Check this article last para for more info :http://www.symantec.com/docs/TECH160736
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
i am not understand that your point (It will work if certificates are matching with SEP clients) .
if privatekeys are letest then it work or not ? after chenge in (editing "scm.agent.groupcreation=true")
.
Hi,
You should test the connection by importing certificate. It should work.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Hi Rupesh,
You found any success with this?
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
i will update you soon.
i have checked on my one server with 70 clients but not get success.
Hi Rupesh,
Thanks for the update.
You can use Sylink replacer tool to restore the communication.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Hiiii Chetan,
i have found success on 12.1 ru2 version, i have total 65 SEP Client on 1 server and i have server sertificate of 11x version sepm server .
i have done disaster recovery with using domin id and i have change setting in conf.properties and "scm.agent.groupcreation=true" and after that. i have update server cerificate then it is working and now around 54 SEP clients connected and online with new server ru2 version.
now my question is is there need to change setting "scm.agent.groupcreation=true" to "scm.agent.groupcreation=false" again.
please answer me.
Hi Rupesh,
You should revert back the settings.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
thanks Chetan for valuable artical +1
Thanks !!!
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Would you like to reply?
Login or Register to post your comment.