Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How to move SEPM from one server to another server.

Created: 31 Oct 2012 • Updated: 03 Apr 2014 | 15 comments
Language Translations
Chetan Savade's picture
+16 16 Votes
Login to vote

Hi,

There are multiple scenarios which we should consider while moving SEPM from one server to another server

1) SEPM is having same hostname and IP address

If the SEPM server keeps the same IP and host name, you can refer to "Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager"

SEP 11.x: http://www.symantec.com/business/support/index?pag....

SEP 12.1: http://www.symantec.com/docs/TECH160736

This solution is longer to implement but the new SEPM will be an exact copy of the current one.

2) SEPM server has a different IP and same hostname

OR

SEPM server has a same IP and different hostanme

In this scenario as well we need to follow disaster recovery

SEP 11.x: http://www.symantec.com/business/support/index?pag....

SEP 12.1: http://www.symantec.com/docs/TECH160736

Symantec Endpoint Protection clients will be able to reach the new SEPM using either unchanged IP or hostname. Management server list will then be updated accordingly and sent automatically to clients.

3) SEPM server has a differenet IP and different hostaname.

If the new SEPM server has a different IP and host name, there are two alternatives:

1. Use replication to install a new SEPM and keep the policy the same with old SEPM. See "How to move Symantec Endpoint Protection Manager from one machine to another" 

http://www.symantec.com/business/support/index?page=content&id=TECH104389

Note: Replication is an option, if you do replication and remove the old server that is the Primary SEPM, in future if you want to do replication you will not be able to do so.

2.Follow disaster recovery method & Create a new MSL.as per following

  1. Follow "Best Practices for Disaster Recovery with Symantec Endpoint Protection" (see Related Articles below) to backup and reinstall SEPM on MACHINE_2
  2. Log in to the old SEPM on MACHINE_1
  3. Click Policies > Policy Components > Management Server Lists > Add Management Server List
  4. Click Add> Priority and a new Priority would get added named as "Priority2"
  5. Add MACHINE_1 under Priority 2 and add MACHINE_2 under Priority 1, and assign this New Management Server List to all the groups.
  6. Clients will then move from old SEPM to new one gradually
  7. Stop the "Symantec Endpoint Protection Manager" and "Symantec Embedded Database" service on MACHINE_1 to verify whether all client now report to the new SEPM on MACHINE_2
  8. Once verified that all the clients are reporting into the new SEPM, and have moved away from the old one, proceed to the next step.
  9. Uninstall SEPM from MACHINE_1
     

OR

Install a new fresh SEPM, then use the Sylink.xml file to establish the communication between new SEPM and the existing SEP clients with the help of Sylink replacer tool.

This option is effective if having limited number of clients in the network.

Helpful Publick KB Articles:

SEP 11

How to move Symantec Endpoint Protection Manager from one machine to another

http://www.symantec.com/docs/TECH104389

SEP 12.1

How to move Symantec Endpoint Protection Manager 12.1 from one machine to another

http://www.symantec.com/docs/TECH171767

Related Articles:

Best Practices guide for moving the Symantec Endpoint Protection Manager SQL Server database from one drive to another on the same machine

http://www.symantec.com/docs/TECH106213

Best Practices guide to moving the Symantec Endpoint Protection Manager SQL Server database from an existing SQL Server database to a new SQL Server database

http://www.symantec.com/docs/TECH104723

Best Practices guide to moving the Symantec Endpoint Protection Manager SQL Server database from an existing SQL Server database to a new SQL Server database

http://www.symantec.com/docs/TECH167300

How to move Symantec Endpoint Protection Small Business Edition (SEPM SBE) from one machine to another

http://www.symantec.com/docs/TECH183666

I hopt it's been informative.

Comments 15 CommentsJump to latest comment

Ashish-Sharma's picture

HI Chetan,

+1 Vote for artical

This artical will be provide good information :)

Thanks In Advance

Ashish Sharma

0
Login to vote
Chetan Savade's picture

Hello everyone,

Please share your experiences/followed methods with reference to moving SEPM from one server to another server.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+2
Login to vote
rupesh.naik45@yahoo.in's picture

if i have server private keys of 11.6 A version and dont have database , can i do disaster recovery on 12.1 Mp 1 with using old domain id(old sylink.). it will work or not.please explain. or call 9821401895.

0
Login to vote
Chetan Savade's picture

Hi,

It will work if certificates are matching with SEP clients.

If you do not have a database backup to restore

You can perform a disaster recovery without a database backup, but the following points apply in this case:

  • All policies must be re-created, or imported from other backups i.e. exported policy files.
  • Clients will be able to communicate with the SEPM but will re-appear in the console only after their next check-in.
  • Clients will reappear in the default group as they check in, unless you enable automatic creation of client groups on the re-installed SEPM by editing "scm.agent.groupcreation=true" to the conf.properties file.
  • If you originally had multiple SEPM domains beyond the default domain, you must re-create them using domain IDs from Backup.txt.

Check this article last para for more info :http://www.symantec.com/docs/TECH160736

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+2
Login to vote
rupesh.naik45@yahoo.in's picture

i am not understand that your point (It will work if certificates are matching with SEP clients) .

if privatekeys are letest then it work or not ? after chenge in (editing "scm.agent.groupcreation=true")

.

0
Login to vote
Chetan Savade's picture

Hi,

You should test the connection by importing certificate. It should work.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+2
Login to vote
Chetan Savade's picture

Hi Rupesh,

You found any success with this?

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
rupesh.naik45@yahoo.in's picture

i have checked on my one server with 70 clients but not get success.

0
Login to vote
Chetan Savade's picture

Hi Rupesh,

Thanks for the update.

You can use Sylink replacer tool to restore the communication.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
rupesh.naik45@yahoo.in's picture

Hiiii Chetan,

i have found success on 12.1 ru2 version, i have total 65 SEP Client on 1 server and i have server sertificate of 11x version sepm server .

i have done disaster recovery with using domin id and i have change setting in conf.properties and  "scm.agent.groupcreation=true" and after that. i have update server cerificate then it is working and now around 54 SEP clients connected and online with new server ru2 version.

now my question is is there need to change setting  "scm.agent.groupcreation=true" to  "scm.agent.groupcreation=false" again.

please answer me.

0
Login to vote
Chetan Savade's picture

Hi Rupesh,

You should revert back the settings.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
raju123's picture

thanks Chetan for valuable artical +1

0
Login to vote
Chetan Savade's picture

Thanks !!!

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
John Santana's picture

many thanks Chetan for sharing the steps here.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

0
Login to vote