Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEPM 12.1 Fresh install with Embedded database - graphical overview

Created: 27 Jul 2011 • Updated: 10 Jul 2013 | 51 comments
Language Translations
Chetan Savade's picture
+17 17 Votes
Login to vote

Updated on 10th July'13

 

Hello Everyone,

SEP 12.1 has two different "versions":

  • 12.1 Enterprise Edition (EE)
  • 12.1 Small Business Edition (SBE)

Note: You can use SQL database only with Enterprise Edition. Small Business Edition is only supported by using the embedded database. For more information, please review the System Requirements document:http://www.symantec.com/docs/TECH163806

 

Let's see the installation process:

Download Software from  https://symantec.flexnetoperations.com, it's a zip file & size is around 1.5 GB

Once the download finishes successfully, extract the contents of the compressed file to a location of your choice.

From SEP 12.1 RU1 onwards Symantec is giving an option to download full product in two parts i.e. par1 & part 2 or download individual files like SEPM setup, SEP 32 bit setup, SEP 64 bit setup, Tools as per requirement.

It gives more leverage to the Symantec customer to choose what he wants. In many cases it's seen that customer used to require only SEP setup and unnecessarily he had to download entire zip file which is around 1.5 GB in size.

Navigate to the extracted files, then enter the SEPM folder and double-click on setup.exe:

 

Setup Initilization process will start:

Welcome Page:

License Agreement Page:

Destination Folder. Click "Change" to install to a different folder:

Change Destination Folder if necessary:

Ready to Install:

Setup Progress:

Setup Completed

Ready for configuring the management server

New Splash Screen in SEP 12.1:

Welcome to the Management Server Configuration Wizard:

Default install admin page:

    

Default install Email server setup page:

Data Collection Page:

Default install Summary Page:

Now we will see with Custom configuration:

Select the required option depending upon number of clients in your network:

Select "Install my first site" because this is a fresh installation; the second and third options are for adding SEPMs to existing sites for failover, load balancing, or replication:

Change any port number that is in use already:

Select database type

Set your SEPM login password

Encryption password page (can be randomly generated, or user-defined):

Default install Email server setup page:

Data Collection Page:

Preparing database:

This process may take few minutes to create the new database.

Successful installation completed:

SEPM 12.1 login screen with new forgot password option..good to go with 12.1:

Let's summarize the difference between default configuration & custom configuration in brief.

Comments 51 CommentsJump to latest comment

Ciscoworld's picture

Hi,

Nice article for begineers !!!

-2
Login to vote
RSASKA's picture

You really explain SEP 12 quite well. And screenshots are a PLUS. As they say, "a picture is worth a thousand words."

The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.

 

+1
Login to vote
Chetan Savade's picture

Hi RSASKA,

Thanks for your comment.

For more differences about SEP 12.1 check following links as well

https://www-secure.symantec.com/connect/articles/feature-differences-between-sep-11x-and-sep-121

https://www-secure.symantec.com/connect/articles/enable-save-username-password-option-121

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
SAM_SHAIKH's picture

Hi Chetan,

 

Good work.

Rgrds,

SAM

-2
Login to vote
Symantec World's picture

Hi Chetan...

 

Thanks for this man....

Regards, M.R

-2
Login to vote
techshan's picture

Hi Chetan

 

Good and great information .....

Thanks & Regards

 

S.Swaminathan

-2
Login to vote
divyesh pillay's picture

Hey....

Good one......

-2
Login to vote
Chetan Savade's picture

Thanks Everyone !!!

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

-2
Login to vote
Rajeshm's picture

Can you please suggest how to install an additional management server to an existing site.

I had tried to install it is asking me the "DBA Password" if possible can you please provide me the steps.

 

Regards,

Rajesh

-2
Login to vote
pete_4u2002's picture

can you pass on the screenshot?

which option did you select while installing?

-2
Login to vote
Rajeshm's picture

Hi Pete

We am trying to use "Install an additional management server to an existing site" for more details please go through the attcahment

After going ahead it ask for the DBA password

If possible can please send the link were the steps is mentioned how to install the same by step by step.

Regards,

RajeshM

Symantec.jpg
-2
Login to vote
Rajeshm's picture

Hi Pete,

Thanks for your quick reponse but i am not able to compelte the installation it is giving the password error.

Can you please suggest what will be the follwing

  • Database server\instance_name---------> will be the new server name or the main server .
  • SQL server port-----------> Port will 1433.
  • Database name-----------> My database name is sem5 (if it is wrong then how to the same)
  • User---------------> sem5 or it will be DBA.
  • Password-------------> password will the same which i use to login on my main SEPM server right.
  • SQL Client folder (on the local computer)---------->C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn (this is my new server path)

For error please find the attachement

Regards,

Rajesh

Symantec error1.jpg Symantec error2.jpg
-1
Login to vote
pete_4u2002's picture

  • Database server\instance_name---------> will be the existing SQL server name .
  • SQL server port-----------> Port will 1433. if you have set to default
  • Database name-----------> My database name is sem5 (if it is wrong then how to the same)
  • User---------------> sem5
  • Password-------------> sem5 password
  •  

0
Login to vote
Rajeshm's picture

Hi Pete,

Thanks for the help

Please suggest on below mention point.

  • Can we install Symantec Endpoint Protection Manager 12.1.1 on multiple location?
  • If yes then does we require that much licenses for Endpoint Proctection Manager?
  • If we are installing SEPM on Multiple Location then it can be managed by the main server? (for eg: Suppose we are having 3 SEPM server A,B & C.)
  • A is the Main server which download all the Upadtes & Policy, then it will send all the updates, policy to B&C.
  • If Our links go down between A & B then B should take update automaticly from Internet (by Data Card) is it possible if yes the how to do the same & what will be the steps?

Regards,

Rajesh

0
Login to vote
Chetan Savade's picture

 Hi Rajesh,

I would like to answer the following questions:

Q. Can we install Symantec Endpoint Protection Manager 12.1.1 on multiple location?

--> Yes we can install SEP 12.1.1 on multiple location

Q. If yes then does we require that much licenses for Endpoint Protection Manager?

-->  Can a single license be split between multiple separate Symantec Endpoint Protection Managers?

http://www.symantec.com/docs/TECH164392

Check this article for more details: http://bit.ly/K56HXM

Q. If we are installing SEPM on Multiple Location then it can be managed by the main server? (for eg: Suppose we are having 3 SEPM server A,B & C.)

--> Embedded database supports 5000 clients, If replication is configured then you can manage it from the main site. Failover & load balancing is not possible with Embedded database.

Failover and load-balancing is possible with SQL database only.

http://www.symantec.com/business/support/index?pag...

http://www.symantec.com/docs/TECH105928

Q. A is the Main server which download all the Upadtes & Policy, then it will send all the updates, policy to B&C.

--> It's possible to configure, however bandwidth can be a major concern here if other sites are over the WAN link. We do recommend GUP if WAN links are present.

Q. If Our links go down between A & B then B should take update automaticly from Internet (by Data Card) is it possible if yes the how to do the same & what will be the steps?

--> When you configure failover & load balancing / replication in that scenario if any SEPM goes down clients check available servers in the MSL (Management Server List)

Creating and assigning a management server list for a Symantec Endpoint Protection Manager

http://www.symantec.com/business/support/index?pag...

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
ThaveshinP's picture

What is the embedded database for SEP 12 - mySQL or Sybase?

-2
Login to vote
Rajeshm's picture

Hi Chetan,

Thanks for the answers

Regards,

Rajesh Menon

-2
Login to vote
Rajeshm's picture

Hi Chetan,

I am having a SEPM server with 600 client now the problme is that our server is getting hang due to some hardware problem, so we are planning to move SEPM manager to a new hardware.

I am having some query regarding the same which follow

  1. How to take backup of extising SEPM & how to restore.
  2. How to take policy Backup & how to restore.
  3. If I am taking the full backup of SEPM & restoring the same into new Hardware the all my 600 Clients will come automatically if yes then to do this steps.
  4. If I need to take any other backup also then kindly let us that also.

Regards,

Rajesh Menon

-2
Login to vote
Mithun Sanghavi's picture

Hello,

In your case, you are moving the SEPM to a new Server.

I would suggest a look into this Article:

How to move Symantec Endpoint Protection Manager 12.1 from one machine to another

http://www.symantec.com/docs/TECH171767

I would also suggest you to check this Thread with similar issue - 

https://www-secure.symantec.com/connect/forums/how-move-sepm-one-server-another-different-ip-address-and-host-name

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

-2
Login to vote
pete_4u2002's picture

 

are you referring to SEPM 12? if yes, you need to follow the DR steps.

http://www.symantec.com/docs/TECH160736

  1. How to take backup of extising SEPM & how to restore.

the article above will help

 

  • 2. How to take policy Backup & how to restore.
  • no need as the DB will have all the information.
  •  
  • If I am taking the full backup of SEPM & restoring the same into new Hardware the all my 600 Clients will come automatically if yes then to do this steps.
  • the above link explains it again.
  •  
  • If I need to take any other backup also then kindly let us that also.
  • DR is the best way to go ahead with.
+1
Login to vote
Rajeshm's picture

Hi Chetan,

1) Our link is down between A & B location, Now the problem is our SEPM Server is at "A" location & "B" location user are not able access https sites as they are not able to connect the server so it is getting blocked by rule & all "B" location user is connected with MTNL router & there IP Address is also changed.

2) We have disabled all option for end user so that they cant make any changes in Symantec AV. Now the problem is that we have to allow some of the https sites for user

3) In this scenario how can we allow all the https sites.

Please help

Regards,

Rajesh Menon

 

-2
Login to vote
Chetan Savade's picture

Hi Rajesh,

I have sent PM to you.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
harvansh Singh's picture

Hi Chetan,

Realy, its a greate job.....

Please provide SEP 12.1 Fresh install with SQL datebase- graphical overview.

Regards

Harvansh Singh

Regards

Harvansh Singh

-2
Login to vote
Chetan Savade's picture

Hi,

It's already available.

Check this link: https://www-secure.symantec.com/connect/articles/sepm-121-fresh-installation-sql-database-graphical-overview

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
Ambesh_444's picture

Nice one Chetan.

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

-2
Login to vote
Eddie T's picture

Very good document.  I have a question, which as my research is proving out, has no clear answer.

I have the following:

SERVER1 - Existing SEPM 11 computer. WinXP 32 Bit. 1 gig RAM.

SERVER2 - New Win7Pro 64 Bit. 4 gig RAM.

I want to install SEPM 12 on SERVER2 as a fresh install, but move over licenses and clients from SERVER1.

I have found plenty of information on replicating a server with identical SEPM versions, or upgrading an existing SEPM 11 to 12.  However, nothing specifically on setting up a completely new computer with a new SEPM installation and retaining the licensing and client information from the old computer.

This setup is NOT for failover or load balancing.  It's a complete replacement of our existing SEPM server.  I plan on shutting down SERVER1 since it's so old.

0
Login to vote
Chetan Savade's picture

Thanks Eddie T,

As you mentioned there is nothing specifically on setting up a completely new computer with a new SEPM installation and retaining the licensing and client information from the old computer.

Because it's not possible to restore SEPM 11 database into SEPM 12.1 due to schema changes.

If have limited number of clients then best option would be a fresh install of SEP 12.1 RU2 (latest version) on Windows 7 64 bit. Restore the client communication using SEP 12.1 RU2 new feature "Communication update package deployement"

Refer this article: SEP 12.1 RU2 and Reset Client Communication

https://www-secure.symantec.com/connect/articles/s...

Have a look at this article also: Hot to move SEPM from one server to another server.

https://www-secure.symantec.com/connect/articles/h...

 

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

-2
Login to vote
Mick2009's picture

"Thumbs up" - just adding a helpful cross-ref to a video illustration:

Symantec Endpoint Protection Manager 12.1 Fresh Install - Embedded Database
https://www-secure.symantec.com/connect/videos/symantec-endpoint-protection-manager-121-fresh-install-embedded-databse

With thanks and best regards,

Mick

-2
Login to vote
Rajeshm's picture

Hi Chetan,

Can you please help me out by givimg some points for Daily Server Chcek list.

What all points we have to check on daily basis.

Thanks,

Rajesh Menon

-2
Login to vote
Chetan Savade's picture

Hi,

Are you talking about generic server check list or looking for SEPM specific?

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
Chetan Savade's picture

Hello Everyone,

Previously we used to download the latest software from https://fileconnect.symantec.com  Now It has been changed to https://symantec.flexnetoperations.com.

Currently old URL is redirecting to the new one.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
Sudhakar Penki's picture

Really nice and most helpful for the Beginers

+1
Login to vote
Rajeshm's picture

Dear Chetan,

I having few problem regarding SEP on MAC OS (SEPM version is 12.1.1101.401 RU1 MP1)

  1. How to add MAC OS Setup in to Client Install Package in SEPM console step by step.
  2. On the DVD we are having a folder Saying SEP_MAC on that I am not able to find.PKG file to select & upload on the client.
  3. How to Install SEP Client on MAC OS Step by Step.

Regards,

Rajesh Menon

 

+1
Login to vote
Chetan Savade's picture

Hi Rajesh,

1) How to add MAC OS Setup in to Client Install Package in SEPM console step by step.

--> You can refer this article: https://www-secure.symantec.com/connect/articles/how-import-sep-11x-package-sepm-12

Only instead of SAVLegacy32.info you need to import SEPMacLegacy.info.

2 ) On the DVD we are having a folder Saying SEP_MAC on that I am not able to find.PKG file to select & upload on the client

-->  .PKG file is not required, you need SEPMacLegacy.info.

3) How to Install SEP Client on MAC OS Step by Step.

-->  Refer this video:Symantec Endpoint Protection Installation on Macintosh.

https://www-secure.symantec.com/connect/videos/symantec-endpoint-protection-installation-macintosh

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
Jain's picture

Dear Chetan,

I am solutioning a client for SEPM installation(Embedded DB). We have around 40 win servers spread in 2 DC . We need one SEPM in each DC (So totally 2 SEPM). Is it possible to configure Failover when Primary DC SEPM goes down and the Servers receives policies/updates from secondary.

If not what can be the good solution for this case.

If we go with SQL DB ,and the SQL server is present in Primary DC and when the connectivity is lost from Primary DC , how the Secondary SEPM works. Does 2 SQL is required in that case ?

PFA , the scenarion which we suggest now and Client is ready to give only 2 Servers for SEPM.

Please help on this.

SEPM.jpg
0
Login to vote
ajhay.siingh's picture

HI Sh. Jain,

I gone through your scenario you have 2 DC with 2 SEPM in each DC with one Primary SEPM and one failover server. As per your query the best archtect for your enterprize if all clients communicating both DC. 

In first DC you configure one Primary SEPM with SQL Databae on which all cleints will report to this SEPM including your secondary DC clients. In other DC you create failverover & replication SEPM with SQL Databae too, this will only act as failover & replication server, 

As your querry you said if your first DC link fail and loose coonectivrity, in this case pls install SQL in second DC SEPM. As soon as connectivity fails, all clients will move to second DC SEPM and no effect on connectivity. in best practive pls install failover SEPM with SQL Database if configuring failover SEPM with both SEPM. I have configured it and working fine. For bandwidth issue you configure GUP in remote sites. 

Regards,

Ajay Kumar Singh

singhkajay@gmail.com

Regards,

Ajay Kumar Singh (Consultant- Information Security)

 

 

0
Login to vote
Jain's picture

Thanks Ajay.

The requirement has been changed now. They already have Symantec CSP and now we need to migrate to SEP.

They need only one SEPM in each DC. So i have planned to give as below.

Install Primary SEPM in DC 1 with Embedded DB and make sure all 40 servers in 2 DC reports to this. And later Install another SEPM in DC 2 with Embedded BD and configure as replication partner.

In each DC i will make one server as a GUP.

Will this works good. In case if Primary SEPM goes down will all 40 servers communicate with Replication Partner at DC2 ? Can we manage this scenerio with NO SQL.

Please advise

0
Login to vote
ajhay.siingh's picture

HI Sh. Jain,

Yes, if primary SEPM down all clients will itself report to SEPM in Second DC, you need to configure MSL in primary SEPM. this will update to all clients sylink.xml file who reporting to this SEPM. for replication and fail over SEPM, if failover is in different subnet, recommended database is SQL. So I will suggest pls install SQL for failover and Replication SEPM between two DC's. Pls see following link.

http://www.symantec.com/business/support/index?pag...

 

Regards,

Ajay Kumar Singh (Consultant- Information Security)

 

 

0
Login to vote
Jain's picture

Thanks.

I guess both the DC will be in different subnet. If that is the case wont the Embedded DB setup i mentioned will not work. Should we really require a SQL or it is only recommened.

Should we require a separate server for SQL or can be done along with Primary SEPM server. If that's the case if Primary SEPM server wents down , how that works.

 

0
Login to vote
ajhay.siingh's picture

Hi Mr. Jain,

As I mentioned above, pls install SQL in both SEPM server in both DC, in case of failure any DC or SQL, client will keep reporting to working SEPM. If u configured SQL in seperate server in either site for SEPM, assume if primary DC loose connectivity, how ohter DC SEPM will keep working without SQL, so as per best practice, install SQL in both SEPM , not centralized SQL server.

Regards,

Ajay Kumar Singh (Consultant- Information Security)

 

 

0
Login to vote
Jain's picture

Hello Ajay,

Thanks for your quick response. I am finializing this solution. Please provide me some likns which helps for a Fresh Installation of SEPM with SQL in a same Server.

Thanks again.

0
Login to vote
Jain's picture

Hello Ajay,

Please suggest the steps which requires to Uninstall Symantec Critical System Protection which is already installed in all client machines.

Can this be done by SEPM in a single shot(uninstall CSP & Install SEPm client) or we have to do only manual un-installation ?

Does this requires rebbot ?

0
Login to vote
ajhay.siingh's picture

HI  Sh. Jain,

To install SEP on clients no need to remove another Antiviurs manually on clients, in symantec conosle --Admin---Install Package--Client Install Setting--under Tasks-- pls check option--Automatically uninstall existing security software.   you can create new package with this setting and push to clietns from Console using Domain Administrator id or if in workgroup with single Admin user and Pwd use this. 

And to install SEPM with SQL database James given the link above. Thumbs up James!

 

Regards,

Ajay Kr. Singh

 

Regards,

Ajay Kumar Singh (Consultant- Information Security)

 

 

0
Login to vote
Jain's picture

Hello Ajay,

But here , the client servers dosent have any AV installed. It is having symantec critical system protection.

As per few documents SEPM can unistall only 3rd party software and not CSP. please confirm.

So i have planned to uninstall CSP manually. Do we have any scritp to uninstall CSP.

Also when we push SEP clients from SEPM , will it require a reboot ?

 

Also my current secenrio is like 2 sepm servers which has its own SQL in same machine and act as HA.

What are the steps to configure secondary SEPM as failover pair.

0
Login to vote
James007's picture

See this if help

Command line syntax for silent installation, upgrade and removal of Symantec Critical System Protection 4.5

Article:TECH112860 | Created: 2005-01-24 | Updated: 2012-02-22 | Article URL http://www.symantec.com/docs/TECH112860
0
Login to vote
Jain's picture

Thanks James..........Will try when we start the process

0
Login to vote