Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Adding additional Endpoint Servers post install/rollout

Created: 16 Sep 2013 | 10 comments
jjesse's picture

Drawing a blank here (maybe it is because its a Monday)...  I want to roll out a group of Endpoint agents today but I know in the future I will have additional servers based on some infrastructure change.  How can I add the additional server(s) into the Endpoint list post installtion?

Example:  Right now I have 2 Endpoint Servers (Chicago and London) that manage respectively the agents in North America and Europe.  I want to start deploying the agents today, but I know in the future I might add Sao Palo to manage computers in South America.  Can I add this new file server post deployment or do I have to redeploy these agents?

Operating Systems:

Comments 10 CommentsJump to latest comment

fivelakes's picture

J,

Have you tried updating the agentinstall.msi package with the new ep servers and pushing that out to the agent(s) to test?  Great question, never tried it myself but this is where I would start.  

jjesse's picture

No I haven't tried this, just trying to figure out if possible.  The goal would be to not push out the MSI again, especially if I have a lot of computers that I need to update or change.  I guess I'll call support

Jonathan Jesse Practice Principal ITS Partners

fivelakes's picture

can you post here what the solution is or resolution?  I have heard that the EPA is going through massive changes and this could be one of them (it makes sense) so maybe they have a way to do it now that isn't published.  Thanks!

jjesse's picture

Sure will do, opened up a support ticket earlier this morning so waiting to hear back

Jonathan Jesse Practice Principal ITS Partners

Keith Reynolds - ExchangeTek's picture

There's no magic pill for this.  If you're going to be changing the primary, secondary, or tertiary endpoint server for deployed agents en masse, you're best bet is to redeploy the agent through whatever software distribuition mechanism you use.

While you can change/add Endpoint aggregators to agents via the DLP console, you can only (a) do it to one agent at a time, and (b) it will only work for agents that are currently online.

I suspect support is going to tell you pretty much the same.

My thought as far as an enhancement here would be to allow a user to change/add the Endpoint aggregator on multiple machines at once through the console.  Essentially, allow the user to submit a "job" to change the aggregator on X number of agents, give the job a timeout of y hours/days, then provide a log or other report to highlight agents that could not be updated with the new aggregator(s) because they could not be contacted within that timeout threshold.

~Keith

jjesse's picture

Keith and crew,

The note from support is that once the server is registered w/ the Enforce console you can manually change the server it is assigned to.  In 11.x+ the Endpoint agent does not need a registry change or anything, previous version required a registry change at all.

Still waiting to see if this is possible to do automatically.  I thought at one time there was a way to do this through Altiris in the integrated component, but maybe I'm remembering incorrectly.

Jonathan

Jonathan Jesse Practice Principal ITS Partners

jjesse's picture

So this was resolved via a coworker and leverages the update_configuration tool

https://www-secure.symantec.com/connect/articles/changing-server-dlp-endpoint-agent-automatically-communicating

Jonathan Jesse Practice Principal ITS Partners

fivelakes's picture

the link says it's restricted just in case someone is trying to view the solution.  

jjesse's picture

Ah the article that I created wasn't published yet

Jonathan Jesse Practice Principal ITS Partners

AnkurMishra's picture

Hi Jjesse,

Could you please share or mail the details? Look like your post is not available or we dont have right link.

https://www-secure.symantec.com/connect/articles/changing-server-dlp-endpoint-agent-automatically-communicating

Thanks,

Ankur