Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Adding a remote client to a moved SEPM server

Created: 12 Aug 2013 • Updated: 05 Sep 2013 | 14 comments
Dhanushka's picture
This issue has been solved. See solution.

Hello all

We have moved a SEPM SBE 12.1.3 installation to a different system.

Since we had alot of issues in the past with the methodology of restoring the existing database from the old SEPM server to the new one .So for this move we created a new database on the new system and pushed the communication package to all LAN based clients and that worked like a charm.

There is one remote system (a desktop based at a remote office) which is connected to the old SEPM.This is not a domain based system and this system is on a completely different subnet at the remote office so we are unable to push the communication package.

1. If we email the whole communication package and if the use at the remote site can execute the package will that be sufficient to add the remote pc to new SEPM?

2. If not please do let us know how we can add this remote pc to new SEPM.

Please note that this is a SBE version so not all bells and whistles available with the Enterprise version are not available.

Thanks

Dhanushka

Operating Systems:

Comments 14 CommentsJump to latest comment

.Brian's picture

You can do the same thing, just replace the sylink file on the remote clients. The clients just need to talk to the sepm over port 8014.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

Attach the Sylink.xml file in an email.

ask the user to follow this step or this document

  1. Stop the SMC service by going to Start > Run > type in > smc -stop.
  2. Once the service is stopped copy the attached sylink.xml file to

      "\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\<current_install_build_number>\Data\Config"

For Windows 7/2008/vista :

C:\Users\All Users\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Config

  1. Replace the existing file and restart the SMC service with Start > Run > smc -start

How to change the sylink.xml file in Symantec Endpoint Protection (SEP) 12.1

 

http://www.symantec.com/business/support/index?page=content&id=TECH157585

Dhanushka's picture

Thanks for the responces Brian and Rafeeq.

The main problem is this new SEPM is on a VM and port 8014 is not getting redirected to the VM.Is it a must to open port 8014 to the internet?

Also instead of client manually replacing the sylink file is it not worth to send the communication package?or is it not going to cutout in this situation?

Dhanushka.

.Brian's picture

I would not open 8014 to the Internet, you would need a SEPM in your DMZ instead. You could just replace the sylink however since this is a true remote site, I would be cautious of opening up 8014.

How many clients are we talking about at the remote site?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

How does it connect, via VPN?

Some options are outlined here:

Managing remote clients

Article:HOWTO55290  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55290

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Dhanushka's picture

The issue is location awareness is not available for SBE .

As far as I know this pc VPN in but its also configured to get updates on its own.All this is based on the info I received because the original setup was not done by myself.

.Brian's picture

It's not worth it to put a SEPM in the DMZ to manage a single client.

If the PC cannot VPN in, I would create a separate group and configure and apply the policies that you need. Than create a brand new package using the new setup you just configured, and send it off to the client to be installed.

If the client can VPN in than you will just need to replace sylink to get it pointed to the new SEPM. Once VPN'd in, it should be able to contact the new SEPM over 8014. You can also create a new group to manage this client as well.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
Dhanushka's picture

Brian

Many thanks for the provided options.

Will try out the last option since its the one contains minimal changes to both server/client and will let you know the outcome.

Dhanushka

.Brian's picture

Sounds good, let me know how it goes.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Dhanushka's picture

Sorry for the delay but had to attend to few other urgent issues.Will give an update as soon as possible

 

Dhanushka

.Brian's picture

Any update?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Dhanushka's picture

Still none.We are still awaiting a responce from the client.

 

Dhanushka

Dhanushka's picture

Hello ,

we will have not  received any feedback but the tests performed on our test lab showed the method that we tried works without any issues.

Thanks for everyone s input and support and a special thanks for Brian for his assistance on this issue.

Regards,

Dhanushka