Endpoint Protection

 View Only

  • 1.  After DB migration and new SEP install, the client cannot get update (green dot)

    Posted Feb 23, 2010 08:27 AM
    Hi All,

    I’ve just successfully migrated my SQL Server (SEM5) Database into new database server, what I wanted to achieve is to totally migrate the SEP Mgr. and its database into new server. I'm using Windows Server 2008 Std. x64 , SQL Server 2008 Std. x64 and SEP 11.0 MR5

    After the database migration, I install the SEP mgr. as new install and then by pointing to use the existing SEM5 DB instance in the new server it works OK, but then all of the client still trying to connect to the old server ?

    According to a posting in the internet somehow I must replace the sylink.XML in all of the client installation ? how can I do this for all of the client in my organization ?

    Thanks,
    Albert


  • 2.  RE: After DB migration and new SEP install, the client cannot get update (green dot)

    Posted Feb 23, 2010 08:31 AM
    use the sylink remote tool
    https://www-secure.symantec.com/connect/downloads/sylinkreplacer-tool-connecting-sep-clients-sepm
    there is a pdf read it.
    when  you installed new sepm, if you  replace the certificate your clients should communicate, which document did you follow, ? this one?

    https://www-secure.symantec.com/connect/forums/moving-endpoint-protection-management-another-server

     


  • 3.  RE: After DB migration and new SEP install, the client cannot get update (green dot)

    Posted Feb 23, 2010 08:48 AM
    In order to replace the sylink you can use Sylink Replacer or Sylink Remote



    If you have  the server certicate and keystroke.jks then follow the  section for Restoring the server certicate  and the Restoring client commuincation from the kb given below



  • 4.  RE: After DB migration and new SEP install, the client cannot get update (green dot)

    Posted Feb 23, 2010 08:49 AM
    I missed the link..

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007082112135948


  • 5.  RE: After DB migration and new SEP install, the client cannot get update (green dot)

    Posted Feb 24, 2010 01:15 AM
    Are you able to provide same IP address and host name to new SEPM?
    If yes do a disaster recovery according to below doc

    Best Practices for Disaster Recovery with Symantec Endpoint Protection

    If no go ahead with sylink replacer as told by earlier posters.


  • 6.  RE: After DB migration and new SEP install, the client cannot get update (green dot)

    Posted Feb 24, 2010 04:39 AM
    Hi Aravind,

    The IP address is the same, but the server name is different.
    Perhaps i can just create a CNAME for this matter ?


  • 7.  RE: After DB migration and new SEP install, the client cannot get update (green dot)

    Posted Feb 24, 2010 04:51 AM
    If your IP address is same change the computer name  to old name restore the certificates as per that doc followed by the database restore  and reconfigure the server all the clients should come back. 


  • 8.  RE: After DB migration and new SEP install, the client cannot get update (green dot)
    Best Answer

    Posted Mar 17, 2010 02:17 AM

    OK, here's an update for this case:

    TROUBLESHOOTING STEPS :
    1. Suggested to copy the server private key backup from the old server so that it can be replaced it.
    2. Imported the old server certificates.
    3. None of the clients came online.
    4. Used sylink replacer, and only able to fine only about 5 of the 40 clients
    5. Suggested to use sylink drop
    6. I used the silent switch on the sylink drop with GPO and updated 2 clients.
    7. Confirmed that the clients are communicating with the manager.
     
    RESOLUTION PROVIDED : Replaced Sylink on all the clients.


  • 9.  RE: After DB migration and new SEP install, the client cannot get update (green dot)

    Posted Mar 17, 2010 02:19 AM

    so it is a mixed of solution to make it communicate again with the client.

    the GPO startup script is to replace the sylink.xml file in every client.