Endpoint Protection

 View Only
Expand all | Collapse all

behaviour question

  • 1.  behaviour question

    Posted Jun 17, 2014 05:36 AM

    Hi there,

    I have a question about certain behaviour of a SEP client.
    We have images using an older SEP client, this SEP client in the images has communication settings pointing to SEPM's no longer existing.
     

    I would like to know what will happen to this SEP clients, will they find there way to the new SEPM's automatically?

    Thanks,

    LEVD



  • 2.  RE: behaviour question
    Best Answer

    Posted Jun 17, 2014 05:42 AM

     Would like to know what will happen to this SEP clients, will they find there way to the new SEPM's automatically?

    No you need to point your sep client to New SEPM server by replace sylink.xml

    How to restore/retain client-server SEP communication using custom installation settings without having to use the sylink drop tool on SEP 12.1

    Article:TECH173377 | Created: 2011-11-01 | Updated: 2012-07-28 | Article URL http://www.symantec.com/docs/TECH173377

     



  • 3.  RE: behaviour question

    Posted Jun 17, 2014 05:48 AM

    Thumbs up to the above yes

    The SEP client in the old image will not automatically search for, and connect to, any SEPM other than that orignally configured.

    For any new machines delpoyed from the image containing the old SEP client, you'll need to follow the article James posted to re-point them at your current/new SEPM.

    The recommended process however, would be to update your images to include a current SEP Client instead.



  • 4.  RE: behaviour question

    Posted Jun 17, 2014 05:50 AM

    You might find this handy too:

    http://www.symantec.com/docs/TECH92556



  • 5.  RE: behaviour question

    Posted Jun 17, 2014 06:21 AM

    If you're on 12.1.2 or higher, you can use the SEPM to replace the sylink, see here:

    Restoring client-server communications with Communication Update Package Deployment



  • 6.  RE: behaviour question

    Posted Jun 17, 2014 06:36 AM

    Na, your clients will not find out new SEPM automatically, 

    Clients communicate with SEPM using Sylink.xml file, this file has SEPM IP address and communication port, smc.exe will read this file ( based on heartbeat) to check for any new policy or updates.

    if your SEPM is replaced or does not exist, clients will still try to connect your old sepm as it has the sepm details in the sylink file, The easiest way is to use the communication deployment wizard to push out new sylink so that clients get hooked to the new sepm.

    if you are in 11.x u need to use the sylink replacer utility

     



  • 7.  RE: behaviour question

    Posted Jun 17, 2014 08:06 AM

    Is it also possible to make a dns entry like:

    Old SEPM server --> IP new SEPM server ??



  • 8.  RE: behaviour question

    Posted Jun 17, 2014 08:07 AM

    If that old SEPM is already off that client was connected to, only way is to replace sylink to point to new SEPM...otherwise it has no way to see the new SEPM and register with it...so changing DNS won't help.



  • 9.  RE: behaviour question

    Posted Jun 17, 2014 08:14 AM

    na, if you take a closer look at the sylink.xml apart from ip address and port number it will have a certificate from that particular SEPM, Even If I install another SEPM with same IP and port, clients wont communicate because that certificate would be  differnent



  • 10.  RE: behaviour question

    Posted Jun 17, 2014 08:17 AM

    Potentially...

    It depends on how the new server was created.  If the new SEPM was created using the old SEPM's certificates and details (by following the DR processes), then yes a simple DNS alias will work.  If however, the new SEPM was created anew, then it won't work.

    Either way, I'd still recommend updating your images to include a correctly configured client running a current version of the software.



  • 11.  RE: behaviour question

    Posted Jun 17, 2014 08:23 AM

    You guys are right, thanks for the help.

     

    Will update my old outdated images :)

     

    Thanks,

    LEVD