Video Screencast Help

Change IP Address Of SEPM Computer?

Created: 03 Nov 2009 • Updated: 21 May 2010 | 4 comments

Hi.

I will need to change the IP address of the SEPM computer.  On 10.x I recall that this was an issue.  That the clients would have a problem seeing the SSC when the IP changed.

Is this still and issue with SEPM?

Also, is this an issue if I only have once client in place -- that is the client on the computer that is running SEPM?

What I'm trying to do is install the SEPM and client at my shop and get this all done here first and then roll it out to the client.  If I don't have to worry about matching IP's here in the shop that would be helpful.

Thanks.

Discussion Filed Under:

Comments 4 CommentsJump to latest comment

Bijay.Swain's picture

Changing Ip address is not allowed/sugested on SEPM as clients connect to the sepm through Ip address.

for other queries can you be a little clear as I am unable to understand what you want to do?

P_K_'s picture

Yes you are right . When the ip address of the SEPM is changed the clients will stop commuincating with SEPM
In this case you have to replace the sylink in order to restore the commuincation of clients with SEPM.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

P_K_'s picture

Even this may be helpful to you

How do I move Symantec Endpoint Protection Manager from one server to another with a different IP address and host name?

http://service1.symantec.com/support/ent-security.nsf/docid/2008031204405448

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

Ghent's picture

You can change the IP of the SEPM machine, the main problem is that clients will likely not know where the SEPM machine went. But there are several options you have to allow you to successfully change the IP address of your SEPM machine.

a) Move before deploying
I'm didn't completely understand your first post, but if you do not have any clients installed, or packages exported, before the IP is changed, there's no issue. In otherwords, if you deploy the client packages and clients AFTER the IP has changed, there's no issue. A note here about exported client packages. Exported packages contain the address of the server. So if you export a package and then move the server, that package will have the "old" address and will not be able to connect when you install it.

b) Enter the new IP ahead of time.
If you know the IP address ahead of time, create a Custom Managment Server List that contains both the old and new IP address.
You can create a list of servers ahead of time and assign it to the clients. The clients will try to connect to both addreses, and whichever one is working they will find it. This allows you to enter the IP address ahead of time, send it to your clients, and then move the server.
The down side to this is you have to make sure all you clients have the new policy before you move the server. In large networks that can be impractical. But in a smaller network this can work very well.
Another down side is, if you make a mistake in the addreses, it may be hard to fix the mistake after you move the server.

c) Use a domain name.
This is one of the best options, if you have the infastracture. Make a domain address, such as SEPM.MyCompany.Com. Assign this as the address of the SEPM server. Now, whenever clients try to connect, they will have to resolve SEPM.MyCompany.com to an IP address. When you move the SEPM server, simply update the DNS entry. This is one of the best ways to move your SEPM. I would recommend using a DNS address to anyone -- it makes things more flexible if you have issues later.

d) Use a proxy.
If the setup allows, a proxy is one of the most reliable ways to move your SEPM server.
What you do is setup any machine with the 'old' SEPM address and install an HTTP proxy on it. Have the HTTP proxy forward all traffic to the SEPM server. This way clients can still communicate. If you are using the Default Management Server List, clients will automatically get the new IP address and switch to using the SEPM directly instead of using the proxy. Normally this is called "Transparent Proxy".
You can also use this method for changing the SEPM port number.
If your using a Custom Management Server List, simply update the addresses in your Management Server List and clients will switch over.
What's great about the Proxy approach is it works in large networks. If someone took the laptop on vacation for a month, when they come back the proxy can still be inplace to forward them to the new servers address.

E) Replication
This is not normally appropriate, so I list it last. But if you want to move your SEPM onto a new box while you're changing the IP, simply create a replication partner. This means you have 2 SEPM servers installed at the same time and they are comumnicatin with each other. After the 2nd machine is setup, update the Server Management List to tell clients to go to the new server. You can then decommission the 1st SEPM server when all the clients have the updated address.

If things go wrong, you may have to replace the Sylink.xml file on your clients individually manually, or by using a script.
Option C, D and E are great because if something goes wrong, you shouldn't have to replace the Sylink file on your clients. You should still have a communication link to the clients and be able to update them from a central location.