Endpoint Protection

Hello,

I have the issue that I need to move thousands of clients from one SEPM infrastructure to a completely new SEPM infrastructure that has been installed newly. 

By pointing the clients to the new server within the Server Management lists will not work, because both SEPM infrastructures are sperated but i need to migrate them all to the same infrastructure.

I am not able to touch the clients because there is no "domain admin" available.

Has anybody played by using the same Domain ID at both infrastructures?

With SAV it was quite easy: Implement the server certivicates and move them per drag and drop....

Regards,

Christoph

If you're on 12.1.2 or higher you can do it from the SEPM

Restoring client-server communications with Communication Update Package Deployment

Otherwise, you can do it via GPO by replacing the sylink file with the one from the new SEPM

Hi,

Thank you for posting in Symantec community.

I would recommend to refer the following article.

Hot to move SEPM from one server to another server.

https://www-secure.symantec.com/connect/articles/hot-move-sepm-one-server-another-server

As you've noticed, a SEP Client from one SEPM cannot communicate with a different SEPM.  This is not down to the Domain ID alone (which can be manually adjusted when creating a new SEP Domain) but due to the SEPM's internal certificate as well.

I've posted the below several times over the forums as the most reliable waqy I've found of moving clients from one SEP estate to another.  Perhaps this will help (the steps are identical whether you're moving from one SEP estate to another, or changing a client from unamaged to managed):

https://www-secure.symantec.com/connect/forums/need-make-unmanaged-client-managed-client-must-be-done-remotely

Incidentally, if you don't have anything managed by the new SEPM yet, you may be able to get away with the below:

• Copy the "Server Private Key backup" folder from the old SEPM to the new one
• Import this cert into the new SEPM (under ADMIN -> Servers -> Highlight SEPM -> click "Manage Server Certificate"
• Copy Domain ID of the SEP Domain(s) on the old SEPM
• Create new Domains on the new SEPM with the same Domain ID(s)
• Try to redirect by MSL again

This assumes you've already got all the policies and groups all sorted out.  Plus, I'd still recommend going with changing the sylink file to migrate the clients if it were me.  Just thought I'd provide you with the option.

try the PK advice

https://www-secure.symantec.com/connect/forums/move-sep-11-clients-one-existing-server-another-existing-server

Hi

There could be 2 possible steps to perform the migration.
 
1.       Recommended or the best way:
 
Configure the second new server as a replication partner of the existing one. Then configure the “management server list to point the clients to the new server. Keep the setup for some time so that all the clients receives the policy and then delete the replication and de-commission the old server. Following this method will have no downtime and orphan clients.
 
Note: Following this method needs the server name to be different as well.
 
·         Reference Documents:
 
URL: http://www.symantec.com/docs/TECH105928
 
URL: http://www.symantec.com/docs/TECH104582
 
Note: Please follow the “Defining Management Server Lists” section. Remember you need to set up the new server as Priority 1.
 
2.        Disaster recovery Method:
 
Follow the normal Disaster Recovery Method to install the Symantec Endpoint Protection Manager on the new server. This method may lead into downtimes and orphan clients.
 
·         Reference documents:
 
URL: http://www.symantec.com/docs/TECH104389
 
URL: http://www.symantec.com/docs/HOWTO26644

Regards