Endpoint Protection

Hello

there is a symantec endpoint 12.1   installation on a physical server with applied policies  and deployement to 200 clients. This installation is running normaly, using  the  symantec endpoint's  default embeded database.

Our goal is to move the installation to a new virtual server which currently exits and is running some other apllications, (such as system center e.t.c.). We want the endpoint to be installed there and run along with the other applications.

For this reason we have performed a new fresh installation to the virtual server. Our plan is to make a database restore from the running installation (the physical server), so as to move the policies, settings and clients to the new installation (on the virtual server).

So my questions are:

1) Can it be a database restore from another  installation (form the  installation on the physical to installation on the  virtual)?

2) Will this restore brings us the the settings, policies and clients from the running installation to the new one?

3)  How can the clients "see" the new server? (The new server will have its own hostname, ip address e.t.c).  Our goal is to NOT need to perform an uninstall and new install of the client software to 200 clients. Is there a possibility to point the clients to the new management server automatically?

thnks in advance

John

 

 

Did you go thru this:

How to move Symantec Endpoint Protection Manager from one server to another server

Yes the restore will keep everything intact.

Please review the above link which details this process

Hello Brian

thnks for the quick reply

1. Stop the "Symantec Endpoint Protection Manager" and "Symantec Embedded Database" service on MACHINE_1 to verify whether all client now report to the new SEPM on MACHINE_2
   1. Once verified that all the clients are reporting into the new SEPM, and have moved away from the old one, proceed to the next step.

How can i verify this ?

 

 

They will start showing up in the new console on the Clients page

what i have done so far is

Follow disaster recovery method & Create a new MSL.as per following

1. Follow "Best Practices for Disaster Recovery with Symantec Endpoint Protection" (see Related Articles below) to backup and reinstall SEPM on MACHINE_2
2. Log in to the old SEPM on MACHINE_1
3. Click Policies > Policy Components > Management Server Lists > Add Management Server List
4. Click Add> Priority and a new Priority would get added named as "Priority2"
5. Add MACHINE_1 under Priority 2 and add MACHINE_2 under Priority 1, and assign this New Management Server List to all the groups.

and i am waiting for the clients to come online on the new server. But this proccess takes a lot of time. How many time you believe i need for 200 clients?

thnks

John

 

Hi,

Did you stop the SEPM service on Primary Server?

 

.

 

hello

No i haven't stop the service on any of the two servers. Should i had to stop it? And for what reason? As far as i can understadn , there would be an intermediate stage where the two servers was supposed to work together. Have i miss something here?

 

 

john the switching of endpoins from SEPM-1 to SEPM-2 depends upon the heartbet intervel which you are using and also the communication mode either "PUSH" or "PULL:"

for example if you are using the push mode for communication then once you stop the service on SEPM1 then endpoints will instantly transition or move over to SEPM2

if you are using PULL mode and for example if the hear beat interval is 30 minutes then after 30 minutes the endpoints would heartbeat to SEPM1 and if it is offline then endpoints would move over to the SEPM2 in their MSL ( pull mode is dependednt upon the heartbeat interval) the endpoints only check in with the SEPM after this internal is elapsed

john which mode are you using for communication ? push or pull ?

i use the push method

i havent set up any interval, i think its the default setting

 

any thoughts?

 

well if you are using push mode and doing it rightly then AFAIK the treansition from SEPM1 to SEPM2 should happen instantly. Have you applied the MSL list rightly to the groups ?

Hi,

Out of 200 clients are there any clients who have been shifted to the new SEPM?

hello everybody

all the clients looks "offline" in the clients page

i tried to brinng on online using the communication update deployement package as listed in the  link

http://www.symantec.com/business/support/index?page=content&id=TECH199124

but although the package seems to deploy the communication is not updated, as you can see in the attachement file

Really drives me crazy....

 

 

@John, 

 

Check with the test machine. 

 

Check for 

 

1. Remote registry service   

2. Computer browser service     both from services.msc 

3. Enable File and printer sharing .  - Control panel - network and sharing - advance sharing 

 

Check all these in one client which has the issue  and try to push the package  from the manager. 

 

Let me know the status. 

 

well the remote registry service was stopped (set it to manual) and i  set it to start (automatic) , Computer browser service was ok, File and printer sharing was ok , and  now the machine shows green in the push deployement (both deployement and connection is green),but still offline in the clients page

 

@John 

Copy the server private key folder from the old server and place it in the desktop of the new server. 
Run the management server configuration wizard.
In the first page point the Server private key folder (click browse and choose the file which is recent)
Once the wizard is done. 

Create a MSL 
http://www.symantec.com/business/support/index?page=content&id=TECH103175

Make sure the priority 1 should be the new server . 

ok l 'll do this and come again with the results

One question. Should'nt the private key had been copied to the new server  with the restore proccess?

thnks

John

 

You Will be pointing the server private key during the management server wizard. .

ok

i assume that Server private key folder is the Server private key backup folder right?

 

it says "the management server already exists. you must change the server name

 

Yeah that's right . It Will have multiple files in it. Choose the file which has latest date. Go for yes. Since you computer name and ip differs

well i get an error

preparing database

failded to connect to database. Make sure your login name and password are correct

 

No . Correct me if I'm wrong. This is what you should have done so far. Installed SEPM in the new server with fresh empty DB. Should have taken the DB back up and the server private key folder from old server to new. After restoring the DB , it would initiated the management wizard by itself. Thereby you would have pointed the server private key. After this you should create MSL in the old server giving priority to the new server. By doing this all your 200 clients Will talk to new server. Could you post the snap shot of the error. So I can help Yu

i

Harry

i have done these

1)Installed SEPM in the new server with fresh empty DB. ok
2)Should have taken the DB back up ok

and the server private key folder from old server to new.

i have performed a restore of the database to the new server ok

i did'nt actually backed up the private key. I think it is backing up automatically during the database backup proccess

i started management wizard and pointed to a folder that i had previously cpoied the private key (as per your suggestion)

After this you should create MSL in the old server giving priority to the new server. . This MSL had been created previously. Is maybe this the problem? And should i create an MSL to the neew server as well?

 

 

Its better you create one which point its own computer name or IP . 

 

Because when you restore the DB the MSL from the old server will be restored.