Video Screencast Help

Migrating SEP 11 (On OLD Hardware) to SEP 12 (On New Server, Hyper-V VM)

Created: 09 Jun 2012 • Updated: 26 Oct 2012 | 4 comments
This issue has been solved. See solution.

I am in the process of migrating an OLD Symantec Endpoint system for one of my clients to a Hyper-V VM on a new system. Some background info...

  • OLD Server -> Running Windows Server 2003 R2, SEPM 11.0.6, Embedded Database
  • New Server -> Host is Windows 2008 R2 running Hyper-V/VM is Windows 2008 SP2 x64, SQL 2008 R2 Standard SP1, Want to Migrate to latest enterprise version (12.1.1 MP1 it looks like)

*Roughly 75-100 SEP clients in this enviroment

From what I can tell I have two options...

  1. Install same version on the new system, configure replication and wait for sync/set new system as higher priority, when I'm happy it's healthy and so forth upgrade manager and clients to latest version. Per
  2. Install Latest SEP version on new server, find a way to export all policies and things from old system and import on new system, migrate clients to new system with sylinkreplacer, upgrade client software.

So far I'm finding option 2 more appealing but I'm open to suggestions. I mainly have a couple of questions...

Best way to go about exporting all policies and settings from the old system and importing them in v12?

Any drawbacks going either route?

Anyone gone through something similar in the recent past and mind sharing their experiences? Thanks



Comments 4 CommentsJump to latest comment

elango252006's picture

I have a suggestion for you which is a bit different from both the above options.

Upgrade your existing SEPM to 12.1 and then think of moving the SEPM 12.1 to another machine.

In this process, after the existing SEPM is upgraded, you may add the MSL (Mgmt. Server List) in such a way that the new server listed in Priority 1 and the existing server in priority 2.

Install SEPM on the new server and then restore the backup of the existing (OLD) SEPM's database and the server private key backup.

Upon successful implementation of the above steps, you should see the clients reporting to the new SEPM server. After realizing this migration of clients, you shall stop the SEPM services on the existing (OLD) SEPM server for a few days and after which you could think of de commissioning the old SEPM permanently.

Please refer to the below link for your assistance on the database and server private key restoration

Hope that helps!


Elango M.

Best Regards,

Elango Mathivanan

CCNA, SCS (SEP 12.1)

Please do not miss out to mark "solution" for those posts that meet your expectations:)

Steve R's picture

Hello Elango,

Thanks for the suggestion. I also like this route unfortunately I don't think this will be possible. Currently SEP 11 lives on a VERY old (Must be 7+ years) Gateway server that has disk space problems. I'm not so sure I want to risk trying to upgrade it.



Mithun Sanghavi's picture

Hello Steve,

I believe you have done your homework and I am convinced with your plans. There are no drawbacks for going on either of the plan.

There are few suggestions and Answers to your question -

1) Make sure you have the Backup of the SEPM 11.x before you go with either of the plan.

2) Check this Article before Migration to SEP 12.1,

WhitePaper for Migration:

3) In reference to Policies, check this Article:

How to export/import an existing Symantec Endpoint Protection Policy

4) Check these Threads for more info -

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Steve R's picture

Thanks for the replys all. Rather than exporting policies and so forth I wound up going with option one. Both servers are up and running on the same version, replication was configured, and clients are reporting to the new system. Early next week I plan on disabling replication/decommissioning the old server, and upgrading the new VM to the latest version along with all clients. Thanks

Best Regards,