Hello,
We recently purchased new servers and will be moving SEPM 11.x over from our old server to the new server. My question is how do I go about doing this without orphaning the users, and just making it as simple and quick with as little down time as possible.
We want to keep the same settings, packages, etc. but we do not want to have to reinstall SEP on every system (currently 35+).
You can do this following this KBA
http://www.symantec.com/docs/TECH104389
Hopefully I made sense. After I posted I rethought out what I wanted to do.
We are, more or less, moving out SEP Management Server from one server to another. Will the steps above help me achieve this?
Are moving to a new machine with same IP/hostname or will it be different?
New Machine, New Name, New IP.
Example:
Current Server:
Name: Server1, IP: 1.1.1.1
New Server:
Name: Server2, IP: 1.1.1.2
Same domain, same network, same configurations, just we are retiring the old server which has SEPM on it currently.
Than you will want to follow solution 2 from the KBA.
It may be easiest to go with the replication method.
I will give it a go and will let you know soon.
If I have understood right for 35+seat, replication does not fit considering the cost applicable :)
We have 35+ uniquie systems (laptops, desktops and servers). We just want to move the SEPM Console and Management server over to the new server and hope it does not orphan our users.
You can easily replace the sylink file on each machine using the SEPM. See here:
http://www.symantec.com/docs/HOWTO81109
So once we transition to the new server, I will need to create this and install it on every system? Seems as time dependant as reinstalling :P
You're don't create anything.
You just push a new sylink to the clients for them to reconnect.
You can export them to a text file and once you're ready, just import the list into the new SEPM and it will replace the sylink on each.
Just an option, but it's up to you for what you think is best.
Ah, ok.
We just want to do this the quickest and most reliable way so that we do not have to go around to every system and reinstall or reconfigure the users SEP.
For 35 machines, replacing sylink would be the easiest, at least in my opion. I wish I had to deal with that few :)
Just make sure to have a physical list of them, for disaster recovery purposes in case you do need to manually touch a few...
Hi
There could be 2 possible steps to perform the migration. 1. Recommended or the best way: Configure the second new server as a replication partner of the existing one. Then configure the “management server list to point the clients to the new server. Keep the setup for some time so that all the clients receives the policy and then delete the replication and de-commission the old server. Following this method will have no downtime and orphan clients. Note: Following this method needs the server name to be different as well. · Reference Documents: URL: http://www.symantec.com/docs/TECH105928 URL: http://www.symantec.com/docs/TECH104582 Note: Please follow the “Defining Management Server Lists” section. Remember you need to set up the new server as Priority 1. 2. Disaster recovery Method: Follow the normal Disaster Recovery Method to install the Symantec Endpoint Protection Manager on the new server. This method may lead into downtimes and orphan clients. · Reference documents: URL: http://www.symantec.com/docs/TECH104389 URL: http://www.symantec.com/docs/HOWTO26644
Regards
Agree with Brian. Replace the sylink file with Replacre Tool is best way to remotely migrate the clients.
https://www-secure.symantec.com/connect/downloads/sylinkreplacer-tool-connecting-sep-clients-sepm
Will try these out and will advise of any issues.
So I am attempting the replication method today. I am on step 3, about changing/accepting the Server Information, and when I clicked next (Server name, Port 8443) it says the "The server port is being used by another application. Please choose a new port."
So if I choose a new port, I will need to change the port in IIS as well, and this can cause a big issue, no?
No , this is a different port, 8443 is secure tomcat port.
communication port is 8014...
http://www.symantec.com/business/support/index?page=content&id=HOWTO59234
Will this cause any issues what-so-ever when replicating the old SEPMS to the new one?
Says port 9090 for webserver is also in use. Will changing these to 8444 and 9091 cause any issues?
if you have replication already set then you need to delete and initiate a new one. From the above link
Note: For change in server port in case of Multiple Symantec Endpoint Protection Managers, we would have to delete the existing replication partners and re-add them with the changed server port for the consoles to replicate data successfully
The new server (where I want to replicate to) I created a DB, same name, but also same information as the current one, and when I tried to overwrite it, it gave me an overwrite issue.
I installed SEP as it shows in the documentation, and when trying to replicate it is a pain in the buttox. I am trying to follow what the KB says, but it is not working. I have uninstalled and removed the old DB, going to reinstall now
For 35 machines, install new sepm on new server, export the policy from old to new.
use the sylink replacer to connect all the old clients to new sepm.
So do not follow the replication method? Just export the policies and go from there?
What policies do I copy over? All of them?
Is there a KB for this?
It seems to be replicating...KNOCK ON WOOD that it works :)
:) in future if you want to copy policies
open sepm
policies, right click on policy ( for ex Av)
click export
simillary you do import on the new server
Of course....it failed....Could not reach the server...that is online...and I am currently on the damn thing..
GAAAAAAAAAAAAHHH
I am on the edge here of losing my mind with this. The fact that this is so damn complicated and does not work is a bloody joke
http://www.symantec.com/business/support/index?page=content&id=TECH104389
That does not work...either it cannot find the server, or cannot overwrite sem5.dat or whatever it is.
So how does Syslink recognize systems? I tried to deploy the new management server policies on my own system, but it does not recognize my DHCP address. How can I go about fixing this? It says THE NETWORK PATH WAS NOT FOUND, usually to fix this I disable Windows Firewall, which is already disabled, so what is going on?
Installed new SEPM?
then we will use the Sylink replacer which is used to distribute the communication file called Sylink.xml
For no network path error message, firewall, simple filesharing, remote registry serive and C$ admin share should been enabled. it needs all the same requisites what migration and deployment wizard needs
try pushing it on few more machines to check if you are still gettting the same messages.
once done you need to manually export and import policy from old sepm to new sepm
All policies have been moved over, now it is time to add the users. I will give it a go and see what happens.
It will work fine, All the best. Please keep us posted.
Says that I am not apart of the Local Administrators (I am), nor the Domain Admins (I am).
This tool is horrible. By the time I figure this out, I could just uninstall 35+ clients and do it manually.
For the Migration and Deployment, when I usually disable Windows Firewall, it usually goes through. I tried this and it still does not find it.
So I have tried using Sylink for many different IP addresses and it does not work. Clearly he needs something more than the DHCP address I am giving it; but the fact that it says I am not in the Local Admins or Domain Admins just bothers me because I am.
I ran Syslink, after 5 days where it said I wasn't an Admin account, and it found 1 system...an XP system, thats it. Our lone XP system is the one syslink found and changed the XML for.