Video Screencast Help

Migrating SEPM between servers

Created: 09 Jul 2013 | 35 comments

Hello,

We recently purchased new servers and will be moving SEPM 11.x over from our old server to the new server. My question is how do I go about doing this without orphaning the users, and just making it as simple and quick with as little down time as possible.

 

We want to keep the same settings, packages, etc. but we do not want to have to reinstall SEP on every system (currently 35+).

Operating Systems:

Comments 35 CommentsJump to latest comment

.Brian's picture

You can do this following this KBA

http://www.symantec.com/docs/TECH104389

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

DavidC1988's picture

Hopefully I made sense. After I posted I rethought out what I wanted to do.

We are, more or less, moving out SEP Management Server from one server to another. Will the steps above help me achieve this?

.Brian's picture

Are moving to a new machine with same IP/hostname or will it be different?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

DavidC1988's picture

New Machine, New Name, New IP.

 

Example:

Current Server:

Name: Server1, IP: 1.1.1.1

 

New Server: 

Name: Server2, IP: 1.1.1.2

 

Same domain, same network, same configurations, just we are retiring the old server which has SEPM on it currently.

 

.Brian's picture

Than you will want to follow solution 2 from the KBA.

It may be easiest to go with the replication method.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

DavidC1988's picture

I will give it a go and will let you know soon.

Rafeeq's picture

If I have understood right for 35+seat, replication does not fit considering the cost applicable :)

DavidC1988's picture

We have 35+ uniquie systems (laptops, desktops and servers). We just want to move the SEPM Console and Management server over to the new server and hope it does not orphan our users.

.Brian's picture

You can easily replace the sylink file on each machine using the SEPM. See here:

http://www.symantec.com/docs/HOWTO81109

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

DavidC1988's picture

So once we transition to the new server, I will need to create this and install it on every system? Seems as time dependant as reinstalling :P

.Brian's picture

You're don't create anything.

You just push a new sylink to the clients for them to reconnect.

You can export them to a text file and once you're ready, just import the list into the new SEPM and it will replace the sylink on each.

Just an option, but it's up to you for what you think is best.

 

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

DavidC1988's picture

Ah, ok.

 

We just want to do this the quickest and most reliable way so that we do not have to go around to every system and reinstall or reconfigure the users SEP.

.Brian's picture

For 35 machines, replacing sylink would be the easiest, at least in my opion. I wish I had to deal with that few :)

Just make sure to have a physical list of them, for disaster recovery purposes in case you do need to manually touch a few...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SameerU's picture

Hi

There could be 2 possible steps to perform the migration.
 
1.       Recommended or the best way:
 
Configure the second new server as a replication partner of the existing one. Then configure the “management server list to point the clients to the new server. Keep the setup for some time so that all the clients receives the policy and then delete the replication and de-commission the old server. Following this method will have no downtime and orphan clients.
 
Note: Following this method needs the server name to be different as well.
 
·         Reference Documents:
 
URL: http://www.symantec.com/docs/TECH105928
 
URL: http://www.symantec.com/docs/TECH104582
 
Note: Please follow the “Defining Management Server Lists” section. Remember you need to set up the new server as Priority 1.
 
2.        Disaster recovery Method:
 
Follow the normal Disaster Recovery Method to install the Symantec Endpoint Protection Manager on the new server. This method may lead into downtimes and orphan clients.
 
·         Reference documents:
 
URL: http://www.symantec.com/docs/TECH104389
 
URL: http://www.symantec.com/docs/HOWTO26644
 

Regards

 

Sumit G's picture

Agree with Brian. Replace the sylink file with Replacre Tool is best way to remotely migrate the clients.

https://www-secure.symantec.com/connect/downloads/sylinkreplacer-tool-connecting-sep-clients-sepm

Regards

Sumit G.

DavidC1988's picture

Will try these out and will advise of any issues.

DavidC1988's picture

So I am attempting the replication method today. I am on step 3, about changing/accepting the Server Information, and when I clicked next (Server name, Port 8443) it says the "The server port is being used by another application. Please choose a new port."

 

So if I choose a new port, I will need to change the port in IIS as well, and this can cause a big issue, no?

Rafeeq's picture

No , this is a different port, 8443 is secure tomcat port.

communication port is 8014...

http://www.symantec.com/business/support/index?page=content&id=HOWTO59234

DavidC1988's picture

Will this cause any issues what-so-ever when replicating the old SEPMS to the new one?

 

Says port 9090 for webserver is also in use. Will changing these to 8444 and 9091 cause any issues?

Rafeeq's picture

if you have replication already set then you need to delete and initiate a new one. From the above link 

Note: For change in server port in case of Multiple Symantec Endpoint Protection Managers, we would have to delete the existing replication partners and re-add them with the changed server port for the consoles to replicate data successfully

 

DavidC1988's picture

The new server (where I want to replicate to) I created a DB, same name, but also same information as the current one, and when I tried to overwrite it, it gave me an overwrite issue. 

 

I installed SEP as it shows in the documentation, and when trying to replicate it is a pain in the buttox. I am trying to follow what the KB says, but it is not working. I have uninstalled and removed the old DB, going to reinstall now

Rafeeq's picture

For 35 machines, install new sepm on new server, export the policy from old to new.

use the sylink replacer to connect all the old clients to new sepm.

 

DavidC1988's picture

So do not follow the replication method? Just export the policies and go from there?

What policies do I copy over? All of them?

Is there a KB for this?

DavidC1988's picture

It seems to be replicating...KNOCK ON WOOD that it works :)

Rafeeq's picture

:) in future if you want to copy policies 

open sepm

policies, right click on policy ( for ex Av)

click export

simillary you do import on the new server

DavidC1988's picture

Of course....it failed....Could not reach the server...that is online...and I am currently on the damn thing..

GAAAAAAAAAAAAHHH

DavidC1988's picture

I am on the edge here of losing my mind with this. The fact that this is so damn complicated and does not work is a bloody joke

 

http://www.symantec.com/business/support/index?page=content&id=TECH104389

That does not work...either it cannot find the server, or cannot overwrite sem5.dat or whatever it is.

DavidC1988's picture

So how does Syslink recognize systems? I tried to deploy the new management server policies on my own system, but it does not recognize my DHCP address. How can I go about fixing this? It says THE NETWORK PATH WAS NOT FOUND, usually to fix this I disable Windows Firewall, which is already disabled, so what is going on?

 

 

Rafeeq's picture

Installed new SEPM?

then we will use the Sylink replacer which is used to distribute the communication file called Sylink.xml

For no network path error message, firewall, simple filesharing, remote registry serive and C$ admin share should been enabled. it needs all the same requisites what migration and deployment wizard needs

try pushing it on few more machines to check if you are still gettting the same messages.

once done you need to manually export and import policy from old sepm to new sepm

DavidC1988's picture

All policies have been moved over, now it is time to add the users. I will give it a go and see what happens.

Rafeeq's picture

It will work fine, All the best. Please keep us posted.

DavidC1988's picture

Says that I am not apart of the Local Administrators (I am), nor the Domain Admins (I am).

 

This tool is horrible. By the time I figure this out, I could just uninstall 35+ clients and do it manually.

 

For the Migration and Deployment, when I usually disable Windows Firewall, it usually goes through. I tried this and it still does not find it.

DavidC1988's picture

So I have tried using Sylink for many different IP addresses and it does not work. Clearly he needs something more than the DHCP address I am giving it; but the fact that it says I am not in the Local Admins or Domain Admins just bothers me because I am.

DavidC1988's picture

I ran Syslink, after 5 days where it said I wasn't an Admin account, and it found 1 system...an XP system, thats it. Our lone XP system is the one syslink found and changed the XML for.

 

 

Sachin Sawant's picture

Hi DavidC1988,

Its possible to create the replication partner or add the new server IP in Management Server List.

if you add new IP in Management Server List. do not any downtime required.