Thanks for your fast answer.

I think i will go with your second suggestion.

Is it possible to have two solutions installed while migrating ?

So that i first update all the clients and assign them to the SEPM Servers and then migrate the servers ? Because it should be no problem to have a coexistance of the antivirus server 10.1.5000 and the SEPM Management Console or am i wrong about this ?

I think i want to use the location feature to assign the clients to the right SEPM server. So there is a location for every physical location.
So that i have one big group for all the clients and assign them via the ipaddress to the server next to them.

Can it work like this ?

Edit: I have a test environment with 1 Server and 3 Clients
1 Client has SSC installed
I tried to import the settings but i get the error "Can't connect ....". I've seen that many people have this problem. Is there a final solution now ? i couldn't find one.

Thanks
Stephan

When you install SEP it will automatically remove SAV.

What do you mean import?

It depends upon your capacity of your network

my suggestion is to keep the existing server (SAV CE 10.x)as it is and install the SEPM in a seperate hardware first and start migrating the clients. when ever the migration completes then you can remove the older version of SAV.

This will be an easy process of migration.

Regards

Arul Prakash.A

@paul

not installing the client just the managment console. Then the SAV Server remains.

@arul

I think i will go this way. Seems to be the best solution.

I will install 2 SEPM at the HQ. One W2K8 x64 Server and one W2K3 Server.
Set Locations for every branch office (except HQ) to update from a GUP which will be installed on a server at the branch office.
But there is one question. How do i install a GUP? I couldn't find anything about it. Only how to configure it in the policies. Can i install a GUP without installing SEP on the server ? At the branch offices we have about 20-50 clients.
Or is a liveupdate server a better solution ? Looks like this is oversized.

And another issue:
I installed the client fresh via group policy. And it installed the firewall which i deselected while building the deployment package.
Another client which had SAV 10.1.5000 installed also got the same package via gpo and runs WITHOUT the firewall.

Did anyone experience this problem ?

Thanks for your answers
Stephan

The existing clients won't associate with the new SEPM server until the new client software is installed on the clients. Once that occurs, they will associate with the new SEPM server.

To configure GUP.

Login in to  SEPM

Policies ->   LiveUpdate - Add

New liveupdate policy

In this new pop-up window you can enable the option "use Group update provider as the default live update Server "

Sepecify the Ip_Address of the PC which you are planning to assign.

Create groups for different location and Create client installation pacakage and install on one client and configure that client as the GUP.

Later start migrating the SAV in that location and install it with the package created for that group.
By this deafult the client will take the update from the GUP server and the policy from the SEPM which will reduce your bandwidth conusmption.

Thanks for your answers.

I did one mistake:
The client which had the GUP role did not have the same LiveUpdate Policy assigned like the clients.

The GUP server has to be in the same location (or must have the same policy) like the clients which ask the GUP for updates. After i set the IP address right, the GUP opened the port and acted as GUP.

But this isn't mentioned in the manual. And it's also not the best solution because my GUP is also a mail or file server and maybe needs other policies like a laptop or a pc. Now it gets the same policy.

Is there a workaround for this ? That the GUP delievers updates although it isn't in the same location ?

I think i'm going live next week ;)

Last question:

I want to use a server as HQ Main Server

Intel Xeon Quadcore 3,17 Ghz
16 GB Ram
W2k8 x64

But it has also the role
DC
DNS
Fileserver
Arcserve Backup

Is it too much to add SEPM to this server ?
I can also use a separate SQL server instead of the local one.

 Do you have any application running on IIS if yes then which mode it is. Is it on 64 bit mode or 32 bit mode if your application is using IIS on 32 bit mode do not install SEP as it will run if IIS is in 64 bit mode .
As microsoft allows IIS to run in only 1 mode.

Other than that I do not see any issues with running it on a DC,Fileserver,DNS and Arcserver server.

You can install SEPM database on any SQL server local or remote its not an issue atall.

Ok i started deploying clients via AD & RemoteInstall.

But i encountered one problem. If notebooks that were installed via RemoteInstall get the policy to install SEP. They install it again instead of skipping it !

So the same msi package is used for remoteinstall and AD. Normally msiexec would recognize that it is already installed or am i wrong about this ? Please advise.

 In GPO deployment..once you have published a deployment each time the user logs on it will re -run the instllation.So once all your clients have been installed you need to remove the Published deployment package but may be there would be a workaround that I am not aware of.

But i have some notebooks which are starting all the time and it isn't redeployed when the first install occured via GPO.

So there must be a mechanism where the gpo recognizes that it has been installed before.

I thought there maybe an entry in eventvwr but there isn't.

I guees via gpo, please create a script to check wehter symantec services are running already, if yes then skip installation.

Ok i'll try to.
Maybe i can perform this task with a WMI filter. Because i'm not sure if i can run a script before logon.

I dont think 'GUP IS TOO SMALL FOR US' is a vlaid comment - we have 10,000 clients and are planning to sue GUP's at every site - to administer and support 250 sites and 250 LU servers would be rediculous!

Ok after this thread came up with an answer i think don't belong here, i just want to say THANKS :)

I managed the deployment of 95% of our clients with the help of AD GPO Install (with wmi script) and enteo Netinstall.

As soon it reaches 98% i will update the last AV 10 servers (which keep the old clients up2date).

You all 've been a great help.

Greets
Stephan