Endpoint Protection

 View Only

  • 1.  Move Clients to new Managment Server

    Posted Mar 31, 2009 02:05 PM
    I'm trying to find the easiest/best way to move all of our Symantec Enpoint 11 Clients from our current server to a new one and the remove the Managment Console from the old one.  Right now the current server is serving a dual role which will make maintenance in the future problematic, so I want to move the managment console to its own VM in our new virtual machine cluster.


  • 2.  RE: Move Clients to new Managment Server

    Posted Mar 31, 2009 02:06 PM



  • 3.  RE: Move Clients to new Managment Server

    Posted Mar 31, 2009 03:18 PM
    On CD2 under Tools\No Support\SylinkDrop there should be an executable called SylinkDrop.exe

    This tool can be used to move a client from one  SEPM to a different SEPM.

    Here is how I have used it. Create a batch script with this in it

    \\servername\sharename\SylinkDrop.exe -silent -p <YourPasswordToStopSEPService> \\servername\sharename\Sylink.xml

    The Sylink.xml file is on the destination server (where you want to move your endpoints to).

    Where to find Sylink.xml:
    On your SEPM go to 
    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent
    You'll see a bunch of folders with some long cryptic looking number. Each one of these represents a group you have created within your SEPM. To find out which group corresponds with which folder you have to go into the folder and open up the LSProfile.xml file. On the 4th line down, it should tell you the group. So find the group to which you want to drop your clients into by looking at these files. Once found, within that same folder will be the Sylink.xml file that I'm referring to above when I mention \\servername\sharename\Sylink.xml so just copy it to whatever you designate as that location.

    What it will do is stop the SEP service, copy that Sylink.xml file over and then restart it up. Unfortunately, if you're thinking "well can't I just do those steps manually?" I have tried it and it did not work. There must be some "special stuff" that exe is doing that makes the magic happen.

    Hope this helps.


  • 4.  RE: Move Clients to new Managment Server



  • 5.  RE: Move Clients to new Managment Server

    Posted Mar 31, 2009 04:38 PM
    As long as the "old" server is still in place, you can install an additional server to the same site (you can choose this option when installing sepm). Once it is installed, you can change your management server list (click policies on the left hand side side and then under policy components) so it wil contain both servers.

    Next, assign the new/changed management server list to your client groups (clients on the left hand side > policies tab > communication settings). If you do it like this, your clients will automatically update their sylink.xml file and you don't have to bother using sylinkreplacer or redeploying your clients.

    Wait for a while (until all of your clients updated their policies) to uninstall SEPM from the initial server.


    Good luck!
    Dries


  • 6.  RE: Move Clients to new Managment Server

    Posted Mar 31, 2009 06:48 PM

    I was getting ready to go down the Sylinkdrop/Sylinkreplacer route (which should work), but then I saw dries_vb's suggested solution which looked like the easier route, However, I believe that he accidentally suggested using additional server where using install additional site is actually what should be used.  I found this step-by-step guide to walk through the process:

    http://www.kavinda.net/2008/06/09/how-to-move-symantec-endpoint-protection-manager-to-another-server.html

    Thanks for the input!



  • 7.  RE: Move Clients to new Managment Server

    Posted Apr 01, 2009 01:54 AM
    That depends on type of base do you use. If you use MS SQL then you just install additional server in same site. If you use imbedded DB then you add site and make them replicate before get rid of old one.


  • 8.  RE: Move Clients to new Managment Server

    Posted Apr 01, 2009 02:35 AM
    no any depends on DB!!!
    1) add new server name and IP (see dries_vb comment)
    1a) wait for some time (clients will get new policies)
    2) backup server sertificate - open SEPM console-> Admin -> Servers-> choose on the left panel server account and click below on Manage Server Cetrificate -> Backup Server Certificate and chose where to save it
    3) backup the BD : Start-> Run -> Symantec Endpoint Protection Manager-> Database Backup and Restore -> Backup Database
    4) install SEPM as first site on new server (stop SEPM service on previous server)
    5) Restore the DB: Start-> Run -> Symantec Endpoint Protection Manager-> Database Backup and Restore -> Restore Database
    6) reconfigure the SEPM:   Run -> Symantec Endpoint Protection Manager-> Management Server Configuration Wizard
    7) delete "old" server from SEPM console
    7) Restore certificate to new server in SEPM console: open SEPM console-> Admin -> Servers-> choose on the left panel server account and click below on Manage Server Cetrificate -> Update the Server Certificate and provide the path to the sertificate (password is in xml file)
    8) restart SEPM service