Endpoint Protection

I have SEPM installed on the C:\ drive on the server.  The database files sit on this drive, too, which is not a large drive.  I have a much larger second data partition (D:\) that I'd like to move the DB to, but preferably without reinstalling/reconfiguring the whole SEPM setup.  Is there a way I can migrate the DB to the other partition easily, maybe with a backup/restore process?

It  is not possible to  to move the database from One  drive  to the other.

the best waht you can do is take the back up of the database

uninstall SEPM

reinstall SEPM on the D drive

and restore the back up

Best Practices for Disaster Recovery with Symantec Endpoint Protection
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007082112135948

Hi,

The following is not documented but it does work in case of Embedded Database.

Before you begin be sure that you have the correct DBA password.

(You may check the same by performing the ODBC test)

1. Stop the Symantec Endpoint Protection Manager and the Symantec Embedded Database Service.

2. Copy the following files/folders to a different location
    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\db (Complete Directory)
    keystore.jks file from C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc
    server.xml from C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\conf

3. Uninstall and Reinstall SEP Manager on the same IIS port

4. Stop the Symantec Endpoint Protection Manager and the Symantec Embedded Database Service.

5. Replace the following OLD FILES from the Location we had moved them to before un-installation.
    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\db (Complete Directory)
    keystore.jks file from C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc
    server.xml from C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\conf
    (You may Keep the new files by renaming them as *.new)

6. Run the Management Server Configuration Wizard with the OLD DBA password


You should have all your clients back in the new SEP Manager.

It is better to use the built-in database backup and restore than to manually copy the files on the file system.

Hi,

You would like to move the DB but without reinstalling/reconfiguring the whole SEPM setup.

There is no way.

If it would have been a SQL database:

Best Practices guide for moving the Symantec Endpoint Protection Manager SQL Server database from one drive to another on the same machine

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008101011093048


If Embedded Database:

(NOTE: the steps given Below are not recommended however, try at your own Risk)

Steps to move the embedded database file:

1. Click on Start> Run ，type services.msc ，click Ok
2. Stop the "Symantec Endpoint protection Manager" Service.
3. Stop the "Symantec Embedded Database" Service.
4. Click on Start> Run, type regedit and click Ok
5. Move all files in <SEPM install folder>\db folder to another folder, for example D:\Database
6. In “Registry Editor” look for the following key:

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\asanys_sem5\parameters
7. Double-click on Parameters value, replace the default path with new folder which sem5.db file locate on, for example, replace ‘C:\Program Files\Symantec\Symantec Endpoint Protection Manager\db\’ with ‘D:\Database’ .
8. Close the "Registry Editor"
9. Click on Start> run>
10. Start the "Symantec Embedded Database" Service.

Warning: Do not start the "Symantec Endpoint protection Manager" Service yet.
11. Click on Start> Programs> Symantec Endpoint Protection Manager> Management Server Configuration Wizard
12. Select Reconfigure the Management and click Next step by step to finish the wizard. The wizard will take you to the final screen after re-synchronizing the application with the new database file path.

I've uninstalled SEPM, reinstalled in the new location, and restored the DB backup successfully. Now it looks like all the clients show up in the console, but they're not actually communicating with the desktop clients. Additionally, when I look at any of the client machines, the little green circle indicating connectivity is no longer there. How can I re-establish communication between the clients and the server?

Wait for about 1 hr and see if the clients are commuinacting or not.

Else run the  Sylink Repalcer

Using the "SylinkReplacer" Utility
 

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008062412271448

Download it from :
https://www-secure.symantec.com/connect/downloads/sylinkreplacer-tool-connecting-sep-clients-sepm

I actually moved the database over a week ago, so it's definitely been a while.  I'll try that utility and update the thread with my results.

Have u restore the Server Private Key if not Restore the Old Server Private Key.

Use the latest Sylink file & replace with the old one using Sylink replacer tool.

This will resolve your issue.

Regards...
Ramji Iyyer

I tried running the Sylink replacer, but it appears from the documentation that it's going to prompt each client machine for some information to update the sylink.xml file.  Is there a way to run this silently and just automatically overwrite the existing sylink files?

Igonre the documentation

Sylink Replacer will run silently without promting the clients, It will automatically replace  the sylink without any interaction from the user.

I ran the sylinkreplacer and everything went ok.  Found the correct sylink.xml on the server, pinged available machines on my subnet and updated the sylink.xml files on the clients.  Now the client machines show a green dot next to them in SEPM, meaning they're now connected, correct?

None of the clients at the desktop level are showing the green dot on the tray icon shield, though.  Just the shield with no dot at all.  The documentation says this means the server is unavailable or the clients are "unmanaged."  Neither of these should be the case.  What else could be wrong?

Green dot means that the Client is commuincating with SEPM

When you Open the UI on the Client ..Go to help and support --> Troubleshooting
What do you see for Server : Unmanged / Offline

Make sure that the firewall is off on the Clients

It's showing the server as "Offline" in the troubleshooting section.  Is there something I need to do on the server side to fix?  The server is definitely NOT offline...

How  many such Clients are there ??

Did you replace the sylink on them using Sylink Replacer ??

make sure that the windows Firewall is off on them

Try this on one machine

There are about 50 clients.  I ran the SylinkReplacer successfully and replaced the sylink files.

When I try that set of steps you laid out, the clients still say that the server is "offline" in the troubleshooting section.  The policy numbers match and everything, but it still thinks the server is offline.

Get the sylink log from one of the Clients:

How to enable Sylink Debugging for Symantec Endpoint Protection (SEP) in the registry

http://service1.symantec.com/support/ent-security.nsf/docid/2008041812561948 

Also are you able to Telnet the server from the client on the IIS port on which SEPM is installed.

You can use also Sylinkremote tool it is very helpful when restoring the communication of SEP to SEPM

I actually followed an official knowledge base article which got me into this mess.  I needed to move the database to a larger to clear up some space.  Steps in the KB article seemed simple.

-Backup DB
-Uninstall SEPM
-Reinstall SEPM at new location
-Install SEPM
-Restore DB.

Well there are obviously steps missing!  I don't have any client communication with the server.  The server shows as offline at the client side.  I am just getting into this problem.  Did you come to a resolution to this problem??