Video Screencast Help

replication partners question

Created: 01 Sep 2011 | 2 comments
S_K's picture

Hello,

We have environment with 3 sites with their SQL databases which sites are replicating. So my question is, if we are not sure which site is the central one and we need to upgrade the SEPMs (and breaking the replication between the sites) is there a way to find out which site is the central and also which SEPM is used for the replication? Because as far as I know, we can add replication partners only from the Central site, not from the replication partners.

Thanks

Comments 2 CommentsJump to latest comment

SolarisMaestro's picture

From my understanding, there is no actual master/slave relationship when doing replication. You can adjust how you want the logs to flow as well as turn on/off replication of Client Packages and LiveUpdate content.

To see which site was set up as the initial SEPM, you can go to either one of your three SEPMs, then go to Servers and there you should see your initial server located under "Local Site". Any servers that were later setup for replication will be located under "Remote Sites" (SEPM 12.1).

I've included a few docs for you that might prove to be helpful in your research:

Replication:

Replication server sizing
http://www.symantec.com/business/support/index?page=content&id=HOWTO53365

Symantec Endpoint Protection 12.1: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager
http://www.symantec.com/business/support/index?page=content&id=TECH160736

Upgrading:

Supported Upgrade paths to Symantec Endpoint Protection 12.1
http://www.symantec.com/business/support/index?page=content&id=TECH163514

Upgrading and migrating to Symantec Endpoint Protection 12.1
http://www.symantec.com/business/support/index?page=content&id=TECH163602

Best Practices For Patching or Upgrading the Symantec Endpoint Management Server
http://www.symantec.com/business/support/index?page=content&id=TECH104728

Thank you for marking as a solution if you felt this response met your needs!

SolarisMaestro's picture

The below is taken from: http://www.symantec.com/docs/TECH163602. One other thing to note is that all SEPMs that are replicating must be the exact same build.

Upgrade the Symantec Endpoint Protection Manager

 

  1. Back up the database.
     
  2. Turn off replication.
     
  3. If you have Symantec Network Access Control installed, enable local authentication.
     
  4. Disable secure communication between server and clients, or enable alternate communication via insecure HTTP ports. When/if the certificate changes on the server, clients exclusively using HTTPS will no longer communicate. See Symantec Endpoint Protection 11.x: How to Change the ports used for communication between the Manager and clients.
  1. Remove any packages assigned to the client groups.  In particular, if you have any packages with "Maintain existing client features when upgrading" unchecked, these packages must be removed.  See Clients show "No Symantec protection technologies are installed" after migrating the SEPM from 11.x to 12.1
     
  2. If the setting "Protect client files and registry keys" is used, disable it from your Application and Device Control policy prior to the migration. WARNING: if this setting is not disabled you may face issues at a later stage when migrating your clients.
     
  3. Stop the Symantec Endpoint Protection Manager service on every management server in your site. After you upgrade, the service starts automatically. WARNING: If you do not stop the Symantec Endpoint Protection Manager service before you upgrade the server, you risk corrupting your existing Symantec Endpoint Protection database. NOTE: When you stop the management server service, clients can no longer connect to it. If clients are required to communicate with the management server to connect to the network, they are denied access until the management server service is restarted.
     
  4. Upgrade the Symantec Endpoint Protection Manager software. You must migrate all management servers before you migrate any clients. You are not required to restart the computer after migration, but you may notice performance improvements if you do. To migrate Symantec Sygate Enterprise Protection servers that use Host Integrity Policies or Enforcer protection, install the management server for Symantec Endpoint Protection first. Then, you repeat the installation procedure and install the management server for Symantec Network Access Control to gain access to the Host Integrity and Enforcer functionality.
     
  5. Turn on replication after all Managers are upgraded.

Thank you for marking as a solution if you felt this response met your needs!