Endpoint Protection Small Business Edition

Hey guys,

Can we use the SEP Communication Package to make a SEP client communicate to another SEPM server?

Scenario:

1. SEPClient1 is communicating to SEPM01.

2. I want SEPClient1 to communicate to SEPM02

3. Solution, push a communication settings package from SEPM02 to SEPClient1.

Is this approach possible?

I was told by the support that we should only use the communicaiton settings package to revive a communication of an unmanaged SEP Client or mulfanctioning  SEP Client,  and it doesnt work on a SEP Client that's already communicating to another SEPM Server.

Anyone can clarify this?

Thank you,

Yes you can without any issues

Even if the client is already communicating with another SEPM? Symantec Support told me it's not possible, so I drop here to confirm it.

Sylink.xml file will have SEPM IP , name and Cert, once you push , it will start communicating, this is the easiest method.

This is the step many follow when SEPM does not work, they uninstall old SEPM, install new SEPM, use the communication deployment, thats it.

you can try it on one client  :) 

It's possible. By replacing the file it will flip the client to the other SEPM. Not sure what support is talking about by saying that.

yes it's possible,you can Choose the "Remove all previous logs and policies, and reset the communication settings in new SEPM sep client communication settings

To create custom installation settings to restore client-server communication, please follow the steps outlined below:

1. In the SEPM, click on Admin.
2. Click on Install Packages.
3. Click on Client Install Settings.
4. Click on Add Client Install Settings...
5. In the Client Install Settings window, at the bottom, note the option "Upgrade settings", Choose the "Remove all previous logs and policies, and reset the communication settings" option and click OK.
6. Export a new Client Install Package and apply this new custom install setting to that package, then re-deploy to the client machines using the Migration and Deployment Wizard.

https://support.symantec.com/en_US/article.tech104955.html

How can we reinstall? We have an external sql server.

Would need to follow the DR process

Hi,

You have uninstalled or are planning to decommission or replace your existing primary (or only) Symantec Endpoint Protection Manager (SEPM) in your environment, and you would like to know the recommended method for getting existing Symantec Endpoint Protection (SEP) clients to report to the new SEPM.

Solution 1: Export a client install package with custom settings that specify removal of the previous client-server communication settings, and then deploy the package.

Solution 2: Use the SylinkReplacer utility to replace Sylink.xml files in existing Symantec Endpoint Protection clients.

Solution 3: Copy the Sylink.xml manually to the SEP client.

Refer this article for more details: http://www.symantec.com/docs/TECH92556

I would recommend you to go through this article as well: Why do I need to replace the client-server communications file on the client computer?

http://www.symantec.com/docs/HOWTO80762

Kindly keep this thread updated, it will help future readers as well.

How can we do this one?

Solution 1: Export a client install package with custom settings that specify removal of the previous client-server communication settings, and then deploy the package.

We have instances where we reinstalled an SEP client(cleanwipe first) with a different group but after the installation it still goes to the previous group.

Here:

How to create a client install setting to remove previous logs, policies and reset the client-server communication settings.

Hi,

It seems like we already have this settings on the package that we created to install the agent...

Anything else?

Does you have AD sync available in SEPM ?

Are you able browser or search SEP clients from SEPM02?

For the admin accounts yes. But that's it, nothing else.

Yes, we can, this is how we push clients actually.

Okay, It doesn't work if pushed out communcation update package?

It does work if our purpose is to revive the client that is offline, but it doesnt work when we use it to make a managed SEP client to move from one SEPM server to another. I found a KB yesterday showing that communication settings was really only for revival of offline clients and not for moving one sepm to another. I just can't find it again. Maybe some of you guys know this KB.

Hi,

With reference to your old reply "It seems like we already have this settings on the package that we created to install the agent...Anything else?

Sending communication update package file and to create install setting to remove previous logs, policies and reset the client-server communication settings are two complete differnt things.

Communication update package carries only communication files to reset communication. But another method carries packaeg + new communication settings.

Make sure have created new package by selecting an option reset client-server communication settings.

This way clients should definitely move from one SEPM to another SEPM. If clients are on WAN links do not send this package remotely, reboot may required to show desired result.

Hi,

I would recommend to go through this article,

How to point clients to a new SEPM after decommissioning or replacing the primary SEPM.

http://www.symantec.com/docs/TECH92556

These are the only supported way to move SEP clients from one SEPM to another or else need to implement replication between SEPM01 AND SEPM02.