SEP MR4 Encryption Password/ Simple vs Advanced

To know about Encryption password you can check this document here

https://www-secure.symantec.com/connect/forums/lost-encryption-password

Your encryption passwork wil be used as an input to 2 fish alogrithum and communicate between manger and client is secured

As far as i know you cannot get this password. its all encrypted.

not sure when its gonna ask for that password when you set up new site.

http://service1.symantec.com/support/ent-security.nsf/docid/2008032202341548

If, during the configuration portion of the SEPM, the "Simple" configuration option is chosen, then the encryption password should be the same as the admin login for the console (see page 66 of the install guide). Please note, however, that resetting the admin login does not reset the encryption password.

If an "Advanced" configuration was performed and a different passphrase was entered, there is currently no way to recover or reset the encryption password. The only resolution, at this time, is to reinstall the management server with a new encryption password (place this password in a very secure place, ie., a safe) and push the new sylink.xml file to all of the agents so that they get the new SEPM GUID.

Please see 'The Encryption Password and Symantec Endpoint Protection 11 (SEP11)' KB for detailed steps.

http://service1.symantec.com/support/ent-security....

Best,
Thomas

Thanks for the information regarding the encryption password. I have a better understanding of its function. I'm still searching how to determine which install method was used: Simple or Advanced but havent found anything. If I'm going to replace the SEPMs I guess it doesnt matter. I just have to find the How To for exporting and importing the policies and server settings so I dont have to recreate them.

One suggestion would be to install a new manager as a replication partner to the old one. In this way you will be able to replicate the entire manager to the new one and then deactivate the old one. Please use the document below for this:
 

http://service1.symantec.com/support/ent-security....

If you use a Replication partner to move the old SEPM's settings to the new SEPM (replication partner) and if you uninstall or decomission the original SEPM, you will never be able to configure replication with any other new SEPM ever again.  The old SEPM being the Master server, and if uninstalled, the new SEPM cannot configure another replication partner.

Hello Dan,

You can follow this document to export the policy and import to the new one.

How to export/import an existing Symantec Endpoint Protection policy

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/e1d6b2be029e9479ca2574f90003fdc0?OpenDocument

I think your  worry is in case of a server failure if you
want to reinstall SEPM how you will do it since you don't have an encryption
password?

As per my knowledge encryption
password is req. when you don't have a database backup and you need to
reestablish the communication.

If you want to reinstall SEPM do as
follows

Take a database backup from old SEPM

For taking database backup do as
follows

Click Start> Programs> Symantec
Endpoint Protection Manager> Database Back Up and Restore.

In the Database Back Up and Restore
dialog box, click Backup

In the confirmation screen select yes .

The database backup directory is
located in \\Program Files\Symantec\Symantec Endpoint Protection
Manager\data\backup. The backup file is named <date_timestamp>.zip.

Take a copy of keystore.jks file which
is present in Program Files \Symantec\Symantec Endpoint Protection
Manager\tomcat\etc

Take a copy of server.xml  file which is present in Program Files \Symantec\Symantec
Endpoint Protection Manager\tomcat\conf

Remove this SEPM from network

.Install SEPM in new server (new server
should install with same IP address and hostname of old server) and configure
it with default options

Restore the database

For restoring DB do as follows

click Start> Settings> Control
Panel> Administrative Tools> Services.

In the Services window, right-click
Symantec Endpoint Protection Manager, and then click Stop.

Note: Do not close the Services window
until you are finished with this procedure.

Create the following directory:

\\Program Files\Symantec\Symantec Endpoint
Protection Manager\data\backup

Copy your database backup file to the
directory.

Note: By default, the database backup file
is named date_timestamp.zip.

Click Start> Programs> Symantec
Endpoint Protection Manager> Database Back Up and Restore.

In the Database Back Up and Restore dialog
box, click Restore.

In the Restore Site dialog box, select the
backup file that you copied to the backup directory, and then click OK.

Note: The database restoration time varies
and depends on the size of your database.

When the Message prompt appears, click OK.

Click Exit.

copy the keystore.jks file to Program
Files \Symantec\Symantec Endpoint Protection Manager\tomcat\etc

copy the server.xml  to  Program
Files \Symantec\Symantec Endpoint Protection Manager\tomcat\conf

Then reconfigure the SEPM

Always keep a regular backup of your database and server.xml& keystore.jks files in safe place .

Thanks to everyone for their advise. Very helpful.