Endpoint Protection

I recently was asked to take over management/ administration of our SEPM servers. Our environment has 3 SEPMs (embedded db), over 5000 clients, and three sites. The problem I'm having is that there was no documentation during the build/ deployment. The previous person is long gone and I'm trying to pick up the pieces. What I'm seeing has me worried. For example, a SEPM configured also as a GUP. I was told there was no encryption password documented during the install so thaI'm worried that a Simple install/ config occured...which I understand only supports 100 clients. Probably why the previous admin made the SEPM a GUP. Any ways, I want to stand up new servers and move the clients over. I do not want to recreate the policies that seem to be working. How can I stand up a new server if I do not know the encryption password (assuming there was one) and have it communicate with the other SEPMs? Or for that matter, how can I tell which install was selected (Simple or Advanced)? Thanks in advance.

To know about Encryption password you can check this document here

https://www-secure.symantec.com/connect/forums/lost-encryption-password

Your encryption passwork wil be used as an input to 2 fish alogrithum and communicate between manger and client is secured

As far as i know you cannot get this password. its all encrypted.

not sure when its gonna ask for that password when you set up new site.

http://service1.symantec.com/support/ent-security.nsf/docid/2008032202341548

If, during the configuration portion of the SEPM, the "Simple" configuration option is chosen, then the encryption password should be the same as the admin login for the console (see page 66 of the install guide). Please note, however, that resetting the admin login does not reset the encryption password.

If an "Advanced" configuration was performed and a different passphrase was entered, there is currently no way to recover or reset the encryption password. The only resolution, at this time, is to reinstall the management server with a new encryption password (place this password in a very secure place, ie., a safe) and push the new sylink.xml file to all of the agents so that they get the new SEPM GUID.

Please see 'The Encryption Password and Symantec Endpoint Protection 11 (SEP11)' KB for detailed steps.

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/1af09196831f2c208825758500670bf8?OpenDocument

Best,
Thomas

 

Thanks for the information regarding the encryption password. I have a better understanding of its function. I'm still searching how to determine which install method was used: Simple or Advanced but havent found anything. If I'm going to replace the SEPMs I guess it doesnt matter. I just have to find the How To for exporting and importing the policies and server settings so I dont have to recreate them.

One suggestion would be to install a new manager as a replication partner to the old one. In this way you will be able to replicate the entire manager to the new one and then deactivate the old one. Please use the document below for this:
 

http://service1.symantec.com/support/ent-security.nsf/docid/2008031204405448

If you use a Replication partner to move the old SEPM's settings to the new SEPM (replication partner) and if you uninstall or decomission the original SEPM, you will never be able to configure replication with any other new SEPM ever again.  The old SEPM being the Master server, and if uninstalled, the new SEPM cannot configure another replication partner.

Hello Dan,

You can follow this document to export the policy and import to the new one.

How to export/import an existing Symantec Endpoint Protection policy


http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/e1d6b2be029e9479ca2574f90003fdc0?OpenDocument

I think your  worry is in case of a server failure if you want to reinstall SEPM how you will do it since you don't have an encryption password?

As per my knowledge encryption password is req. when you don't have a database backup and you need to reestablish the communication.

If you want to reinstall SEPM do as follows

Take a database backup from old SEPM

For taking database backup do as follows

Click Start> Programs> Symantec Endpoint Protection Manager> Database Back Up and Restore.

In the Database Back Up and Restore dialog box, click Backup

In the confirmation screen select yes .

The database backup directory is located in \\Program Files\Symantec\Symantec Endpoint Protection Manager\data\backup. The backup file is named <date_timestamp>.zip.

Take a copy of keystore.jks file which is present in Program Files \Symantec\Symantec Endpoint Protection Manager\tomcat\etc

Take a copy of server.xml  file which is present in Program Files \Symantec\Symantec Endpoint Protection Manager\tomcat\conf

Remove this SEPM from network

.Install SEPM in new server (new server should install with same IP address and hostname of old server) and configure it with default options

Restore the database

For restoring DB do as follows

click Start> Settings> Control Panel> Administrative Tools> Services.

In the Services window, right-click Symantec Endpoint Protection Manager, and then click Stop.

Note: Do not close the Services window until you are finished with this procedure.

Create the following directory:

\\Program Files\Symantec\Symantec Endpoint Protection Manager\data\backup

Copy your database backup file to the directory.

Note: By default, the database backup file is named date_timestamp.zip.

Click Start> Programs> Symantec Endpoint Protection Manager> Database Back Up and Restore.

In the Database Back Up and Restore dialog box, click Restore.

In the Restore Site dialog box, select the backup file that you copied to the backup directory, and then click OK.

Note: The database restoration time varies and depends on the size of your database.

When the Message prompt appears, click OK.

Click Exit.

copy the keystore.jks file to Program Files \Symantec\Symantec Endpoint Protection Manager\tomcat\etc

copy the server.xml  to  Program Files \Symantec\Symantec Endpoint Protection Manager\tomcat\conf

Then reconfigure the SEPM

 

Always keep a regular backup of your database and server.xml& keystore.jks files in safe place .

Thanks to everyone for their advise. Very helpful.