Endpoint Encryption

 View Only
Expand all | Collapse all

Update sever location on symantec endpoint encryption management agent

  • 1.  Update sever location on symantec endpoint encryption management agent

    Posted Jun 24, 2015 03:35 PM

    Is there a way to update the server location on the agent without decrypting the drive (Which take about 5 hours)?  The reason why I asked was I originally created the agent installation package with https connection on it, but I changed to http connection later.  I try to run the new agent installation on it, it said the specified user already exist.  Then, I try to uninstall the agent, it said I can't uninstall the agent because the drive is encrypted.  btw, the client machine can not check in with the server right now.



  • 2.  RE: Update sever location on symantec endpoint encryption management agent

    Posted Jun 24, 2015 04:07 PM

    Dear James,

     

    I understand you are having some trouble re-installing the management agent on Endpoint Encryption. The management agent was previously known as the "Framework Client". Normally, it will only let you perform an over-the-top install if you are upgrading to a newer version of the management agent client.

    However, you can use the following command to force a "re-instal" which will replace the management agent.

    I will include the source article below as well. Again, you will be doing this for the "Management Agent" rather than the "Framework client".

    [path]\SEE Framework Client.msi" REINSTALL="ALL" REINSTALLMODE="vomus" where [path] is the actual path on the client computer where the package was copied to.

    Source : Instructions for upgrading/reinstalling an Symantec Endpoint Encryption - Full Disk (SEE-FD) and / or Removable Storage (SEE-RS) client using a command line -  http://www.symantec.com/docs/TECH104199

     

    Best regards,

    Phil



  • 3.  RE: Update sever location on symantec endpoint encryption management agent

    Posted Jun 25, 2015 11:42 AM

    I got the same error message when I ran ur command "specified user already exist", then it terminate the install.



  • 4.  RE: Update sever location on symantec endpoint encryption management agent

    Posted Jun 25, 2015 01:08 PM

    Interesting... 

    Make sure you are running these commands from an administrator command prompt. (R click, run as administrator)

    What version of Endpoint Encryption are you running?



  • 5.  RE: Update sever location on symantec endpoint encryption management agent

    Posted Jun 25, 2015 01:49 PM

    Yes, I tried with administrator command prompt, I still get the same error.  I have endpoint ecnryption 11.0.1.



  • 6.  RE: Update sever location on symantec endpoint encryption management agent

    Posted Jul 01, 2015 04:14 PM

    I contacted endpoint encryption support and was told the solution you provided only work on the older version.   There is currently no solution for my problem right now.  I will have to decrypt the whole drive to update the commication. The option suppose to be available in the gpo to allow you to change from http to https or vice versa but it is not.  The support told me they may realse this fix on the next oct big fix, but no gurantee. I hope they do fix it. 



  • 7.  RE: Update sever location on symantec endpoint encryption management agent
    Best Answer

    Posted Jul 02, 2015 11:55 AM

    Greetings,

    The registry settings on the machines could be changed on all the machines using the Script .

    This script would write the following changes to the Encryption anywhere Key structure.

    When you hightlight the Client Database under the Framework hive, you would need to edit the change in the SERVER LOCATION.

    This would be post you making changes in the SEEMS CONFIGURATION MANAGER.  ( from HTTPS to HTTP )

    Do let me know if this helps



  • 8.  RE: Update sever location on symantec endpoint encryption management agent

    Posted Jul 06, 2015 12:07 PM

    Hi CipherGuy,

     

    Where can I find the script?  I did not see a script on your post.



  • 9.  RE: Update sever location on symantec endpoint encryption management agent
    Best Answer

    Posted Jul 06, 2015 03:05 PM

    Greetings,

    I have had one of my users create a script to do the same. Which wasnt shared with us. However i would try

    and look up for you and see if am able to get one.

    Please note the Appropriate permissions needs to be provided in order for you to be able to edit the registry settings.



  • 10.  RE: Update sever location on symantec endpoint encryption management agent

    Posted Jul 06, 2015 03:57 PM

    Ok, per symantec

     

    Browse: HKLM\Software\Encryption Anywhere\Framework\Client Database.

     

    There is a key called 'Server Location' in Client Database.

     

    If the Framework permissions are in place, you shall be able to Edit this key.

    - Right Click Framework, Give 'Everyone' -> Full Control and click on 'Advanced' - Put a check mark on "Replace All Child Permissions with inheritable permissions from this object". Apply - Apply.

    - Also you can check the Owner tab once you click on 'Advanced', Make 'Administrators' as the Current owner and put a check mark on "Replace owner on Sub-containers and objects" - Apply - Apply.

    - In order to get these permissions in place, the best is to use Domain Admin account to login to the HTTP client machine.

     

    Once you are able to view the content of Client Database, Edit the Key 'Server Location' to keep the Path same as the new HTTPS connection, that would look like https://<FQDN of Server:443/GEcommunication.asmx . The best is to resemble the link from a Working HTTPS machine and make sure you fill up the same information in the Server Location of HTTP machine.