Video Screencast Help

Upgrade SEP 11.x to 12.1 Pre-upgrade tasks

Created: 29 Oct 2012 • Updated: 30 Oct 2012 | 10 comments
This issue has been solved. See solution.

We are about to upgrade from SEP11.x to SEP 12.1 and the upgrade will install on top of the 11.x server(stay on the same VM).  I have gone over the requirements for this and I had a question.  

1. Do I need to disable secure communications between the server and clients before doing anything?  Or is that only a task when migrating from another Symantec product?   If I need to do this, do the clients automatically start communication again once the setting is changed back(before I create and deploy new clients)?  

I just wanted to make sure becuse it was not listed in the tasks list when installing the server but only after that in a section for migrating a management server. 

Also, do I need to configure the policies before the client upgrade to turn off Liveupdate, scheduled scans or anything else?  Thanks in advance.

 

Comments 10 CommentsJump to latest comment

Ashish-Sharma's picture

hi,

You can check this artical and follow steps

Upgrading or migrating to Symantec Endpoint Protection 12.1

http://www.symantec.com/business/support/index?page=content&id=TECH163602

Symantec Endpoint Protection 11.x: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager

http://www.symantec.com/business/support/index?page=content&id=TECH102333

SEP 11.x to SEP 12.1 Upgrade process graphical overview

http://www.symantec.com/connect/articles/sep-11x-sep-121-upgrade-process-graphical-overview

 

Check this thread

https://www-secure.symantec.com/connect/forums/symantec-endpoint-protection-manger-upgrade

Thanks In Advance

Ashish Sharma

 

 

pete_4u2002's picture

 Do I need to disable secure communications between the server and clients before doing anything?  Or is that only a task when migrating from another Symantec product?   If I need to do this, do the clients automatically start communication again once the setting is changed back(before I create and deploy new clients)?  

no need, since you are not changing the certificates.

Also, do I need to configure the policies before the client upgrade to turn off Liveupdate, scheduled scans or anything else?  Thanks in advance

yes, it is recommended to stop the scan and disable LU before upgrade.It is there in implementation guide.

Mithun Sanghavi's picture

Hello,

Yes, you would have to Disable secure communication between server and clients.

If your clients and server use the secure communication option, you must disable this option before migration or upgrade. You issue a policy to the clients to make this change.

Note: After the migration or upgrade, you issue another policy to enable secure communication.

See Configuring secure communications to prevent clients from being orphaned.

Check these Articles which would provide all your answers step by step: 

Migrating a management server

http://www.symantec.com/docs/HOWTO55378

Upgrading or migrating to Symantec Endpoint Protection 12.1

http://www.symantec.com/docs/TECH163602

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
David.H's picture

Ok, one of you said no, I do not need to disable secure comms and the other one said yes.  Which one is correct????

Can someone describe to me the process of the installation to require this?  Is there a new cert created with the upgrade that replaces the one that is currently there causing the clients to fail to communicate?  Or is the same one used after the upgrade?  If the same one is used then I don't see any reason to disable it.  

I just want to know the specifics, sorry if I am being a nuisance. 

As far as the rest of the things that people have posted, thanks and I have read over most of the documents and I think all I have left to prepare for is the disaster recovery and to read over the known issues. 

_Brian's picture

Yes, you need to disable prior to migration, than you can re-enable after migration is finished:

https://www.symantec.com/business/support/index?pa...

David.H's picture

Ok, tow more question and I will be out of your hair.  

The drive where 11.x is installed now is at 9GB free space and the embedded database is at over 2GB.  I will back that up to another machine before I upgrade.  I know that the installation requires 4-5 GB so how much more should I consider for the database?  Will it grow even more from the over 2GB that it is now?  

If any machine is not on during the upgrade and does not recevie the policy to disable secure communications, is the only way to upgrade them to manually uninstall through Programs and Features and then to manually install the 12.1 client?  

It is on a VM so I may can get some more space for it or we may end up moving it to a different VM. 

Mithun Sanghavi's picture

Hello,

Are you moving the SEPM server to a VM machine? If yes, check this Article:

How to move the Symantec Endpoint Protection Manager server to a new VM or server machine with a different IP.

http://www.symantec.com/docs/TECH95311

Secondly, The Database size grows as per the number of clients reporting to the SEPM, logs / content kept and other factors.

I would suggest you to check these Article:

Disk Space Management procedures for the Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH96214

Symantec Endpoint Protection (SEP) Sizing and Scalability recommendations

http://www.symantec.com/docs/TECH123242

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

David.H's picture

Not moving.  Our current version is already on a VM and I am just upgrading it. I have read over the disk management doc already and I think we were already within the range to keep down on space taken up by the SEP server manager.  

What about the clients that are turned off when I disable secure communications?  That was the second question in my previous post. 

Thanks for all of your information.  You have been of great help. 

sandra.g's picture

Hate to jump in here late in the game, but: if you have not yet disabled secure communications, it is actually NOT needed. In preparing documentation for 12.1.2, this was deemed incorrect and the reference was removed for the Installation and Administration Guide (which is replacing the Implementation Guide in 12.1.2). I don't have an external, web-published KB link that I can point you to, unfortunately, except to the Installation and Administration Guide. The section that previously referred to this has been renamed "Upgrading a Management Server".

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help