Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Upgrading SEP RU6 MP2 to SEP 12.1

Created: 09 Apr 2012 | 7 comments

Dear All,

We have 15 SEPM (RU6-MP2) accross india and minimum 250 and maximum 4300 clients on each SEPM.(Total 15k clients)

Now we are planning for centralized with DR. I have an Idea for which I need your suggestion to help me.

Our planning is to put SEPM01 in Mumbai and SEPM02 in Chennai for DR (we have huge amount of bandwidt between this two locations).

Following's are my consideration which I am planning to start:

1. Installation of SEPM 12.1 RU1 in new high end server (on virtual) with SQL on different server (On Physical).

2. Configuration of policies and settings.

3. Replace sylink file or re-deployement of new package of SEP 12.1.

4. Installation of SEPM at DR site and cofigurig installing Additional Sites.

Above are the points am planning to perform during upgradation.

I also wanted to know what If anyone bymistakely deployed policies which impact our business, so in that case does we have anything to revert. Because recently some of our technician deployed device blocking policies which blocked Network, Keyboard and mouse and even we unable to use keyboard mouse in SafeMode for which we need to remove SEP to resolve that issue.

And also you can share your recomendations as per our architection.

Waiting your suggestions.

Thanks in Adv.



Comments 7 CommentsJump to latest comment

pete_4u2002's picture

4. Installation of SEPM at DR site and cofigurig installing Additional Sites.

do you mean replication?

SEP TECH's picture

Yes replication....

Thanks and Regards,


SEP TECH's picture

Thanks but what about the query I have asked for policies get deployed b--mistaken?

Thanks and Regards,


Ariv's picture

If you mistakenly configured the policies then you can undo the changes on the particular policy and update the policy on the client or wait for the check-in interval to automatically get updated.

Sayan's picture

Please follow the detail documentaion for migration


These instructions apply to Enterprise and Small Business Editions, except where differences are noted. Some steps may be somewhat abbreviated. For more details at any point, please see the product implementation guides: Symantec Endpoint Protection Implementation Guide or Symantec Endpoint Protection Small Business Edition Implementation Guide.

The steps, in order, of upgrading and migrating to Symantec Endpoint Protection 12.1:

• Review Requirements and Supported Migration Paths
• Prepare Symantec Client Security or Symantec Antivirus for migration
• Upgrade the Symantec Endpoint Protection Manager
• Manage product licenses
• Upgrade client software
See also Planning for Migration to Symantec Endpoint Protection Manager 12.1

■ Review Requirements and Supported Migration Paths

Symantec Endpoint Protection 12.1 System Requirements

Migration detects and migrates installations of the following Symantec legacy virus protection software:

• Symantec Antivirus Corporate Edition 9.x and 10.x.
• Symantec Client Security 2.x and 3.x
• Symantec Endpoint Protection Small Business Edition 12.0
• Symantec Endpoint Protection 11.x *
• Symantec Sygate Enterprise Protection *
• Symantec Antivirus for Mac *

* Legacy products marked with asterisk cannot be migrated to Small Business Edition. Also, you may migrate from a Small Business Edition to Enterprise version, but not the reverse.

NOTE: Migration of Symantec Endpoint Protection Manager 11 RU7 to 12.1 will not be supported until 12.1 RU1 (Client upgrades are OK).

You may skip migration of legacy products as follows: Uninstall the legacy software from your computers. During Symantec Endpoint Protection Manager installation, cancel the migration option. After initial product installation, use Symantec Endpoint Protection Manager to adjust the group settings and policy settings, then deploy the Symantec Endpoint Protection client to the unprotected legacy computers.

■ Prepare Symantec Client Security or Symantec AntiVirus for migration

1.     Prepare Symantec Client Security or Symantec AntiVirus for migration: Disable scheduled scans, disable LiveUpdate, turn off Tamper Protection, turn off Roaming, Unlock server groups, and uninstall/delete Reporting servers.

2.     Migrate legacy group and policy settings using the Migration Wizard into an existing Symantec Endpoint Protection Manager (Start menu->Symantec Endpoint Protection Manager->Symantec Endpoint Protection Manager Tools->Migration Wizard).

3.     Verify migrated data.

4.     Import legacy license.

5.     Upgrade the Endpoint Protection Manager (if necessary), then deploy Endpoint Protection to legacy clients (see sections below).

■ Upgrade the Symantec Endpoint Protection Manager

1.     Back up the database.

2.     Turn off replication.

3.     If you have Symantec Network Access Control installed, enable local authentication.

4.     Disable secure communication between server and clients, or enable alternate communication via insecure HTTP ports. When/if the certificate changes on the server, clients exclusively using HTTPS will no longer communicate. See Symantec Endpoint Protection 11.x: How to Change the ports used for communication between the Manager and clients.

5.     Stop the Symantec Endpoint Protection Manager service on every management server in your site. After you upgrade, the service starts automatically. WARNING: If you do not stop the Symantec Endpoint Protection Manager service before you upgrade the server, you risk corrupting your existing Symantec Endpoint Protection database. NOTE: When you stop the management server service, clients can no longer connect to it. If clients are required to communicate with the management server to connect to the network, they are denied access until the management server service is restarted.

6.     Upgrade the Symantec Endpoint Protection Manager software. You must migrate all management servers before you migrate any clients. You are not required to restart the computer after migration, but you may notice performance improvements if you do. To migrate Symantec Sygate Enterprise Protection servers that use Host Integrity Policies or Enforcer protection, install the management server for Symantec Endpoint Protection first. Then, you repeat the installation procedure and install the management server for Symantec Network Access Control to gain access to the Host Integrity and Enforcer functionality.

7.     Turn on replication after all Managers are upgraded.

■ Manage product licenses

Symantec Endpoint Protection 12.1 is licensed according to the number of Endpoint Protection clients that are needed to protect the endpoints at your site. Once the Symantec Endpoint Protection Manager is installed, you may immediately deploy clients. New Manager installations come with a trial license: you have 60 days to purchase and activate a license that covers all of your deployed clients. When migrating from an older version of Symantec Endpoint Protection (versions 11.x or 12.0), you start with an upgrade license that expires in 241 days. Note: Small Business Edition comes with a 30-day trial license, whether it is an upgrade or new installation.

1.     In the Symantec Endpoint Protection Manager console, click Admin, and then click Licenses.

2.     Under Tasks, click Activate license.

3.     Follow the instructions in the License Activation Wizard to complete the activation process.

■ Upgrade client software

NOTE: Clients that are Group Update Providers must be upgraded first (Group Update Providers are not a feature of Small Business Edition).

Review applicable steps in Steps to prepare computers to install Symantec Endpoint Protection 12.1 client, and choose from available methods to upgrade clients to Endpoint Protection 12.1:

AutoUpgrade*--assign client packages to groups in the Manager console, either manually or by using the Upgrade Groups Wizard.

• Permit product updates in LiveUpdate Settings policy for a client group in the Manager console.*

• Local installation from product disc.

• Run the Client Deployment Wizard from the Manager console. It will walk you through the creation of a client package that can be deployed via a weblink and email, remote push, or saved for later local installation or deployment using third-party tools.

* Methods marked with an asterisk are not available in Small Business Edition.

SEP TECH's picture

Hi Sayan,

Please note as I mentioned above that we are installing SEPM 12.1 on newly server so server upgrade path will not cover in this.

Hi Ariv,

Please read carefully as I  mentioned above that network is already blocked by policy which deployed bi-mistake, then how can we undo the changes?

Thanks and Regards,