Endpoint Protection

We are moving three SEPM servers which replicate with each other to a new physical location.  Server name will stay the same, stay in the same domain and just the ESX VM of the servers will physically move to a new host.

During the move the server will require a new IP for each of the three.

Clients are set to contact the SEPM using the default server generated list which includes in this order the IP, NetBIOS name, FQDN from the original install.

1. Will the servers auto update everything including the client IP in the default server list to communicate after the move?  I understand the clients will fall back to the server names if the IP is not valid.  I assume it will then update it s local settings to the new IP.

2. Do we need to stop replication before changing the IP?  Currently set to use the server NetBIOS name to contact each other and not the IP.

3. Any other gotcha's like certificates and such?

Again ony the three SEPM IP's are changing.

Thanks in advance.

Yes, you need will need to break replication, make the changes, then you can setup replication again:

Move Endpoint Protection Manager to another server

How to move the Symantec Endpoint Protection Manager server to a new VM or server machine with a different IP.

Overview of how to move the Symantec Endpoint Protection Manager from one machine to another

You just need to make sure you have the MSL correctly configured as this will tell clients on which one to go to.

install a New SEPM in the new physical location, let that be 4th replication parter( New IP) of existing 3 SEPM.

Let it replicate, once thats done, follow the same method for remaining 2, 

Make sure you apply the MSL appropriately..

Break the Replication & Move them all

Refer : http://www.symantec.com/docs/TECH199292

MSL plays the vital role here. For safety purpose, You could take backup server private key back up..

Please read the question.  Only the IP is changing.

We are just moving the VM file itself containing the OS to a new datacenter which will require a new IP as it is in a different physical site and subnet.  It is not a new VM, No new hosts and we are not moving the SEPM from one machine to another.

The responses do not apply in my scenario.

Let me word it this way.

Three SEPM's replicating.  Change IP on each - issues?

Thanks again.

Changing the IP would still affect comms. In this case you can create a copy of your current MSL and add the new IPs so the clients know where to go when the old IPs are not accessible:

https://www-secure.symantec.com/connect/forums/recommended-procedure-sepm-manager-ip-address-change#comment-1712391

Before Moving to new IPs, Add the IPs to the existing MSL so the clients could know.  That would be enough.

Thanks Raffeq.  I will try to get the IP's ahead of the move and populate the MSL's if I can.  Looking at doing this procedure right now.   Maybe none of it is required except a good backup since the replication uses the host name and not the IP to communicate..

• Create new MSL and add the new IP's to the MSL.  Apply it. (like that idea)
• Backup the DB on all three just before the move. (doing for sure)
• Remove replication partnerships.
• Move the physical VM's to the new site one by one.
• After move the three VM's they will need to be rebooted with new IP's.
• If all is good enable replication between them again.

I have not seen a good article about only changing the IP when replication partners are involved.  I am thinking to be on the safe side I should disable replication, change the IP per server and establish it again later.

Thanks for the MSL note.

To be honest even I searched for that document, haven't seen a single one so far :)