Endpoint Protection

Hi All, 

Looking for a little information here. I have a customer that is using SEPM 12.1.4013.4013, They requested an upgrade to 12.1.6 due to the release of Windows 10, easy enough I thought. However this has been giving me headaches for the past few days. We encountered issues with the current version when trying to do the upgrade. First thing we did was backup the current database which ran fine, and created a backup with no issues. I stopped all the Symantec services and began the process of upgrading. This is where the issues presented themselfs, first the server would not let the install run as it required a reboot to finish system changes. Once the server rebooted the services seemed to be running with no issues. I stopped the services again and started the install of 12.1.6 and got the same message about requiring a reboot of the server. I did not want to reboot the server due to this being their AD/DC server and during business hours. I did a little digging and found a tool that was suppose to help resolve the reboot request issue. However, I attempted to restart the services before downloading the tool so there would be no issues on the clients protection. This is where things went haywire, the SEPM service would start and then stop with no rhyme or reason, and the embedded database service would not start at all. After exausting all the steps I could find in the forums to resolve this, i spoke with the customer about the issues we were experiencing. He stated that this had been an issue in the past but if it was possible he would like the SEPM moved to their new server. So here is where I need some advice. We installed 12.1.6 on the new server and all services are running, however we need procedures to migrate the policies over to the new server, and connect the client machines to the new server. However at this point on the old server we can not get the management console to run to backup and migrate the policies. Does anyone know of a way that we can get these policies from the old server even though we can not access any SEPM tools or consle? Any help on this would be greatly apreciated as I do not want to have to rebuild the policies. I also have opened a case with Symantec but have not had any responce from them since the case was opened. I have chatted with them a couple of times and they stated they would re-dispatch the ticket and then i never hear from them afterwards. Im gettting frustrated with their support so I figured I would reach out on the forums and see what could be found. Any help or procedures to do this would be most appreciated. Thanks.   

You can export the policies from old SEPM and import to the new one but you need access. How many do you have currently? What error is coming up?

If you have a DB backup of the old SEPM and its disaster recovery file, you should be able to restore the old SEPM on a new machine. However, you should install SEP 12.1.4 on the new SEPM as it's probable that your DB backups are 12.1.4 backups as well. Follow the disaster recovery steps:

Disaster recovery best practices for Symantec Endpoint Protection 12.1

If your new SEPM has identical IP address and hostname, the SEP clients should discover it. However, if that's not the case, you have to distribute the communication settings to the clients through the Client Deployment Wizard:

How to deploy/update communication settings from your SEPM to your SEP clients machines with SEP 12.1 RU2 or newer

As a last step, upgrade the new SEPM to 12.1.6 MP1a.

All the policy settings are in the DB, so restoring is essential. If you do not have a DB backup, you need access to the old SEPM to export all the policies, or to create a new backup.

To get the policies copied: We can get the policies out of the backup made before the upgrade by following the steps below. Just to mention, we will not do a disaster recovery.

1) Install SEPM (preferably 12.1.4) on a temp machine (even windows XP or 7 would do) with a fresh database and complete the instsllation and the management server configuration wizard.

2) Once the installation is complete, restore the database backup made from the OLD-SEPM in to this TEMP-SEPM. Remember that you will have to create the folder "<SEPM-install-folder>\data\backup" and paste the backup file in to that folder and stop the SEPM service (NOT the embedded database service) and then perform a restore using the Backup/Restore wizard. You will need to run the "Management server configuration wizard" once after restoring the backup (Hope you remember the database password).

3) Once the above step is done, you can login to the TEMP-SEPM using the the credentials of the OLD-SEPM and export all the policies out of it, which can then be imported in to the NEW-SEPM.

To get the clients moved: The best way to get the client moved at this point would be by pushing the communication update package from the NEW-SEPM to the clients. You can even get the clients list from the TEMP-SEPM.

As everyone asked, do you old SEPM database backup?

By default it will be stored at Drive:\\Program Files\Symantec\Symantec Endpoint Protection Manager\data\backup

If backup isn't available then there isn't any way to recover policies.

I would suggest to troubleshoot SEPM login issue & if possible pass on scm-server-0.log and catalina.out file present under tomcat\logs folder.

After successfully login export the SEPM policies, database & then plan to move SEPM on another machine.

Thanks Everyone, 

Everything is up and working now with all the clients connected to the new server. I appreciate the feed back 

Yes the first thing i did was back up the Database. Everything is up and running now after restoring the DB and recovery files from the old server. Thanks for the feedback!