Endpoint Protection

 View Only

  • 1.  Moving managed clients to another site

    Posted Aug 07, 2015 10:18 AM

    Hi,

    We are running into an issue that we want to consolidate multiple standalone sites to one big site and starting to use multiple gup's.

    After quite some searching the best option looks to be the 'Communication Update Package Deployment' and disabling Tamper Protection. I ran the wizzard with the necesarry password, which is the same on all standalone sites and saving this package.

    Running the SylinkDrop.exe on the client there are no errors and by the looks of the debug just did his thing like it should. But ... this is not the case, the client still connects to the old site and not the new one.

    We are running with 12.1.6 and planning to upgrade to MP1a soon.

    Any suggestions what we could try?



  • 2.  RE: Moving managed clients to another site

    Posted Aug 07, 2015 10:21 AM
      |   view attached

    Here I got a debug log from one of the clients which we are testing on.

    Attachment(s)

    txt
    debug_28.txt   63 KB 1 version


  • 3.  RE: Moving managed clients to another site

    Posted Aug 07, 2015 11:56 AM

    Have you tried manually deleting the sylink.xml and sylink.bak files on the computer?



  • 4.  RE: Moving managed clients to another site

    Posted Aug 07, 2015 01:09 PM

    Make sure that the secars test results in "OK" on an affected client (that you are trying to move). This can done by opening the following link on an affected client. The resulting page should say "OK".

    http://<SEPM_Server_IP>:8014/secars/secars.dll?hello,secars

    If the above test passes, then try manually copying the following files (after disabling tamper protection and stopping the smc service) on the affected computer with the same files from a computer that is already reporting to the desired SEPM.

    File location: C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config

    SyLink.xml

    SyLink.bak

    SyLinkEx.bak



  • 5.  RE: Moving managed clients to another site

    Posted Aug 07, 2015 02:30 PM
    I did the secars test to the new SEPM server and that worked, haven't tested the manual replacing of the sylink file, including removing of the bak files. I did try with a manual import of the sylink.xml through the GUI and that worked perfect, but that is not really a solutions for 5000 clients... Will try the manual replacement on monday, hopefully that works, then to find a way through loginscript or something... Anybody has had a working SylinkDrop btw?


  • 6.  RE: Moving managed clients to another site

    Posted Aug 07, 2015 02:34 PM

    Has always worked fine for me. Just make sure you're using the one that came with the SEP install, located under:

    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\<version>\Bin



  • 7.  RE: Moving managed clients to another site

    Posted Aug 07, 2015 03:10 PM

    For testing, disable both Tamper Protection and SEP client password on a test client via SEPM (to which the client is currently reporting to) and wait for the policy to be updated on the client and then deploy the communication update package from the other SEPM (to which the client is to be moved to).



  • 8.  RE: Moving managed clients to another site

    Posted Aug 08, 2015 05:55 AM

    Another possibility is to use the (unsupported) MoveClient.vbs tool, which can be found in the Tools folder of the SEP ISO file. It's also capable of moving clients into other domains (never tried it, though).

    There is a rather comprehensive documentation. I think that it may be the best solution for a bulk movement.



  • 9.  RE: Moving managed clients to another site

    Posted Aug 12, 2015 04:18 AM

    Without a password on 'Require a password to stop de client service' it works, the uninstall password is still set.

    Used the SepCommunicationUpdater from a command line, will try it with an group policy now.