Endpoint Protection

Hey guys,

What's the best approch for this? We need to migrate our SEPM to a new server bu we can' reuse the same IP address, how can we do this? Also we are using SQL Server for the database but we're not going to move it.

Thank you,

The scenario's are explained here:

https://www.symantec.com/connect/articles/how-move-sepm-one-server-another-server

Hi Brian,

I have a question about this

2.Follow disaster recovery method & Create a new MSL.as per following

1. Follow "Best Practices for Disaster Recovery with Symantec Endpoint Protection" (see Related Articles below) to backup and reinstall SEPM on MACHINE_2
2. Log in to the old SEPM on MACHINE_1
3. Click Policies > Policy Components > Management Server Lists > Add Management Server List
4. Click Add> Priority and a new Priority would get added named as "Priority2"
5. Add MACHINE_1 under Priority 2 and add MACHINE_2 under Priority 1, and assign this New Management Server List to all the groups.
6. Clients will then move from old SEPM to new one gradually
7. Stop the "Symantec Endpoint Protection Manager" and "Symantec Embedded Database" service on MACHINE_1 to verify whether all client now report to the new SEPM on MACHINE_2
8. Once verified that all the clients are reporting into the new SEPM, and have moved away from the old one, proceed to the next step.
9. Uninstall SEPM from MACHINE_1

in the step 1. does this mean that the recovery file from the original SEPM will work even if the new SEPM uses new IP address and hostname?

Thank you,

yes, installing backup and using the existing certificate of machine 1 on machine 2 will have settings for the clients to communicate to new SEPM with new IP adress. However MSL is must on the old SEPM for clients to inform to contact SEPM2.

Yes, but you have to ensure that you have created the new MSL on your old SEPM server before hand so that the clients will start to register itself to the new SEPM once its up.

Once my new MSL includes the new IP address and hostname of the new server, will it cause problem if the new server is not yet configured to be an SEPM server? or would it just search the older SEPM?

you would be configuring MSL in such a way that new SEPM IP/ostname as first priority and old SEPM as second priority. If the new SEPM is not available, client will check the second priority and communicate with old SEPM.

Hey guys, our current SEPM server uses SQL server, which means I can't keep both SEPM online.

What I'm thinking is once the new MSL is already applied to all the clients, I will shutdown the old SEPM server then do a backup and restore on the new SEPM server. Is this possible, will it work the same way?

 We don't want to use replication to migrate as we might need the replication in the future.

yeah, you can do it. However it's safe to keep old SEPM up until all the clients move to the new SEPM.

Can we do that even if the old SEPM is using SQL DB? I thought that if the new SEPM will use the SQL DB, I should turn the old SEPM off?

you mean both the SEPM uses same SQL server. in that case you need to have two instances of SEPM DB.

if you just want the old SEPM off, you can do that only after making sure all the clients have got a new MSL policy ( having new SEPM in priority 1).

Alright, I'll get back to you guys after I tried it within this week. Thank you.

Hey guys, we did the load balanceing approach as advised by the Symantec Support. Thank you so much for the help. As usual, really friendly forum dudes.