Endpoint Protection

 View Only

  • 1.  SEPM Migration to new Servers without Pushing sylink file or communication update package

    Posted Nov 20, 2015 08:54 AM

    Hello all , my this forum post is in continuation of this

     

    https://www-secure.symantec.com/connect/forums/management-server-list-only-sql-db-or-replication-partners

     

    I need to move SEPM from old physical server to new virtual server without touching the clients I mean we cannot deploy sylink.xml to clients to point them to new server or deploy a communication update package from the new server to clients. We also cant add the new virtual server as the replication partner becuase we intend to decomission the old server once the things are up and running becuase if we do this we wont be able to use the new server as replication partners for others.

     

    I used MSL on the old server to point clients to the new server but for some reasons clients werent showing in the new SEPM console though they were trying to connect to the new server.

    Please share with me how can I acheive this ?

     

    Regards

     



  • 2.  RE: SEPM Migration to new Servers without Pushing sylink file or communication update package

    Posted Nov 20, 2015 09:12 AM

    Did you follow DR procedures??

    If you have a database backup to restore

    To perform disaster recovery, follow these steps in sequential order:

    1. If you had a hardware failure, restore the server hardware using the IP address and host name from SEPBackup.txt (from Step 3).
    2. Reinstall SEPM using a disaster recovery file (from Step 2). When the Management Server Configuration Wizard runs, choose Custom configuration(Not present on Small Business) and Use a recovery file.

      Note: For Small Business Edition, if the folder does not exist, create the following folder and place only one recovery file there before installation.(File obtained on Step 2)

      <Install drive>\<Install folder>\Server Private Key Backup

      For example: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Server Private Key Backup)
       
    3. Stop the following services:
      • Symantec Endpoint Protection Manager
      • Symantec Endpoint Protection Manager Webserver
    4. Restore the database:
      1. Click Start > Programs > Symantec Endpoint Protection Manager > Database Backup and Restore.
      2. Click Restore.
      3. Follow the on-screen steps to restore the database.

    Note: Use the recovery file during the configuration of a new installation. If you use the recovery file to re-configure an existing installation, the SEPM certificate can be restored. However, the existing default domain ID will not change unless you restore a database backup.

    Also, if you choose to configure SEPM as a replication partner, the default domain ID in the recovery file will be ignored and SEPM will use the domain ID(s) in the database of its replication partner.



  • 3.  RE: SEPM Migration to new Servers without Pushing sylink file or communication update package

    Posted Nov 20, 2015 09:24 AM

    please try using the recovery file in the new SEPM it should work for you.



  • 4.  RE: SEPM Migration to new Servers without Pushing sylink file or communication update package

    Posted Nov 20, 2015 09:43 AM

    Create a new SEPM with same name and IP ( do not connec to network, it would say a duplicate name already exists)

    make a note of all the keys

    Install SEPM, Restore the DB & keys, 

    Shutdown the Existing SEPM on Weekends ( as per change management)

    all the clients would failover to new SEPM. It would still be your Primary.

    i'm sure there might be few who could not change over like laptops, those will come online whenever on network 

     



  • 5.  RE: SEPM Migration to new Servers without Pushing sylink file or communication update package

    Posted Nov 20, 2015 09:53 AM

     

    Hello guys , thanks for your reply. I was able to move clients from the old SEPM to new server ( While doing the fresh installation of the new server I used the recovery file of the old SEPM).

    but clients are not showing in the default group of new server. Do I have to restore the backup from old server to the new server so that clients will show in the correct group on the new server without corresponding policies ?

    Please note that we cannot move all clients at the same time we are doing it on group at a time via the MSL on the old server.

    Do you suggest that I restore the backup from old server to new one ?  I hope there wont be any duplication or it will overwrite the settings . It is fine with us even if it overwrites the settings on the new server  becuase it is new installation  as we are moving groups in phases via MSL .  Both SEPM new and old will be activated and online at the same time.

     



  • 6.  RE: SEPM Migration to new Servers without Pushing sylink file or communication update package

    Posted Nov 20, 2015 09:56 AM

    Yes you need to restore the DB.



  • 7.  RE: SEPM Migration to new Servers without Pushing sylink file or communication update package
    Best Answer

    Posted Nov 20, 2015 12:02 PM

    you can either restore your DB to get the group structure. If that is out of option, edit your conf.properties at the line "scm.agent.groupcreation=false", change it to true so that the client will create the exact group structure as existing SEPM.