Endpoint Protection

I'm in the process of backing up the disaster recovery information for an SEPM server with an external SQL Server database -- a little belatedly.  Everything has been going fine until I got to the part about copying the database encryption password to the backup.txt file.  I don't have this written down (though I think I know the passphrase I would have used); the discussion about recovering these passwords (https://www-secure.symantec.com/connect/forums/encryption-password-0) seems to apply to embedded Symantec databases, not to our situation.

Can anybody clarify?  Is there an encryption password for SQL Server databases?  If not, is there some other information I should be backing up to allow restoration of communications with the database, in case of disaster?

You also need to back up the domain id  server.xml file, keystorke.jks

About the disaster recovery process
The disaster recovery process requires you to sequentially complete the following procedures:
Restore the Symantec Endpoint Protection Manager.
Restore the server certificate.
Restore client communications.
Note: How you restore client communications depends on whether or not you have access to a database backup.
 
 
Restoring the Symantec Endpoint Protection Manager
If you have a disaster, recover the files that were secured after initial installation.  Then open the Backup.txt file that contains the passwords, domain IDs, and so
forth.
 
About identifying the new or the rebuilt computer
If you had a catastrophic hardware failure, you may need to rebuild the computer.  If you rebuild the computer, you must assign it the original IP address and host
name.  This information should be in the Backup.txt file.
 
Reinstalling the Symantec Endpoint Protection Manager
The key task to perform when you reinstall the Symantec Endpoint Protection Manager is to type the same encryption password you specified during installation
of Symantec Endpoint Protection Manager on the server that failed. You should also use the same settings that you used for other options during the previous
installation, such as Web site creation, database type, and password used for the admin user account.
 
 
Restoring the server certificate
The server certificate is a Java keystore that contains the public certificate and the private-public key pairs. You must enter the password that is contained in the
Backup.txt file. This password is also in the original server_timestamp.xml file.
 
To restore the server certificate
Log on to the Console, and then click Admin.
In the Admin pane, under Tasks, click Servers.
Under View Servers, expand Local Site, and then click the computer name that identifies the local site.
Under Tasks, click Manage Server Certificate.
In the "Welcome" panel, click Next.
In the Manage Server Certificate panel, check Update the Server Certificate and click Next.
Under "Select the type of certificate to import", check JKS keystore and click Next.
Note: If you have implemented one of the other certificate types, select that type.
 
In the "JKS Keystore" panel, click Browse, locate and select your backed up as "keystore_<timestamp>.jks" keystore file, and then click OK.
Open your disaster recovery text file and then select and copy the keystore password.
Activate the "JKS Keystore" dialog box and then paste the keystore password into the "Keystore" and "Key" boxes.
Note: The only supported paste mechanism is Ctrl + V.
 
Click Next.
Note: If you get an error message that says you have an invalid keystore file, it is likely you entered invalid passwords.  Retry the password copy and paste process as described above.
 
 
In the "Complete" panel, click Finish.
Log off of the Console.
Click Start>Settings>Control Panel>Administrative Tools>Services.
In the "Services" window, right-click Symantec Endpoint Protection Manager and click Stop.
Note: Do not close the Services window until you are finished with disaster recovery and establish client communications.
 
Right-click Symantec Endpoint Protection Manager and click Start.
Note: By stopping and starting Symantec Endpoint Protection Manager, you fully restore the certificate.
 
 
 
Restoring client communications
If you have access to a database backup, you can restore this database and then resume client communications.  The advantage to restoring with a database backup
is that your clients reappear in their groups and they are subject to the original policies.  If you do not have access to a database backup, you can still recover
communications with your clients, but they appear in the "Temporary group."  Then you can recreate your group and your policy structure.
 
 
Restoring client communications with a database backup
You cannot restore a database on a computer that runs an active Symantec Endpoint Protection Manager service.   You must stop and start it a few times.
 
 
To restore client communications with a database backup
If you closed the Services window, click Start>Settings>Control Panel>Administrative Tools>Services.
In the Services window, right-click Symantec Endpoint Protection Manager, and then click Stop.
Note: Do not close the Services window until you are finished with this procedure.
 
Create the following directory:
\\Program Files\Symantec\Symantec Endpoint Protection Manager\data\backup
 
 
Copy your database backup file to the directory.
Note: By default, the database backup file is named date_timestamp.zip.
 
Click Start>Programs>Symantec Endpoint Protection Manager>Database Back Up and Restore.
In the Database Back Up and Restore dialog box, click Restore.
In the Restore Site dialog box, select the backup file that you copied to the backup directory, and then click OK.
Note: The database restoration time varies and depends on the size of your database.
 
When the Message prompt appears, click OK.
Click Exit.
Click Start>Programs>Symantec Endpoint Protection Manager>Management Server Configuration Wizard.
In the Welcome panel, check Reconfigure the Management Server, and then click Next.
In the Server Information panel, modify input values if necessary to match previous inputs, and then click Next.
In the Database Server Choice panel, check the database type to match the previous type, and then click Next.
In the Database Information panel, modify and insert input values to match previous inputs, and then click Next.
Note: The configuration takes a few minutes.
 
In the Configuration Completed dialog box, click Finish.
Log on to the Symantec Endpoint Protection Manager Console.
Right-click your groups, and then click Run Command on Group>Update Content.
Note: If the clients do not respond after about one half hour, restart the clients.
 
 
Restoring client communications without a database backup
For each domain that you use, you must create a new domain and insert the same domain ID into the database.  These domain IDs are in the disaster recovery
text file if they were typed in to this file. The default domain is the "Default domain."
 
A best practice is to create a domain name that is identical to the previous domain name.  To recreate the "Default (default) domain", append some value such as "_2"
( Example: Default_2).  After you restore domains, you can delete the old default domain.  Then rename the new domain back to "Default."
 
To restore client communications without a database backup
Log on to the Symantec Endpoint Protection Manager Console.
Click Admin.
In the "System Administrator" pane, click Domains.
Under "Tasks", click Add Domain.
Click Advanced.
 
 
 
 
Open the disaster recovery text file, select and copy the domain ID and then paste the domain ID into the "Domain ID" box.
 
 
 
 
Click OK.
Repeat this procedure for each domain to recover.
Under "Tasks", click Administer Domain.
Click Yes on the "Administer Domain" dialog box.
Click OK.
Restart all of the client computers.
Note: The computers appear in the Temporary group.
 
If you use one domain only, delete the unused Default domain, and rename the newly created domain to Default.
 

I think I know the encryption password, but I'm not absolutely sure.  Is there a way to test the password before I have a disaster that requires recovery?

Restore the database on a Test machine , that would be best option for testing.