Endpoint Protection

Hi,
I readed a few post regarding moving a SEPM, and I have some questions.

I want to: move my only SEPM to another server, which has new hostname and ip address. I also want to maintain all the data, policies, logs, reports, etc.
I already added the new IP/port of the new server in the Management server list, all clients have this new policy.

I readed about using replication in order to move the server, but then I loss the ability to create new replication partners since I have to delete the Master Replication Partner.

I also readed about replacing the sylink.xml, but this way I will loss all the logs, reportes, groups, admins, etc.

Can I do the best practices backup, restore the database in the new SEPM and then delete the old server from the server list? Is this a supported path?
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007082112135948
http://service1.symantec.com/support/ent-security.nsf/docid/2008031204405448


Many thanks
Oliver

Yes that documentation regarding moving the database to another server with a different name and IP address should work just fine.

Thats not supported..
Either you will have to follow the doc for Move SEPM to new server with new and Host name and miss out replication
or Install new SEPM and use SylinkReplacer to connect back the clients.

You cannot restore a database from a different machine on a completely different machine.

Disaster Recovery works best if done on the same machine with the same Hostname and IP address.

As you want to move the SEPM to another Server and want to keep same settings and policies and logs I would recommend to go with the "How do I move Symantec Endpoint Protection Manager from one server to another with a different IP address and host name?" article.

Web Link: http://service1.symantec.com/support/ent-security.nsf/docid/2008031204405448

Thanks.
So you can confirm that after I move the SEPM to a new server with new IP/hostname I loss the replication feature with other servers?

Bad news I think :( It would be nice to be able to move to faster servers and still keep the replication feature available.

Regards,
Oliver

Thanks, will I loose the option to create a new replication partner in the future?

I started with a small server for testing SEPM, now we have all clients connected to SEPM and we need to move to a more faster server. In the future we may want to have another SEPM replicating with this new faster server.

I also noted that the warning about loosing the replication feature is now missing in the document: http://service1.symantec.com/support/ent-security.nsf/docid/2008031204405448

Another issue, later when I delete the old SEPM, could I update from RU6 to RU6a as usual?http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010041310404248

Will I end up with a normal SEPM after doing:
http://service1.symantec.com/support/ent-security.nsf/docid/2008031204405448

Or will I end up with a non standard SEPM? I mean, should I take care or something special after deleting the old SEPM?

Many thanks
Oliver

After you get everything moved, up, and running, you can update the new SEPM without issue.

After deleting the old sepm you will still be able to update the sepm and it will work just fine. As for being a replictation partner i cannot find any data stating that its different than the old versions and would expect the same issues.

If you use the document on moving the SEPM to a new server, and haven't set up replication, you'll still be able to implement replication in the future if you want.  Keep in mind, you'll need to run SylinkReplacer to point the clients to the new SEPM.
http://www.symantec.com/connect/sites/default/files/sylinkreplacer.zip
http://www.symantec.com/connect/sites/default/files/SylinkReplacer.pdf

Many thanks!


I'm replicating the logs, and the clients are connecting since I use a port-forward in your Internet Router. So the sylinkreplacer does not need to be used.


Another steps I needed to do:
- configure retention of logs and data as in the old SEPM, before replication
- configure to replicate logs

Many thanks to all other users, I marked as usefull all the replies.


Regards,
Oliver

""If you use the document on moving the SEPM to a new server, and haven't set up replication, you'll still be able to implement replication in the future if you want.""

Are you sure about this ??

If you have a vanilla SEPM (no replication/failover/etc) and you simply move it to a new system, it's still a vanilla - first site SEPM.

If you move it to new server ( using replication ) it becomes Replication partner for Parent SEPM..Then it doesn't remain First Site in SEPM right ?

Yes, my old SEPM in a vanilla installation (no replication, no failover, etc). It just a 1 server SEPM setup, inside a private lan, with port-forward for the traffic from the Internet (in case a notebook goes outside the office).

I need to move the SEPM to a faster server (new IP, new hostname) and I must have the option to add a replication partner in the future.

HTH
Oliver

Hi all, I just finished the move of SEPM. All is working fine, I have all the logs, configs, policies, clients, etc.

Here are a few points that I learned in this post:

• 
  I had a vanilla SEPM RU6, no replication or failover configured
• the new SEPM had new hostname and new ip
• the new IP/port of the new SEPM was already distributed via a policy to all clients, and all clients are confirmed that they have the latest policy
• I followed the instrucciones of this document :
  http://service1.symantec.com/support/ent-security.nsf/docid/2008031204405448
• after point 10 in that Document, I had to: 
  1. setup the site the same way as the old one, retention time for logs, etc
  2. configure the replication partner in order to replicate logs and all updates in both directions
  3. make the old SEPM non recheable to the clients, to clients start using the new SEPM
  4. do a manual replication
  5. stop the old SEPM
  6. delete the replication site in the new SEPM while the old SEPM has finished replicating and is offline. This way I still have the change to stop the new SEPM and go back to the old SEPM
• ignore from point 11. on in that document, since I already done all those steps

Again, many thanks to all users and Symantec tech support.

Regards,
Oliver
P.D.: now, lets upgrade to RU6a ;)

Ooops, I´m getting connection problems now.

The clients appears as connected in the SEPM Console, but the green dot does not appears in the SEP Client.
Doing debuggin in the Clients I get this error:

 "Signature verification FAILED for Index File Content"

I deleted the client as in here:
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/9f59cecda30bb55fca257392000212bc?OpenDocument

The Client re-connect, re-appears in SEPM but still no green dot.

Should I replace the server.xml and keystroke.js as in here?
https://www-secure.symantec.com/connect/forums/connection-problem-between-sep-and-sepm#comment-3248311


Many thanks
Oliver

Seems that I forgot to add a new Server management list, so updating the security certificate in the new SEPM solved the problem.

Admin -> Servers -> Manage server certificate -> Update -> JKS 
and the using the server.xml and keystroke.js from the old server

This solved the issue.

HTH
Oliver