Endpoint Protection

 View Only
Expand all | Collapse all

Moving Endpoint Protection Management to another server

  • 1.  Moving Endpoint Protection Management to another server

    Posted Sep 23, 2009 05:00 PM
    I want to wipe out our old SEP Server because I do not have the password for it and the reset doesn't work and the IT guy I replaced has nothing documented. What is the best possible way to put this on another server and get all clients managed on the new server.

    Thanks


  • 2.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 23, 2009 05:11 PM

    There are 4 ways in which we can move SEPM from one server to another.

    1. Disaster Recovery

    2. Move SEPM form one server to another with the same ip address ( as suggetsed by vikram)

    3. Replication

    4.Clean install on the new server and then replace the sylink.

    1. Disaster Recovery :

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007082112135948

     

     

    2. Move SEPM form one server to another with the same ip address

    http://service1.symantec.com/support/ent-security.nsf/docid/2008031204405448

     

    3. Replication : Add a replication partner to the old SEPM. Stop all SEPM service on the old SEPM so that all the cleints move to the new SEPM, then Uninstall the old SEPM

    4.Clean install on the new server and then replace the sylink.: Uinstall SEPM from the old server.  Install SEPM on the new server  and replace the sylink using sylink replacer:  

     





  • 3.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 23, 2009 11:09 PM
    I'd go for the 2nd option in your situation.  But the 4th option should work as well.

    [Edit]

    Now that I think about it more, I think the 4th option is best.  You can keep the current one running until you get your new one setup as you like then force all the clients to start talking to the new server.



  • 4.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 24, 2009 12:19 AM
    I notice #2 keeps being posted as moving to a server with same IP address when the link is really for moving to a server with a DIFFERENT IP address.


  • 5.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 24, 2009 12:51 AM
    You have mentioned "I do not have the password for it and the reset doesn't work". Why its not working... What was the error...? If you can reset the password its easy to replace the server.

    Just have to take a backup of database, server.xml, keystore.jks and restore it on to new server.
     


  • 6.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 24, 2009 02:15 AM
    For me number 4 is the best way to have a new sepm, you can find unmanaged client anyway...then replace the sylink at once.. 


  • 7.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 24, 2009 02:21 AM
    If you have unmanaged client that is the best way to bring back all the client to SEPM... 
    You can go for a new version(RU5). You can download it from fileconnect.  


  • 8.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 24, 2009 02:39 AM
    Dear Reaser,

    I understand that you have lost the the exixting password. The best and effort less way to do it is:

    1. Take the Server privite key backup folder.
    2. Download the latest SEP version RU 5 which is avilable in the net.
    3. Install the SEPM with a the same IP and Host name.
    4. Restoring the server certificate
    The server certificate is a Java keystore that contains the public certificate and the private-public key pairs. You must enter the password that is contained in the
    Backup.txt file. This password is also in the original server_timestamp.xml file.

    To restore the server certificate
    1. Log on to the Console, and then click Admin.
    2. In the Admin pane, under Tasks, click Servers.
    3. Under View Servers, expand Local Site, and then click the computer name that identifies the local site.
    4. Under Tasks, click Manage Server Certificate.
    5. In the "Welcome" panel, click Next.
    6. In the Manage Server Certificate panel, check Update the Server Certificate and click Next.
    7. Under "Select the type of certificate to import", check JKS keystore and click Next.
      Note: If you have implemented one of the other certificate types, select that type.
    8. In the "JKS Keystore" panel, click Browse, locate and select your backed up as "keystore_<timestamp>.jks" keystore file, and then click OK.
    9. Open your disaster recovery text file and then select and copy the keystore password.
    10. Activate the "JKS Keystore" dialog box and then paste the keystore password into the "Keystore" and "Key" boxes.
      Note: The only supported paste mechanism is Ctrl + V.
    11. Click Next.
      Note: If you get an error message that says you have an invalid keystore file, it is likely you entered invalid passwords. Retry the password copy and paste process as described above.
    12. In the "Complete" panel, click Finish.
    13. Log off of the Console.
    14. Click Start> Settings> Control Panel> Administrative Tools> Services.
    15. In the "Services" window, right-click Symantec Endpoint Protection Manager and click Stop.
      Note: Do not close the Services window until you are finished with disaster recovery and establish client communications.
    16. Right-click Symantec Endpoint Protection Manager and click Start.
      Note: By stopping and starting Symantec Endpoint Protection Manager, you fully restore the certificate.
    5. Re-deploy the clients with SEP RU5, not only the clients will get updated they will also recommunicte with the SEPM Server.

    Please let me know if you need any more information.

    Warm Regards,
    Sumit Bose


  • 9.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 24, 2009 02:59 AM

    Hi Sumit

    The information that you are providing to the customer has already been provided

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007082112135948

    Above all Disaster Recovery will not work untill and unless you have the Encryption password.



  • 10.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 24, 2009 03:11 AM
    @Prachand,

    Im my case SEPM is up and running... I have reinstalled and restored the SEPM in many cases(by restoring database, overwriting server.xml and keystore.jks files and reconfiguring SEPM) and i have not come across the use of this password.

      I need to know the scenario where exactly its required in the future, We have other methods of disaster recovery with out that password(Like i have mentioned above).






  • 11.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 24, 2009 03:21 AM

    Hi Srinivas

    In order To restore client communications with a database backup we need the encryption password.
    As when you run the managemnt server configuration wizard we need the encrypttion password.

    Also there has been instances where after restoring the Database back up you get JAVA -1. In that case we need to run the managment server configuration wizard and that requires the original database password.

    When  the Best Practice Senario for DR is considered the following is needed:

    Keystroke
    private keys
    server.xml
    Domain Id
    Encryption password
    host name
    site name
    ip address



  • 12.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 24, 2009 04:04 AM
    When we run management configuration wizard after db restore, it wont ask for that password.

    I m not importing the Keystroke.jks and server.xml files i m directly copying it to tomcat folder.
    When i do that and reconfigure SEPM it wont ask for any password. sem5 db password is the only one asked.


  • 13.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 24, 2009 04:09 PM
    I would rather figure out why resetting the password isn't working. The error message I get is the following:

    Failed to connect to the server.

    Make sure that the server is running and your session has not timed out.
    If you can reach the server but cannot log on, make sure that ou provided the corret parameters.
    If you are experiencing nettwork issues, contact your system adminstrator.

    Make sure the server is running? Is that saying make sure the service is running? It wasn't but I did start it manually.
    I followed the steps to reset the password so I assume admin/admin is the credentials but I don't know that for sure.


  • 14.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 24, 2009 04:48 PM
    This is not a password issue. Please check are you getting any error in the event viwer


  • 15.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 24, 2009 06:13 PM
     
     
    Title: 'Symantec Endpoint Protection Manager service stops with a Java -1 error in the event log'
    Document ID: 2007090613570348
    Ø Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2007090613570348?Open&seg=ent


    Unable to Logon to Symantec Endpoint Protection Manager. Error: "Failed to connect to the server, Verify that server name and port are correct".


  • 16.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 25, 2009 12:59 AM
    Check scm-server-0.log log file under  "\program Files\symantec\symantec Endpoint Protection Manager\tomcat\logs" folder. Paste the error here....


  • 17.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 25, 2009 05:19 PM
    This is the error I am gettiing:

    Symantec Endpoint Protection Manager service stops with a Java -1 error in the event log


    This is beyond frustrating and annoying. I feel like just uninstalling it no longer using this product.



  • 18.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 25, 2009 05:26 PM
    Title: 'Symantec Endpoint Protection Manager service stops with a Java -1 error in the event log'
    Document ID: 2007090613570348
    Ø Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2007090613570348?Open&seg=ent

     

    Unable to Logon to Symantec Endpoint Protection Manager. Error: "Failed to connect to the server, Verify that server name and port are correct".


  • 19.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 25, 2009 08:07 PM
    I saw it the first time you posted it and none of the options solved the problem. Still getting the same message. I'm done. I will try and do a fresh install on the new server. If it doesn't work I will look into another product. Now I have to figure out how to get all the clients linked to the new server.


  • 20.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 26, 2009 03:25 AM
    inorder to restore the commuincation with SEPM we need to replace the sylink.xml from the new SEPM to the clients.
    You can use either of the 2 to do that



    Also before moving the SEPM to the new folder, will it be possible for you to paste the scm.server0.log


  • 21.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 26, 2009 04:53 AM
    @ All Admins, Specially Symantec Employees .

    Why  reaser who starting this froum didn't answer (Feedback) about his Problem ? Who care about hi's last status & what he did at the end ?
    If there was a Case Status in Symantec Connect to follow the Problem up to End, it can help to All Customers, even Professionals here .


  • 22.  RE: Moving Endpoint Protection Management to another server

    Posted Sep 26, 2009 04:59 AM
    Hi Nourbaksh  , What ever information could have been provided has  been provided to him , No its up to him , if he tries the steps suggetsed , or give more information as in the logs requested