I'm putting in a new server to replace an old one, and with this new server will be a new 2008 R2 domain.  Also the server name and the IP will be different which I believe affects things greatly though I don't know details.  So my goals are as follows:

1.  Move the SEP manager, database, etc. from the old system to the new system

2.  Somehow tell all the clients to poitn to the new server

There are I believe about 200 SEP clients so my goal is not to do anything that requires going around to each system, thus exporting the communications settings to the xml file isn't ideal unless there's a process to send out to all systems in one try. 

I do not mind foricing all clients to re-install SEP if needed - so maybe Find Unmanaged Computers will work? 

I'm about to do some searching on Symantec articles related to this but as always, it pays to ask a human being with experience with these matters as well since perhaps the article(s) I find will not address the fact that I am moving to a new domain.  Thank you! 

Follow this document

How to move Symantec Endpoint Protection Manager from one machine to another

After instaklling or shofting SEPM to another machine.

Change the sylink file in all client systems . Then those clients will communicate to new SEPM server

In case after the re-installation of SEPM, if the clients are not communicating try the sylink replacer.

Title: 'Using the "SylinkReplacer" Utility'
> Web URL:
http://www.symantec.com/business/support/index?page=content&id=TECH105211&locale=en_US

Ok I will review the info provided, but I have to ask a totally unrelated question.  What's the difference between Technical Support, and Symantec Employee, when you see poster's names?  Just curious because I can understand why tech support would want to be here but I wonder sometimes who the other Symantec Employees are if they're not tech support :) Engineering?  Just a curiosity. 

I'll review the info provided here and will re-post on the success of the move, or ask more questions perhaps via a new post linked back to this one so people get due credit for additinal solutions provided.  

Some of these technical articles are contradicting each other.  But here is what I understand of them.  Please correcvt me if I'm wrong:

The Disaster Recovery method is only useful if your server will be the same IP and hostname.  The best practices article didn't address what to do for a new server environment (hostname, IP, new OS version, new domain, new everything). 

The Replication method is the only method you can use for a migration where you will have a server with a new IP and hostname, OR, you must simply recreate everything from scratch on a newly installed SEPM on the new server, then tell the clients to point to this new server via the Sylink Replacer.  This latter item wouldn't really be a migration then since it's just a re-install in effect.

If the statements above are correct, then I may simply decide to just re-create the SEPM environment from scratch since it takes less time to do that than it does to try to figure out a good migration method for this stuff.  :) But I do sincerely appreciate all advice given. 

In addition to confirming the above, can somebody advise if there is a script or other tool to do an effective backup for SEPM for future disaster recovery uses?  When you read the Best Practices for disaster recovery document, it seems you have to do a lot of manual tasks when in my opinion this type of thing should be automated, especially for an enterprise-level product.  I could always make a batch file but i'm just surprised SEP doesn't have a tool out there that can do this for you?  Until recently I hadn't even heard of Sylink Replacer, so in my mind there must be a handful of tools out there that I don't even know about so this is why I ask.

Thank you! 

Hi,

I would like to clear your confusion.

Technical support tag people do work only on forum issues.

Symnatec Employee tag people can be from engineering team, even from technical support team (but not delegated to forum) .

Hi,

Answers to your questions

Question :The Disaster Recovery method is only useful if your server will be the same IP and hostname.  The best practices article didn't't address what to do for a new server environment (hostname, IP, new OS version, new domain, new everything). 

Ans : Yes,The Disaster Recovery method is only useful if your server will be the same IP and hostname.

If you have installed new SEPM then either you can do replication or use Sylink replacer tool.

Currently there is no such tool/script to take backup of entire SEPM. Symantec is releasing new product in coming months that product may have this capability.

Hi Chetan, thanks for the reply.  In the end, I choose to re-create an entirely new SEPM.  I haven't yet pointed the clients to the new SEPM but am about to give that a try.  Interestingly, if I use the Find Unmanaged Computers function from the new SEPM, it finds just about all of the computers on the network so perhaps I can simply force a push deployment of the SEP client.  For the sake of experience, I will first try the Sylink replacer though because I'm sure that is less disruptive and won't require a reboot of the clients but perhaps this Find Unmanaged is a good alternate if all else fails.  Though in reality they're probably just using the same authentication to each system and such so why bother with a client-side reinstall. 

I will try SylinkReplacer now. 

Hi,

Yes you can go with Sylink replacer tool & it's also easy to use.

Unmanaged computer search will find all the computers in network without SEP it's useful if all the clients on same LAN.

But guess what?  The Find Unmanaged Computers is finding all the systems that are SEP clients still reporrting to the old server (the old server is still online, the new one is just plugged in for testing and gradual migration of functions).  Anyway, I was distracted earlier so I will now try the Replacer.

Hi Mixit,

Is there any update ?

No update just yet Chetan :) It turned out I had to switch priorities - I'm in the middle of the domain switchoever for this customer and that has proven to need more time than planned (what a surprise!) so the SEP stuff I am leaving until afterwards which may be another month or so.  I have this thread on my list of items to update though so I will definitely post again once I have had an opportunity to try things out. 

Right now I have 5 SEP clients reporing to the new server/SEP (this includes 4 VMs :) ) and the rest still report to the old server, even though some of them are in the new domain.  I have Location Awareness set up so that if anybody can't report to a management server they'll just get their updtes from Symantec. 

was port opening  between domains worked? just need to confirm this in the partical situation

Well I think this way is a little easier than using sylink and editing an xml myself.

The first part was thanks to West Cost on this page about 2 thirds of the way down:

https://www-secure.symantec.com/connect/forums/move-sepm-console-one-server-another

After that it was easy. I called the new Management Server Lists Priority 1 SEPM_VM and created them on both servers. The way I set the policy was a little different than West Coast but it's all trial and error to me. There is already going to be some default Management Server Lists in place but you dnt need to touch those and can't anyway. Just set the new server as priority 1 and leave out the old all together. Then from the old server, right click the new management server list and then assign. A window will come up saying that this is going to replace all server management lists for all selected groups. See attachment and let it rip. Just select parent folder then any others that need to be selected afterwords.

Here's the post I was talking about so there's no confusion. This replication method was so easy. Do not uninstall until Server Management List plicy has been updated to all groups/users.

Question/Issue:

How do I move Symantec Endpoint Protection Manager from one server to another with a different IP address and Host name?

Symptoms:

Need to move Symantec Endpoint Protection Manager from one server to another with a different IP address and Host name

Solution

Follow the steps below to move Symantec Endpoint Protection Manager from one server to another with a different IP address and Host name:

1. Install Symantec Endpoint Protection Manager on the new server

2. In the Management Server Configuration Wizard panel, check Install an additional site, and then click Next

3. In the Server Information panel, accept or change the default values for the following boxes, and then click Next

4. Installing and configuring Symantec Endpoint Protection Manager for replication

Server Name

Server Port

Server Data Folder

5. In the Site Information panel, accept or change the name in the Site Name box, and then click Next

6. In the Replication Information panel, type values in the following boxes:

Replication Server Name

(The Name or IP address of the old Symantec Endpoint Protection Manager)

Replication Server Port

(The default is 8443)

Administrator Name

(The Username used to log on to the old console)

Password

(The password used to log on to the old console.)

7. Click Next

8. In the Certificate Warning dialog box, click Yes

9. In the Database Server Choice panel, do one of the following, and then click Next

Check Embedded database, and complete the installation.

Check Microsoft SQL Server, and complete the installation.

Note

: While configuring the new server we can choose any of SQL or Embedded as this process is irrespective of the previous database type.

10. Log in to the new Symantec Endpoint Protection Manager (SEPM) and ensure that all the clients and policies are Migrated sucessfully

11. Click Policies

12. Click Policy Components

13. Click Management Server Lists

14. Click Add Management Server List

15. Click Add > Priority and a new Prioriry would get added named as Priority2

16. Add the Old server under Prority2 and add the new one under Prority1

17. After the sucessful Migration uninstall the old Symantec Endpoint Protection Manager (SEPM)

DO NOT UNINSTALL UNLESS YOU ARE SURE CLIENTS ARE BEING MANAGED BY THE NEW SEPM