Endpoint Protection

Hey,

I'm running SEP 11.0.6 (reviewing upgrade to 12) and I wanted to set up replication across a couple of servers, however when reviewing the documentation for converting the embedded database to SQL it requires the encryption password which I don't have.  I've been reviewing TECH93119 for resetting the encryption password, it basically walks you through uninstalling the current SEP, re-installing on the same server and then pushing out the sylink.xml file to the clients.  I only have 50 clients so this is something I can do with my login script and not too much admin but I just wanted to know if anyone has done this before?  Is it as straightforward as re-installing SEP and pushing out the xml file or are there any other issues?  Can I do the SQL conversion during the re-install (i.e. installing as a SQL DB rather than embedded) or do I need to do the encryption password recovery first and then do the embedded to SQL database conversion?  My SEP is hosted on a Windows 2008 Standard server, when I do set up replication would there be any issue with the second server being 2008 R2?

Thanks, Nick

To recover embedded Database Password on Endpoint Protection

1. Go to Control Panel- Administrative Tools - Data Sources(ODBC) - System DSN tab

2. Choose the Symantec Endpoint Security DSN, click Configure

3. Go to the database tab, under the database name put any value other than "sem5" (such as "sem"), then click OK twice

4. Change the c:\Program Files\Symantec\Symantec Endpoint Protection Manager\Php\php.ini properties, untick the read-only

5. Open c:\Program Files\Symantec\Symantec Endpoint Protection Manager\Php\php.ini" with notepad

6. Set the "display_errors = on" and "display_startup_errors =  on", save the changes and close the file

7. Open internet browser, go to http://localhost/reporting (include port number after localhost if it's not on 80 e.g. http://localhost:8080/reporting/)

8. Try to login using the Endpoint Protection Manager console credential

9. The database password will be displayed next to 'DBA' string on the browser.

10.Do not forget to set the database name back to "sem5" in step 3 and set the "display_errors = off" and "display_startup_errors =  off" in step 6.

 Is it as straightforward as re-installing SEP and pushing out the xml file or are there any other issues?

--You can use Sylink Replacer to replace the sylink.

Can I do the SQL conversion during the re-install (i.e. installing as a SQL DB rather than embedded) or do I need to do the encryption password recovery first and then do the embedded to SQL database conversion?

---Password is needed

My SEP is hosted on a Windows 2008 Standard server, when I do set up replication would there be any issue with the second server being 2008 R2?

---Both SEPM should have the same version that waht is needed.

Thanks Prachand, I will give the recovery instructions a try first and if unsuccessful I'll do the re-install of SEP and then push the xml file out.  I'll do a search for the Sylink replacer, is it a Symantec tool or freeware?

nick

Hey Prachand,

Worked great, once I figured out on x64 servers you need to use the x32 odbc tool.  Is there a way to check the password?  I was trying to use the dbisqlc tool under the ASA\win32 folder but when I use admin or no username with the password I get Invalid user ID or password.

thanks,nick

Nick are you talking about Checking the password through dbisqlc.exe?

Yes, I read in a tech document or forum post (can't remember) that you could check the encryption password through the dbisqlc.exe

You have to use the username DBA with the encryption password to test (and I verified the password I found using your instructions).  Thanks for your help, now I can do the db conversion and upgrade to 12.

Nick