Either by Symantec recommendations or for other environmental reasons, there is a need to change the Symantec Endpoint Protection Manager (SEPM) management port to a port other than 80, 8014 or 443 for https.
Possible communication issues between SEPM and its clients.
Before Symantec Endpoint Protection (SEP) 11.0.3000.2224 (MR3), the default communication port for SEPM and SEP clients was 80. Because this port could be already assigned to other services, Since SEP MR3, the default port was set to 8014. In case of conflict with other software on those ports or for other reasons, it could be required to set SEP to use a different port after it was installed. Migration to newer SEP release does not modify these settings. Repairing the SEPM installation could roll back them to the values set during the first installation. This article explains the details involved in making that change.
SEPM uses IIS to communicate with the SEP clients, so this port change is configurable in IIS. However, because Tomcat sits between IIS and the SEPM database, it is also necessary to change the IIS HTTP port value in Tomcat, so that Tomcat knows what port to use to communicate with IIS.
Note: to properly apply the procedure below, it is recommended to have a full working communication between clients and SEPM's, therefore it could be required to temporarily shut down the other application that is in conflict with the SEPM to use the current communication port.
Changing the management port for SEPM requires the following steps:
NOTE: It is important that the clients are updated with the new management port information BEFORE changing the port on SEPM otherwise they will miss the new communication details required.
Create a new Management Server List
To change the port that clients use to communicate with the Manager, it is required to modify the MSL's, to avoid spelling mistakes Support recommends to duplicate them instead of creating them manually:
Updating new SEP Clients with the Port Change
There are multiple options for applying the Management Server List to the SEP Clients:
NOTE: The clients will get the change on their next check-in or once they process the new Sylink.xml. They should still be able to connect to the SEPM if the new communications settings still have the details of the old port.
To monitor that all clients got the new communication settings:
assuming that your clients are able to check-in to the SEPM's, they will automatically get the new policies including the new MSL. You can use Reports and Monitors in the SEPM console to monitor the status of your clients and verify that they checked-in to the SEPM after you assigned the new MSL or if the expected policy serial number is in place. Once it is confirmed that all clients were able to get the new MSL, it is possible to move to the next step.
To change the SEPM communications port in IIS 6 (Windows Server 2003):
To change the SEPM communications port in IIS 7 (Windows Server 2008):
To change the port that Tomcat uses to communicate with IIS:
Start the Services
SEPM will now be communicating on the new port configured. The clients will start checking in on their check in cycle.
To verify clients communication:
To verify clients communication, check for the green dot status on the client, or use a packet capture utility on the client and filter for tcp.port == 8014. You should see "POST /secreg/secreg.dll" calls occurring during the check in intervals on the configured port.
Secars test could be also used to verify that the SEPM is properly listening on the new port, to run it, open your browser and type the following URL:
OK is the expected positive result.
After clients communication is confirmed:
After it is verified that clients are able to communicate with SEPM's via the new port, it is possible to come back to the MSL's to remove the duplicated entries of servers which are still referred to the old port.
This article refers to Symantec Endpoint Protection 11.x.
For newer versions, see Symantec Endpoint Protection 12.1: How to Change the ports used for communication between the Manager and clients
Login to Subscribe
Please login to set up your subscription.
Get support for your product, with downloads, knowledge base articles, documentation, and more.
Maximize your product competency and validate technical knowledge to gain the most benefit from your IT investments.
Set default language
Do you wish to save this as your future site?