Information is needed on how to move a Symantec Endpoint Protection Manager (SEPM) SQL database to a new SQL server by backing-up and restoring the database.
You can perform a SQL backup of the database and restore it to a new SQL server or instance using the following procedure:
Back up and restore the database:
- Open the SQL Server Management Studio for the current server
- Right-click the sem5 database and choose Tasks > Back Up
Note: You can choose to use the existing backup file or for a smaller backup file you can remove that path and designate a new path and filename.
- Copy the backup file to the new SQL server
- Open the SQL Server Management Studio for the new server
- Right-click Databases in the server tree and click Restore Database
- Using the Device option, locate and restore the .bak file created in step 2
Once the database is restored to the new SQL server or instance, the sem5 and reporter database users must be deleted and a new sem5 login must be created. This is because there is no sem5 login and you cannot create a login for a database if that database user already exists.
Delete the sem5 and reporting users (SQL Authentication method only):
Note: These instructions assume you are using the default naming conventions. If your previous instance was not named sem5 your database usernames will be different. The reporting user will appear similar to 'REPORTER_databasename'.
- Open the database
- Click Security > Users
- Locate and delete the sem5 user
- Locate and delete the REPORTER_sem5 user if it exists
Create a new login for sem5 (SQL Authentication method only):
- From the top of the hierarchy, open Security > Logins
- Right-click Logins and choose New Login
- Use the login name: sem5
- Choose 'SQL Server authentication'
- Enter a password
- Enforce password expiration
- User must change password at next login
- Select sem5 as the default database
- On the left, click User Mapping, and then check sem5
- In Database role membership for: sem5, check dbowner
- On the right under default schema make sure this matches your schema if you changed it from the default (dbo) Note : You can verify the current schema in use by expanding the tables folder under the sem5 database object and looking at the table prefix example (dbo."TableName" )
- Click Search on the Securables page and add the option for "The server 'servername'" and click OK
- Under Explicit, find 'Alter any login' and check the box for 'Grant'
- Click OK
Connect the SEPM to the database
At this stage you have either installed a new SEPM, or plan to use the same SEPM as before. In either case, the SEPM needs to be pointed to the new database location.
Run the Management Server Configuration Wizard to point the SEPM to the new database.
If SEPM is already installed:
- Choose the option to Reconfigure the Management server
- When prompted, enter the credentials for the sem5 user created in the steps above
If SEPM is a new installation, the wizard will launch after the setup is complete.
- Choose the option to add an additional manager to an existing site.
- When prompted, enter server name(\instance name) of the new SQL server, and the credentials for the sem5 user created in the steps above.
If you are installing a new SEPM, you must use the same version of SEPM as the original SEPM. If you install a newer version of SEPM, you will get an error that the schema is not compatible.
For Windows Authentication method: If the account that you use is a domain user account, make sure that the Endpoint Protection Manager computer and the SQL server are in the same domain (or a trusted domain), and that the domain user account exists in its domain controller. If the account that you use is a local user account, make sure that the Endpoint Protection Manager computer and the SQL server are in the same workgroup, that the same local user account exists on both computers (same name and password), and that the account has local Administrator privileges on both computers.
Imported Document Id