If the legacy 11.x server is using a shared web site or is using client-to-server SSL prior to upgrade, to ensure that client server communication is maintained, a proxy is installed into IIS that will continue listening on the same port.
The IIS proxy is installed to ensure clients that have not been migrated to SEP 12.1 will not be orphaned when they connect to the port previously used by the 11.0 SEPM. It is important to ensure that clients are aware of the new 12.1 SEPM's communications settings before removing the IIS proxy if it is present. One way to ensure this is the case is to confirm that all clients have checked-in with the new 12.1 SEPM and are using a current client policy.
To bypass the SEP IIS client communications proxy Once clients are able to communicate with the 12.1 SEPM directly the IIS proxy can safely be removed. You may also completely uninstall IIS if it is not used to host other websites. To remove the IIS proxy without a loss of client communication please use the following steps.
Configure Apache to accept legacy SEP client communications Apache can be configured to listen on the port that had been proxied by IIS. If clients are no longer expected to communicate on this port it is safe to skip this step.
To configure Apache open the following file in a text editor: \Program Files\Symantec\Symantec Endpoint Protection Manager\apache\conf\httpd.conf
Add the following line if it does not exist: Listen <port> - where "<port>" is the legacy client communication port.
Examples: Listen 80 Listen 443 Listen 8080
Note: It is important to ensure that any port added to the Apache configuration described above is no longer in use by IIS. If IIS and Apache attempt to use the same communication port a conflict will arise and one or both web sites may fail to function normally.
Remove legacy IIS configuration settings The SEPM is configured to be aware of IIS proxy settings when the proxy is installed. It is recommended that this information be removed so that it will not be read by future SEP migrations.
To remove this information from the SEPM configuration open the following file in a text editor: \Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\conf.properties
Delete the following lines (if present): scm.iisproxy.http.port=<port> scm.iis.http.port=<port> scm.iisproxy.https.port=<port> - where "<port>" is the legacy client communication port.