Information is needed on how to move a Symantec Endpoint Protection Manager (SEPM) SQL database to a new SQL server by detaching and moving the database.
Detach and move the database files:
- Stop all Symantec Endpoint Protection Manager services
- Detach the Database in question from the current Instance using the SQL Server Management Studio
- After the Database is detached, navigate to the appropriate data folder where the existing SQL server data files are stored. Depending on your SQL version this could appear in a variety of forms
C:\Program Files\Microsoft SQL Server\MSSQL\<instance name>\DATA
C:\Program Files\Microsoft SQL Server\MSSQL\DATA
C:\Program Files\Microsoft SQL Server\MSSQL##.<Instance Name>\MSSQL\DATA
- Copy the following database files to the data folder on the new server you plan to house this SQL database:
- On the new SQL server, Right-click on the Database instance and click 'Attach'
- Type the path to the <db_name.MDF> file, and the wizard will automatically pick up the other files (.NDF and .LDF)
- Click OK. The wizard will automatically collate and attach the SEPM SQL Database to the chosen SQL Instance on the new server
Delete the sem5 and reporting users (SQL Authentication method only):
Note: These instructions assume you are using the default naming conventions. If your previous instance was not named sem5 your database usernames will be different. The reporting user will appear similar to 'REPORTER_databasename'.
- Open the database
- Click Security > Users
- Locate and delete the sem5 user
- Locate and delete the REPORTER_sem5 user if it exists
Create a new login for sem5 (SQL Authentication method only):
- From the top of the hierarchy, open Security > Logins
- Right-click Logins and choose New Login
- Use the login name: sem5
- Choose 'SQL Server authentication'
- Enter a password
- Enforce password expiration
- User must change password at next login
- Select sem5 as the default database
- On the left, click User Mapping, and then check sem5
- In Database role membership for: sem5, check dbowner
- On the right pane, under default schema make sure this matches your schema if you changed it from the default (dbo) Note : You can verify the current schema in use by expanding the tables folder under the sem5 database object and looking at the table prefix example (dbo."TableName" )
- Click Search on the Securables page and add the option for "The server <servername>" and click OK
- Under Explicit, find 'Alter any login' and check the box for 'Grant'
- Click OK
Connect the SEPM to the database
At this stage you have either installed a new SEPM, or plan to use the same SEPM as before. In either case, the SEPM needs to be pointed to the new database location.
Run the Management Server Configuration Wizard to point the SEPM to the new database.
If SEPM is already installed:
- Choose the option to Reconfigure the Management server
- When prompted, enter the credentials for the sem5 user created in the steps above
If SEPM is a new installation, the wizard will launch after the setup is complete.
- Choose the option to add an additional manager to an existing site.
- When prompted, enter server name(\instance name) of the new SQL server, and the credentials for the sem5 user created in the steps above.
If you are installing a new SEPM, you must use the same version of SEPM as the original SEPM. If you install a newer version of SEPM, you will get an error that the schema is not compatible.
For Windows Authentication method: If the account that you use is a domain user account, make sure that the Endpoint Protection Manager computer and the SQL server are in the same domain (or a trusted domain), and that the domain user account exists in its domain controller. If the account that you use is a local user account, make sure that the Endpoint Protection Manager computer and the SQL server are in the same workgroup, that the same local user account exists on both computers (same name and password), and that the account has local Administrator privileges on both computers.