How to point clients to a new Endpoint Protection Manager after decommissioning or replacing the existing one

You have uninstalled or are planning to decommission or replace your existing primary (or only) Symantec Endpoint Protection Manager (SEPM) in your environment, and you want to know the recommended method for getting existing Symantec Endpoint Protection (SEP) clients to report to the new Endpoint Protection Manager.

There is more than one way to point an Endpoint Protection client to an Endpoint Protection Manager. These three solutions let you point the client to a new Endpoint Protection Manager. Choose the solution that works best for you.

Solution 1

If the new Endpoint Protection Manager is running version 12.1 RU2 or later, the preferred method to deploy new communications settings is to use the Client Deployment Wizard. This process is described in the following article:

Restoring client-server communications with Communication Update Package Deployment

Solution 2

Export a client install package with custom settings that specify the removal of the previous client-server communication settings, and then deploy the package.

To create custom client install settings

1. Log on to the Endpoint Protection Manager you want to manage the client.
2. Click Admin > Install Packages.
3. Click Client Install Settings, then click Add Client Install Settings.
4. Under Upgrade Settings, click Remove all previous logs and policies, and reset the client-server communications settings.
5. Set all other options as desired.
6. Click OK.

To export a client using the custom client install settings

1. Click Admin > Install Packages.
2. Click Client Install Packages, then click the package to be exported from the right-hand pane.
3. Click Export Client Install Package...
4. Ensure "Pick the customized installation settings below:" is set to the custom install settings created above.
5. Set all other options as desired.
6. Click OK to export the new package.
7. Deploy this package by the desired method.

Notes:

1. As of Endpoint Protection 12.1 RTM, this procedure only moves the client to a new Endpoint Protection Manager if the installation package version is newer than the version currently installed on the target client. If you try to install with the same build that the client already has, the client does not move to a new Endpoint Protection Manager. In these scenarios, you should use Solution 1.
2. This procedure only overwrites Sylink.xml on a previously new (not migrated from Symantec AntiVirus (SAV)) install of Endpoint Protection. If the client was migrated from SAV, the old Sylink.xml does not get overwritten because the Endpoint Protection files are located in \Program Files\Symantec Antivirus and not \Program Files\Symantec\Symantec Endpoint Protection.

Solution 3

Copy Sylink.xml manually to the Endpoint Protection client.

To get the file Sylink.xml, follow the instructions on this page: Exporting the client-server communications file (Sylink.xml) manually. You can then replace the file Sylink.xml on the client computer directly with SylinkDrop, which is included with the Endpoint Protection Manager 12.x installation file, in the folder \Tools\SylinkDrop. To avoid a Tamper Protection alert, you should use the SylinkDrop tool or import Sylink.xml directly into the Endpoint Protection client user interface (Help > Troubleshooting > Management; under Communication Settings, click Import).

It is still possible to manually replace Sylink.xml on the client computer if you first disable Tamper Protection. Perform the following procedures on the computer that you want to point to a new Endpoint Protection Manager:

To disable Tamper Protection

1. Open the Endpoint Protection client user interface.
2. Click Change Settings.
3. Next to Client Management, click Configure Settings.
4. Uncheck Protect Symantec security software from being tampered with or shutdown.

To replace Sylink.xml manually

1. Stop the SMC service by clicking Start > Run, and then entering smc -stop.
2. Once the service is stopped, copy the Sylink.xml file from the new Endpoint Protection Manager to the client in one of the following locations:
   • For Windows Vista, Windows 7 / Server 2008 or later: C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config
   • For Windows XP / Server 2003: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion \Data\Config
3. Replace the existing file and restart the SMC service with Start > Run, and then enter smc -start.

After you perform the steps in one of these solutions, you can log into the new Endpoint Protection Manager, navigate to the Clients tab, select the target group, and then click the Clients tab. The client (or clients) should begin to appear in the group.

Note: If the client is in a different group than you intended, just right-click the client, click Move, and then select the group in which you want the client to appear.

Terms of use for this information are found in Legal Notices.