Learn how to prepare Symantec Endpoint Protection Manager (SEPM) for disaster recovery, or recover your SEPM environment in the event of a disaster.
You can recover from disasters, but first you must prepare for them using the SEPM.
As a best practice, back up the database at least weekly.
Windows 64bit: \Program Files(x86)\Symantec\Symantec Endpoint Protection Manager\data\backup
Note: The backup process saves the file to the location of the SEPM installation.
After you install the management server, back up the disaster recovery file and copy it to another computer. As a best practice, store the backup file in a secure location off-site. See Step 4 for more information.
By default, the recovery file is located in the following directory:
Windows 64bit: \Program Files(x86)\Symantec\Symantec Endpoint Protection Manager\Server Private Key Backup\recovery_timestamp.zip
Note: If you update the self-signed certificate to a different certificate type, the management server creates a new recovery file, which has the latest timestamp.
The disaster recovery file includes the following information:
Ensure that the KCS value in the recovery file matches to the current one in SEPM. See How to verify KCS and certificates on SEPM and SEP clients to check the locations of the KCS values to verify with recovery files.
If you have a hardware failure, you must reinstall the management server using the IP address and host name (case sensitive) of the original management server.
To save the management server information:
Copy the files you previously backed up to another computer. As a best practice you should store the backup data in a secure location off-site.
To perform disaster recovery, follow these steps in sequential order:
\ \Server Private Key Backup
You can still perform disaster recovery without a database backup, but the following points apply in this case:
:\Program files or(x86)/Symantec/Symantec Endpoint Protection Manager/tomcat/etc
If you use a FIPS-compliant version of Symantec Endpoint Protection and have FIPS compliance enabled, you must turn on FIPS compliance after recovering the SEPM.
Note: This setting is not stored in the disaster recovery file.
How to use the Database Validation tool (DBValidator.bat)
Download the latest version of Symantec Endpoint Protection
Installing Symantec Endpoint Protection Manager
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.