This article describes how to prevent disruptions with Symantec Endpoint Protection (SEP) clients when moving Symantec Endpoint Protection Manager (SEPM) to another server.
These steps also help prevent the loss of:
Historical reporting data
The method used to replace the SEPM will vary depending on whether the SEPM is a member of a site using a Microsoft SQL Server database, or an embedded database site.
For embedded databases
Follow the disaster recovery steps best practices for your SEPM version. Make sure that you gather the database backup and recovery file(s) from your existing manager, and restore the database and recovery files to the new SEPM.
Decommission the existing SEPM. Ensure that it is no longer able to connect to the Microsoft SQL server hosting the SEPM database.
Ensure that the new SEPM has the same host name as the existing SEPM.
Note: You can configure the new SEPM with the same IP address as the existing SEPM.
Install SEPM to the new server, making sure to match the version of SEPM to the existing server.
Perform the following steps in the Management Server Configuration Wizard:
On the Welcome screen, select Install an additional management server to an existing Site.
Check use a recovery file to restore communication with previously deployed clients.
Browse to the recovery file you exported from the existing manager in step 1, and click Next.
Ensure the name in the Server name field matches what was entered for the existing server exactly, including all capitalization and punctuation marks.
Follow the rest of the prompts in the Management Server Configuration Wizard, providing the correct Microsoft SQL Server configuration and authentication information. Allow the Management Server Configuration Wizard to update the SEPM database.
In the event that the new SEPM server has a new IP and hostname, you need to follow an additional set of steps to migrate clients using a Management Server List or Communication Update Package (Sylink).
On the console, click Clients > Policies > General Settings.
On the Security Settings tab, uncheck Enable secure communications between the management server and clients by using digital certificates for authentication, and then click OK. (Do this for all groups.)
Wait several heartbeats until all clients get the updated policy.
Next, navigate to Policies > Policy Components > Management Server Lists > Add Management Server List.
Click Add > Priority. A new Priority is added named "Priority2".
Add the old SEPM server under Priority 2,and add the new SEPM server under Priority 1.
Assign the new Management Server List to all groups. Clients start moving gradually from the old SEPM to the new one.
Once all clients are showing in the new SEPM, Stop the "Symantec Endpoint Protection Manager" and "Symantec Embedded Database" services on the old SEPM server.
Verify that all clients now report to the new SEPM.
Once you verify that all clients are reporting to the new SEPM, uninstall the SEPM from the old server.
Imported Document ID: TECH171767
Subscribing will provide email updates when this Article is updated. Login is required.