Move DLP Detection server from one Enforce server to another
search cancel

Move DLP Detection server from one Enforce server to another

book

Article ID: 159655

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention

Issue/Introduction

Move a Symantec Data Loss Prevention (DLP) Detection server from one Enforce server to a different Enforce server.

Resolution

Consider the following before performing these steps:

  • If you are using the default certificates for communication, these steps will let you move a Detection server from one Enforce server to another server.
  • If you are using self-signed certificates by using the sslkeytool utility, make sure that the right certificate is stored on the Detection and Enforce server; otherwise there will be communication failures and the Detection server will display an "Unknown" state.
  • If you are changing Detection server types (e.g. Network Prevent for Web to Network Monitor or Network Monitor to Discover), you should consider reinstalling the Detection server. This clears out any custom settings.

 

WARNING: Do not follow these steps if the Detection server is an Endpoint server. Moving Endpoint Detection servers in this way will break the certificate chain for all connected Endpoint agents. This requires a reinstall of the Agent on those computers.
If this is true, contact Support for additional assistance.

 

  1. Log in to the original DLP Enforce console where the Detection server is already registered.
  2. Navigate to System > Server Overview.
  3. Delete the Detection Server by clicking "X".
  4. Reboot the DLP Detection server. This removes the crypto key from memory that relates to the original DLP Enforce server.
  5. Log in to the new DLP Enforce console where you want to register the DLP Detection server.
  6. Navigate to System > Server Overview > Add Server.
  7. Click Add Detection Server.

Note: If the Detection server status in the DLP Enforce console still shows as "Unknown", restart the Symantec DLP Detection Server Controller Service.

Note: If you need to keep incident data for any of the Discover server you are moving, you will need to keep one Discover server connected to the original Enforce server and move all scan targets to the Discover server that is remaining with the original Enforce Server.

  1. Delete any remaining unneeded incidents.
  2. Delete all scan targets attached to Discover servers you are moving

 

Powered by Wolken Software