For various reasons you may need to move Symantec Endpoint Protection
Manager from one server to another. Another server meaning one with a different IP address and Host
name.
I needed to do this sometime back, one of the reasons being a conflict for port 80 on IIS. Windows
Server Update Services (WSUS), Self Update service accesses the WSUS
server on port 80 and Symantec Endpoint Protection Manager also
installs its website on port 80. The event log showed an error
“Self-update is not working” with Event Id 13042.
You’re reasons for
Moving Symantec Endpoint Protection Manager to another server may be
different, but either way, here is how I did it.
Looking around the web you’d find that there 2 ways to getting around this.
1 Using Replication Method
2 Backup-Restore Method
Out of the two the replication method seemed to make more sense, and looked the easiest to get done.
In summary what we need to do is:
- Install SEPM on a new server
- Configure it for replication with the first site
- Change the priorities of the management servers to reflect that this
new server is of higher priority; or simply assigning all groups to
this new server. - Uninstalling old SEPM
Here is now you do that, step-by-step:
- First install Symantec Endpoint Protection Manager on a new server
- When you get to the Management Server Configuration Wizard panel, go
through with the Advanced Configuration type; Select how many computers
will be managed by this server - Choose to Install an additional
site. This is the only option that will install a Management Server and
a database for replication. - In the Server Information panel, accept or change the default values and then click Next
- In the Site Information panel, accept or change the name in the Site
Name box and then click Next. The Site Name cannot be the same as what
you have on your other SEPM. - In the Replication Information panel, type values in the following boxes:
Replication Server Name (The Name or IP address of the old Symantec Endpoint Protection Manager)
Replication Server Port (The default is 8443)
Administrator Name (The Username used to log on to the old console)
Password (The password used to log on to the old console.) - Click Next
- In the Certificate Warning dialog box, click Yes
- In the Database Server Choice panel select either the Embedded database
or the Microsoft SQL Server irrespective of what you have on your old
server and click Next to complete the installation. - Log in to the new Symantec
Endpoint Protection Manager (SEPM) and ensure that all the clients and
policies are Migrated successfully - Click Policies
- Click Policy Components
- Click Management Server Lists.
- Select the Default Management Server List for ‘NEW SEPM’
- Click Assign the List
- Select all the locations, groups and click Assign to replace the
existing Management Server list with the old server with the new one. - Wait for all the clients to reflect this change and connect to the new server. We can go through logs entries or on the SEPM Clients tab of the new server, you’d see the
computer icon with a green dot for the ones connected to it, and a
computer icon with a red arrow showing the clients still connected to
the other server.After the successful Migration. I let this configuration run for a few days before the following
- Uninstall the old Symantec Endpoint Protection Manager (SEPM)
- Log in to the new SEPM and delete the old SEPM server from the Replication partners list and the Remote Sites
- Under the Management Server Lists Policy Component, Delete the Default Management Server List for ‘OLD SEPM’
The
original of the above steps can be found at:
https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&message.id=5911
http://www.symantec.com/connect/forums/move-sepm-console-one-server-another
I’ve edited the above based on my experience to hopefully bring in a little
bit of clarity.
This worked for me perfectly and I Hope this works for you too. However it’s advisable to first read Best Practices for Disaster Recovery with Symantec Endpoint Protection and be prepared for the worst.
Many thanks for this really helpful post! You’ve saved me a bunch of time wading through Symantec forums and documentation. FYI, the weblink you provide above: https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&message.id=5911 seems to be broken now.
Thanks Jeremy.
I’ve updated the link in the post. It seems that Symantec have updated their forums also changed the link structures.
Hi i have a SEP 11 managment console which seems to have corrupted and gone all hay y
i am planning to install the managment part in another server and try to uninstall what is remainig from the first server. the clients have SEP11 installed in them, i am planning to do a clean install, how can i get all my clients to point to the second server as the first one is not function so cant use the replication or backup/restore method?
thanks in advanced
It looks like you have 2 options,
1) Deploying a install package that is flagged to reset communication to the client pc’s
2) Use the “SylinkReplacer” utility from Symantec Technical Support
Check out the the following posts in the Symantec forums for more information
http://www.symantec.com/connect/forums/migrating-sep-different-server
http://www.symantec.com/connect/forums/change-management-server
I tried this method everything went perfect but i am not getting any client connect as told in step.( We can go through logs entries or on the SEPM Clients tab of the new server, you’d see the
computer icon with a green dot for the ones connected to it, and a
computer icon with a red arrow showing the clients still connected to
the other server.). i can not see any of out client wiht red or green button but all the client is there of respective group.
please help me out.
The icons may have changed from the version that I tried this from.
The best thing would be to check client logs to see which SEPM server it had connected to.
Thanks for this procedure. We just went step by step as explained and we were able to migrate Symantec endpoint v11.0.4 to a new server without any issues. The steps are very explanatory.
hi, following your steps 1-16 & have been waiting for hours but none of my sep11 clients got green dot icon in the new sepm console, wondering where went wrong? e.g. if the clients need reboot or what?
btw, your steps 1-20 a little bit different from symantec’s steps 1-16, especially the “management server lists” handling, so which method is better?
many thx!
Thanks for this very helpful post. But do you have the link to the second method? i have tried this replication method but I get this error
“Synchronisation to the remote client failed”
JZ006: Caught IOExpection: Java.io.IOException: JZ0C0: Connection is already closed.
I’m currently googling this error and so far, what I’ve found is that it may be related to the firewall, but I’ve checked the current SEPM server, the windows firewall was already disabled.
Sorry guys, I’ve not kept that information and this post is quite old now; I can’t exactly remember the details now.
How to move Symantec Endpoint Protection Manager to Another Server…
I recently had to move a Symantec Endpoint Protection Manager to another server, I basically followed the steps at
Kavinda Munasinghes Blog. It all worked perfectly & the server is now moved……
I get this error when I follow the procedure:
“The specified server runs a different version of Symantec Endpoint Protection Manager. The replication partner must run the same version as the server that you want to replicate.”
Sigh. Nothing is ever easy. Anyone know the Backup/restore method?
Just wanted to say thanks for this info, worked perfectly for me.
This worked great for me every time I have tried it. Thanks!
Create Component,plan ground find terms enemy towards want achievement particular volume order vision main relatively violence ground key other mass conclude left stock size identify writer cause row word suggest team available want afternoon fly approach for over win answer study seem period association shot fee remember true wage discussion liability stage stick amount talk deal but reach manager group push white card between state group pleasure company prefer exhibition escape discussion mark concern refuse first else speed current let either generally battle hour row employ
Hi,
I am looking for complete installtion video of symantec endpoint protection v 11.x. Could you please proivde me any link or installion image file link.
Thanks in advance
Gaurav
This was excellent, it worked perfectly, thank you.
Many thanks Kavina for this procedure, it really helped me !
Thank you, these steps worked wonderfully.