Endpoint Protection

Hello,

I am attempting to go the route of migrating clients from an old SEP server to a new SEP server
one runs win2008 and new one runs win2019.
I backed up databases and imported everything including firewall/policies.
I followed the instructions shown below where you create a management server list:
Move Endpoint Protection Manager to another server without breaking client communications or losing data

I made sure that my windows firewall has 443 and 8014 enabled.  I made sure both sepm servers have 8014 setup in the allow rules for the firewall.  I checked the /secars/secars.dll?hello,secars via browser and get an "OK" from the client machine.  I checked the apache server and made sure the .conf has the Listen 8014 line.  Everything seems to be correct but im getting a generic HTTP Error 400.  Anyone have a solution to this or things I can try?  I have checked everything I can think of but have not found a solution yet.  The only solution that seems to work is the sylink drop which if we have 1000's of clients, obviously that will take a long time.

When I check the log file I get:
Returning 400 Bad Request, No length parameter for the encoding URL!,-------------------------------------------
Any Assistance would be greatly appreciated

If it helps, we utilize PDQ Deploy to "set" the sylink file for brand new laptop builds. I have found that same deployment package useful when I am moving devices between my Prod and Test environments. I can post the the file here, but I believe its a Broadcom provided solution. In the meantime, here is the powershell script that we run alongside the "SylinkDrop.exe"

You will need the following files 

1. Sylink.xml - MSL policy settings
2. SylinkDrop.exe - Symantec CMC SylinkDrop

POWERSHELL SCRIPT

$tempPath = "C:\Temp"
if(!(Test-Path $tempPath)){
New-Item -Path $tempPath -ItemType Directory
}
Copy-Item -Path sylink.xml -Destination $tempPath -Force -ErrorAction SilentlyContinue
Copy-Item -Path SylinkDrop.exe -Destination $tempPath -Force -ErrorAction SilentlyContinue
&'c:\temp\SylinkDrop.exe' '-silent' 'c:\temp\sylink.xml'
start-sleep -Seconds 5
Remove-Item -Path "c:\temp\sylink.xml" -Force -ErrorAction SilentlyContinue
Remove-Item -Path "c:\temp\SylinkDrop.exe" -Force -ErrorAction SilentlyContinue
Original Message:
Sent: 01-13-2021 05:30 PM
From: Joseph Stefanelli
Subject: SEPM client Migration - Management Server lists

When I check the log file I get:
Returning 400 Bad Request, No length parameter for the encoding URL!,-------------------------------------------
Any Assistance would be greatly appreciated

Post a sylink debug log of a client that's still pointing to the old SEPM as it checks in, please.  Let the sylink log run for a couple minutes

Enabling sylink debugging:
https://knowledge.broadcom.com/external/article/151511/enable-sylink-debugging-for-endpoint-pro.html#:~:text=To%20enable%20Sylink%20debug%20logging%20via%20the%20Windows%20Registry&text=In%20the%20Search%20programs%20and,regedit%2C%20and%20then%20click%20OK.&text=Double%2Dclick%20smc_debuglog_on.,to%201%20and%20click%20OK.
Original Message:
Sent: 01-12-2021 02:22 PM
From: Joseph Stefanelli
Subject: SEPM client Migration - Management Server lists

Hello,

I am attempting to go the route of migrating clients from an old SEP server to a new SEP server
one runs win2008 and new one runs win2019.
I backed up databases and imported everything including firewall/policies.
I followed the instructions shown below where you create a management server list:
Move Endpoint Protection Manager to another server without breaking client communications or losing data

I made sure that my windows firewall has 443 and 8014 enabled.  I made sure both sepm servers have 8014 setup in the allow rules for the firewall.  I checked the /secars/secars.dll?hello,secars via browser and get an "OK" from the client machine.  I checked the apache server and made sure the .conf has the Listen 8014 line.  Everything seems to be correct but im getting a generic HTTP Error 400.  Anyone have a solution to this or things I can try?  I have checked everything I can think of but have not found a solution yet.  The only solution that seems to work is the sylink drop which if we have 1000's of clients, obviously that will take a long time.

2021/01/13 22:02:13.661 [7928:6036] Command line has been handled
2021/01/13 22:07:30.950 [7992:2088] Entering the command line handler
2021/01/13 22:07:30.950 [7992:2088] Service request event handle: 0000028C
2021/01/13 22:07:30.966 [7992:2088] Failed in creating a module snapshot for parent of smc.exe. Returning false from CSmcApp::IsSmcExitDelayNeeded
Original Message:
Sent: 01-13-2021 07:20 PM
From: Robert Trimble
Subject: SEPM client Migration - Management Server lists

Post a sylink debug log of a client that's still pointing to the old SEPM as it checks in, please.  Let the sylink log run for a couple minutes

Enabling sylink debugging:
https://knowledge.broadcom.com/external/article/151511/enable-sylink-debugging-for-endpoint-pro.html#:~:text=To%20enable%20Sylink%20debug%20logging%20via%20the%20Windows%20Registry&text=In%20the%20Search%20programs%20and,regedit%2C%20and%20then%20click%20OK.&text=Double%2Dclick%20smc_debuglog_on.,to%201%20and%20click%20OK.
Original Message:
Sent: 01-12-2021 02:22 PM
From: Joseph Stefanelli
Subject: SEPM client Migration - Management Server lists

Hello,

I am attempting to go the route of migrating clients from an old SEP server to a new SEP server
one runs win2008 and new one runs win2019.
I backed up databases and imported everything including firewall/policies.
I followed the instructions shown below where you create a management server list:
Move Endpoint Protection Manager to another server without breaking client communications or losing data

I made sure that my windows firewall has 443 and 8014 enabled.  I made sure both sepm servers have 8014 setup in the allow rules for the firewall.  I checked the /secars/secars.dll?hello,secars via browser and get an "OK" from the client machine.  I checked the apache server and made sure the .conf has the Listen 8014 line.  Everything seems to be correct but im getting a generic HTTP Error 400.  Anyone have a solution to this or things I can try?  I have checked everything I can think of but have not found a solution yet.  The only solution that seems to work is the sylink drop which if we have 1000's of clients, obviously that will take a long time.

I ended up doing a disaster recovery method.

I backed up everything on the old server, renamed the server and took it off the domain.
Spun up a new server and renamed it with the old server's name and IP address
Only thing i noticed is that somehow the database didnt properly backup so i brought the old SEP server back online temporarily while it was on a different IP Address and name.  I backed up the database, transferred to new server and brought it back down.

I did a brand new installation of SEPM using the latest private key file.  From what I read, that is what is used to restore communication for the clients.
After the entire process, including the Live Update, I restored the database.  
What I found is that many computers are trying to connect to the oldserver(now named SEPOlder.  The connection settings on one of the clients actually shows SEPOlder)

Other computers are properly connected to the new server with the old name of SEP and the old IP

Any idea what was done wrong and is there any way to force all clients to look to the new server via hostname/IP?
Original Message:
Sent: 01-13-2021 07:20 PM
From: Robert Trimble
Subject: SEPM client Migration - Management Server lists

Post a sylink debug log of a client that's still pointing to the old SEPM as it checks in, please.  Let the sylink log run for a couple minutes

Enabling sylink debugging:
https://knowledge.broadcom.com/external/article/151511/enable-sylink-debugging-for-endpoint-pro.html#:~:text=To%20enable%20Sylink%20debug%20logging%20via%20the%20Windows%20Registry&text=In%20the%20Search%20programs%20and,regedit%2C%20and%20then%20click%20OK.&text=Double%2Dclick%20smc_debuglog_on.,to%201%20and%20click%20OK.
Original Message:
Sent: 01-12-2021 02:22 PM
From: Joseph Stefanelli
Subject: SEPM client Migration - Management Server lists

Hello,

I am attempting to go the route of migrating clients from an old SEP server to a new SEP server
one runs win2008 and new one runs win2019.
I backed up databases and imported everything including firewall/policies.
I followed the instructions shown below where you create a management server list:
Move Endpoint Protection Manager to another server without breaking client communications or losing data

I made sure that my windows firewall has 443 and 8014 enabled.  I made sure both sepm servers have 8014 setup in the allow rules for the firewall.  I checked the /secars/secars.dll?hello,secars via browser and get an "OK" from the client machine.  I checked the apache server and made sure the .conf has the Listen 8014 line.  Everything seems to be correct but im getting a generic HTTP Error 400.  Anyone have a solution to this or things I can try?  I have checked everything I can think of but have not found a solution yet.  The only solution that seems to work is the sylink drop which if we have 1000's of clients, obviously that will take a long time.