Symantec Management Platform (Notification Server)

Expand all | Collapse all

Migrating to new server

  • 1.  Migrating to new server

    Posted 08-27-2020 09:45 AM
    I am migrating my 7.6 SMP to 8.1 while i work to get ready for 8.5 but I need to be able to migrate a lot of customized settings can anyone tell me if i can do this without having to export hundreds of XMLs then import them again.

    ------------------------------
    PAREXEL Informatics
    ------------------------------


  • 2.  RE: Migrating to new server

    Broadcom Employee
    Posted 08-27-2020 10:43 AM
    Hi mwysocki!

    Could you please provide more details about:
    - 7.6 is running on existing production environment and 8.1 is a new hardware/environment for SQL & NS?
    - 7.6.x & 8.1 HF.x  has cummulative PF installed which allows to execute stand-alone replications from 7.6.x to 8.1 RU7 with cummulative PF installed?
    - Which settings you are going to migrate from 7.6.x  to 8.1.x (NS Settings, SMA settings, CEM settings? Solutions settings, but which one of solution (DS, Patch, Inventory, Software Management, RTSM/RTCI, Monitor Solution, Power Scheme, etc and what exact settings?

    Best regards,
    IP.

    ------------------------------
    Software QA Engineer
    Broadcom Inc.
    ------------------------------



  • 3.  RE: Migrating to new server

    Posted 08-27-2020 10:59 AM
    Could you please provide more details about:
    - 7.6 is running on existing production environment and 8.1 is a new hardware/environment for SQL & NS? -Yes 8.1 is on a new server with a clean SQL DB
    - 7.6.x & 8.1 HF.x has cummulative PF installed which allows to execute stand-alone replications from 7.6.x to 8.1 RU7 with cummulative PF installed? 7.6 is HF7 8.1 is RU7 with all post fixes installed.
    - Which settings you are going to migrate from 7.6.x to 8.1.x (NS Settings, SMA settings, CEM settings? Solutions settings, but which one of solution (DS, Patch, Inventory, Software Management, RTSM/RTCI, Monitor Solution, Power Scheme, etc and what exact settings?
    I am looking to migrate all of my sites for site servers
    All Organization groups for computers
    All Custom Data Classes
    All Custom Filters and Targets
    I had some custom security roles I would like to migrate.
    Pretty much everything i can since the replicator only moved my software information, jobs and tasks.

    I tried to setup a replication export rule but could not add my new SMP server to the available servers.


    Since my 8.1 DB is basically empty could I somehow copy data from my 7.6 DB over without having to fix settings in regards to the old server name.

    Is it to late to run the migration wizard?

    Thanks for any help

    ------------------------------
    PAREXEL Informatics
    ------------------------------



  • 4.  RE: Migrating to new server

    Broadcom Employee
    Posted 08-27-2020 11:29 AM

    According to all mentioned above Items/Resources which should be migrated from old to a new database, I'll consider to use a stand-alone replication rules
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/endpoint-security-and-management/it-management-suite/8-5/Getting_Started_2/Migrating_Data_Using_Standalone_Replication_13/performing-data-migration-using-standalone-replica-v119030884-d846e21735.html

    Note:
    To use this method of data replication, please make sure that your 7.6.x & 8.1.x has appropriate PF installed which allows to perform this.
    Make sure that each stand-alone replication rule for appropriate resource type has only required things to replicate (do not just select root folder to replicate everything even what is not needed)



    ------------------------------
    Software QA Engineer
    Broadcom Inc.
    ------------------------------



  • 5.  RE: Migrating to new server

    Posted 08-27-2020 12:07 PM
    One issue i had trying to set this that when i try to add my new MSP server it gives me an error that it is not a valid NS server website.



    ------------------------------
    PAREXEL Informatics
    ------------------------------



  • 6.  RE: Migrating to new server

    Broadcom Employee
    Posted 08-27-2020 12:15 PM
    Open Altiris Log Viewer on this NS machine to identify a reason of this error (probably SSL handshake fails)

    ------------------------------
    Software QA Engineer
    Broadcom Inc.
    ------------------------------



  • 7.  RE: Migrating to new server

    Posted 08-27-2020 12:25 PM
    Edited by Mark Wysocki 08-27-2020 12:26 PM
    I get this in the log viewer.

    When i try to browse to the page directly it does give me the usual IE message about the Cert i then have to say go to site anyway.

    would I need to import the cert from the new server maybe?

    Unable to get valid NS server. (Exception: This is not a valid notification server web site.)
    This is not a valid notification server web site.
    [Altiris.NS.Exceptions.AeXException @ Altiris.Web.NS]
    at Altiris.NS.UI.Services.NSServerService.GetValidNSServer(String nsName, String nsWebSite)

    Exception logged from:
    at Altiris.Diagnostics.Logging.EventLog.ReportException(Int32 severity, String strMessage, String category, Exception exception, String footer)
    at Altiris.NS.UI.Services.NSServerService.GetValidNSServer(String nsName, String nsWebSite)
    at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
    at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
    at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
    at System.Web.Script.Services.WebServiceMethodData.CallMethod(Object target, IDictionary`2 parameters)
    at System.Web.Script.Services.RestHandler.InvokeMethod(HttpContext context, WebServiceMethodData methodData, IDictionary`2 rawParams)
    at System.Web.Script.Services.RestHandler.ExecuteWebServiceCall(HttpContext context, WebServiceMethodData methodData)
    at System.Web.Script.Services.ScriptHandlerFactory.HandlerWrapper.ProcessRequest(HttpContext context)
    at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
    at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
    at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
    at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)
    at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)
    at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
    at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)
    at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)

    ------------------------------
    PAREXEL Informatics
    ------------------------------



  • 8.  RE: Migrating to new server

    Broadcom Employee
    Posted 08-28-2020 02:43 AM
    Certificate from destination NS 8.1 should be installed in trusted root of source 7.6.x NS to have SSL handshake successfull (8.1 NS also should has cert of 7.6 NS isntalled in own trusted root)

    open https://NS/Altiris/Console of 8.1 NS in browser on source 7.6 NS - install its certificate in trusted root
    open https://NS/Altiris/Console of 7.6 NS in browser on destination 8.1 NS  - install its certificate in trusted root

    ------------------------------
    Software QA Engineer
    Broadcom Inc.
    ------------------------------



  • 9.  RE: Migrating to new server

    Posted 08-28-2020 08:24 AM
    Thanks it is working now.

    One other question if you don't mind Igor.

    I replicated 2 customer roles i setup but the privileges did not come with them is there a way to replicate the rights settings so i don't need to recreate them bit by bit?

    ------------------------------
    PAREXEL Informatics
    ------------------------------



  • 10.  RE: Migrating to new server

    Broadcom Employee
    Posted 08-28-2020 08:29 AM
    Did you create/run stand-alone privileges rule?
    - 1st replicate roles
    - 2nd replicate privileges



    ------------------------------
    Software QA Engineer
    Broadcom Inc.
    ------------------------------



  • 11.  RE: Migrating to new server

    Broadcom Employee
    Posted 08-28-2020 09:21 AM

    Here is a suggestion, how better migrate required data to a new NS server using stand-alone replication rules.
    It mostly recommends a sequence of what to replicate 1st, 2nd, 3rd, etc to have all data properly migrated.

    1. You have to replicate your "Roles" and "Accounts" using "Security" stand-alone replication rule
    • Select all required "Roles" in "Security" stand-alone replication rule and replicate them. During replication of selected Role(s), it will automatically replicate all accounts which are assigned on replicated Roles as well as other Role(s) which are member(s) of replicated Role(s).
    1. You have to replicate privileges using "Security" stand-alone replication rule.
    • You can select all available privileges and replicate them. After privileges replication, they will automatically applied on your replicated Security Role(s) and each Role will have only own privileges assigned, as they are on source Notification Server.
    • In case if you are replicating Privilege of product, which doesn't exist on destination Notification Server, then you will see similar warning message(s) during replication on destination NS machine

    "10/3/2016 3:23:46 PM","Product c432b710-f971-11a2-8643-20105bf409af does not exist in the NS, and privilege ViewOnly could not be imported.","Altiris.NS.Security.PrivilegeHelper.ImportExtendedPrivilege","Altiris.NS.dll","96","Warnings"

    1. You have to replicate "Computers", "Devices", "Users", "Sites", "Subnets", etc using "Resource" stand-alone replication rule along with their "Inventory" Data Classes data.
    2. You have to replicate "Items", such as Policies, Tasks, Reports, Filters, Resource Targets, Org Views/Groups, custom Data Classes, AD Import rules, Data Connector sources and rules using 'Item' stand-alone replication rule with "Replicate All (All selected items are replicated whether they have changed or not.)" option enabled to sync-up Item and its permissions settings for replicated 'Security Roles' on destination Notification Server.
    3. You have to replicate (if required for customer) "Events" Data Classes data for already replicated "Computers", "Devices", "Users" using "Events" stand-alone replication rule.
    Thanks,
    IP.

    ------------------------------
    Software QA Engineer
    Broadcom Inc.
    ------------------------------



  • 12.  RE: Migrating to new server

    Posted 09-01-2020 02:22 PM
    Hello Igor,

    Over the weekend something odd happened where on my old 7.6 server under the server setting in hierarchy and Replication the entry for my old server got unchecked and i am not able to check it off again and i think this is preventing me from being able to replicate to my new server now.

    Any idea how i can fix this so i can keep going with my replication.

    also is there any harm in replicating to many data classes?


    ------------------------------
    PAREXEL Informatics
    ------------------------------



  • 13.  RE: Migrating to new server

    Broadcom Employee
    Posted 09-07-2020 02:36 AM
    Hello!

    You mean that now if you create a stand-alone replication rule, specify there destination new NS on old NS machine and start replication, replication doesn't start or fails? What says NS log on source NS?

    During computers replication from old NS to new NS, consider whether you will need to replicate old NS as computer to a new NS because computers in database which has role NS they can't be deleted from SMP Console.

    ------------------------------
    Software QA Engineer
    Broadcom Inc.
    ------------------------------