Endpoint Protection

 View Only
  • 1.  Move clients from 1 management server to another

    Posted Sep 16, 2009 09:35 AM
    Hi,

    Got 2 Symantec Endpoint Protection Servers setup. One is our main one which has approx 3000 clients. The 2nd one was a test server which i used to trial the new av. The problem i have is that the server has approx 50 clients that look at it, but those client don't have DNS or WINS and just look at the IP address of the test server. Also i don't have admin rights to those PCs as they aren't on our normal domain. So i basically want a way to move those 50 clients to my main server without having to physcially visit them. Would it work if i gave the main server a second IP address which matches the test server? Or is it feasible to install a 2nd management server/console on our main SEP server and import the DB from the test server and give it the same IP? any advise would be great.

    Thanks
    Richard


  • 2.  RE: Move clients from 1 management server to another

    Posted Sep 16, 2009 09:45 AM
    What we can do is replace the syllink on these 50 clients and then they will start reporting to the main server. Copy the sylink from the main server and replace them by using any of the 2methods given belwo

       


  • 3.  RE: Move clients from 1 management server to another

    Posted Sep 16, 2009 09:45 AM
    since you have 50 machines , the easiest way is to replace the sylink file and it wil work  perfectly

    https://www-secure.symantec.com/connect/forums/moving-clients-one-management-server-another

    check the above blog , use the sylink replacer, it can be found in the downloads section.

    please read the reame.txt file, gives you how the tool works and various options..

    its simple and powerful.

    You can add the second server list, however once you do that ,your 3000+ clients sylink file will also change,

    best way is to use the sylink tool



  • 4.  RE: Move clients from 1 management server to another

    Posted Sep 16, 2009 09:48 AM
    Hi,

             There is more then one way to point a SEP client to a SEPM. Below you will find 3 solutions that will point the client back to the SEPM. Choose the solution that is best for you.

    Solution 1

    Export a client install package with custom settings that specify removal of the previous client-server communication settings, and then deploy the package.

    --> Create custom client install settings

    Log on to the SEPM you wish to have manage the client.
    Click the Admin tab, then click Install Packages.
    Click Client Install Settings, then click Add Client Install Settings... This will open the Add Client Install Settings dialog.
    At the bottom of the page under Upgrade Settings: select the setting Remove all previous logs and policies, and reset the client-server communications settings.
    Set all other options as desired.
    Click OK.

    --> Export a client using the custom client install settings created above

    Click the Admin tab, then click Install Packages.
    Click Client Install Packages, then click the package to be exported from the right-hand pane.
    Click Export Client Install Package...
    Ensure Pick the customized installation settings below: is set to the custom install settings created above.
    Set all other options as desired.
    Click OK to export the new package.
    Deploy this package by the desired method.


    Note: This procedure will only overwrite the Sylink.xml on a previously new (not migrated from Symantec AntiVirus (SAV)) install of SEP.  If the client was migrated from SAV, the old Sylink.xml will not be overwritten because the SEP files are located in ...\Program Files\Symantec Antivirus not ...\Program Files\Symantec\Symantec Endpoint Protection.

    Solution 2

    --> The "SylinkReplacer" utility is designed to replace Sylink.xml files in existing Symantec Endpoint Protection clients.
    Note: The "SylinkReplacer" utility is only for use in Symantec Endpoint Protection environments.  To obtain "SylinkReplacer", contact Symantec Technical support at:
    http://www.symantec.com/business/support/index.jsp


    Note: The zip file is password protected.  To unzip the file use the following password: symantec

    Extract the file to a convenient location, such as the Desktop, using the unzip password provided above.
    Follow the instructions provided in the SylinkReplacer.PDF
    Execute the tool by double clicking SylinkReplacer.exe and follow the on screen instructions.

    Please note that the DOS window should not be closed during any course of action while the tool is running.

    Solution 3

    --> To copy the Sylink.xml manually to the SEP client
    1.    On the system that has the new Symantec Endpoint Protection Manager, browse to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\.
    2.    In this location, there are two or more folders with 32-character alphanumeric names.
    3.    Each folder represents a group in your Symantec Endpoint Protection Manager site. Inside of each folder is a file named LSProfile.xml.
    4.    Open the LSProfile.xml file to view which group the alpha numeric folder belongs to find the XML tag: <GroupInfo Name="X" where X is the name of the group.
    (Do not edit LSProfile.xml.  Any edits to the LSProfile.xml file is not recommended or supported, and can cause serious communication problems.)
    5.    Once you have located the correct group folder that you would like the client to belong to make a copy of the Sylink.xml file and move it to the desktop of the client that you want to be managed.
    6.    Click Start
    7.    Click Run
    8.    Type: smc -stop ( this will stop the Symantec Management Client service)
    9.    Navigate to: C:\Program Files\Symantec\Symantec Endpoint Protection on the SEP client
    10.    Replace the new Sylink.xml with the original one in the C:\Program Files\Symantec\Symantec Endpoint Protection folder
    11.    Click Start
    12.    Click Run
    13.    Type: smc -start to start the service
    14.    Open the Symantec Endpoint Protection Manager
    15.    Click on Clients page
    16.    Highlight the group
    17.    You should see the client in the group of your choice
    Note: ( if the client is in a different group just right click on the client and choose Move, and choose the group you want the client to be moved to)



  • 5.  RE: Move clients from 1 management server to another

    Posted Sep 16, 2009 10:19 AM
    Hi Ickleric,

    Along Sylink.xml add Serdef.dat file while copying


  • 6.  RE: Move clients from 1 management server to another

    Posted Sep 16, 2009 10:26 AM

    unfortunatly i can copy the sylink file onto these machine as unable to access the c$ due to not having admin rights to these machines. I do have the username password to these PCs but for some reason can't remotly gain admin access to them.



  • 7.  RE: Move clients from 1 management server to another

    Posted Sep 16, 2009 10:44 AM
    You can run the tool on any machine with Admin access. when it runs it gives you a pop up..preferrable to run with Domain admin account..

    try running it on one machine when you have the rights.

    Not sure why u r not able to RDP.


  • 8.  RE: Move clients from 1 management server to another

    Posted Sep 16, 2009 10:44 AM
    what if i setup the test server as a replication partner? would the 50 PCs get replicated to my main server? then once done remove the test server?


  • 9.  RE: Move clients from 1 management server to another

    Posted Sep 16, 2009 10:51 AM
    As mentioned by many, there are lot of ways of doing it.

    Remember: you do not have enough rights( you mentioned earlier)

    if you want to go for replication / add MSL , surely you can.

    but if something goes wrong( Very rare) , every recovery will ask for admin account permissions..which you dont have.

    if you are okay with that, then sure you can go ahead.

    ( why making easier things compliated, if you whish many are here to help you out with replication :) ) 





  • 10.  RE: Move clients from 1 management server to another