Endpoint Encryption

 View Only

Symantec Endpoint Encryption 11.0.1 Management Server Installation 

Apr 14, 2015 04:16 PM

 

For this demonstration, I will be using Symantec Endpoint Encryption 11.0.1 on Windows Server 2012 R2 Datacenter, 64-bit.

SEE 11.0.1 0001.png

This demonstration assumes that you have a compatible database already created for use with the product.  System requirements and compatible versions of MSSQL can be found here:
http://www.symantec.com/docs/TECH224478

 

This demonstration also assumes that you have properly prepared your server Roles and Features in preparation for installing the Symantec Endpoint Encryption Management Server.  If you have not done so already, please check the following article for further instruction:
https://www-secure.symantec.com/connect/articles/symantec-endpoint-encryption-1101-initial-server-configuration
 

1.  Download Symantec Endpoint Encryption from https://symantec.flexnetoperations.com

SEE 11.0.1 0002.png

 

2.  Right-click on the zip file, and select “Extract All...”.  Choose a destination for the extracted files, and click “Extract”.

SEE 11.0.1 0003.png

SEE 11.0.1 0004.png

SEE 11.0.1 0005.png

 

3.  Double-click on the SEE Management Server package.  The same package is used for 32- and 64-bit systems.  When prompted by Windows Security, click “Run”.

SEE 11.0.1 0006.png

SEE 11.0.1 0007.png

 

4.  Click “Next”.

SEE 11.0.1 0008.png

 

5.  Read the License Agreement.  When you are finished, if you agree, select “I accept the terms in the license agreement” and click “Next”.

SEE 11.0.1 0009.png

 

6.  Next you will be asked to enter the database information for creating a new database instance to hold client system information.  Click “Browse”.   Select the database server you would like to use, and click “OK”.

SEE 11.0.1 0010.png

SEE 11.0.1 0011.png

 

7.  Enter the credentials of an account that has privileges on the database server to create a new database instance, and create and modify a database user account and account privileges.  Typically the “sa” account is used, but depending on your setup, this may use Windows credentials or other database credentials.

SEE 11.0.1 0012.png

 

8.  In this example, we are creating a new database, but if your environment has an existing SEE database, you can select “Use existing database”.  Using the default database name of SEEMSDb is recommended, but not required.

SEE 11.0.1 0013.png

 

9.  Next we will specify an account to be used for server communication to the database.  It can be an existing domain account, or a SQL database account.  The previous user credentials we used to create the database will also add this user to the database and assign proper permissions.  In my example, I am using a Windows domain service account.  Choose the account type and click “Next”.

SEE 11.0.1 0014.png

 

10.  Enter the credentials for the communication account and click “Next”.

SEE 11.0.1 0015.png

 

11.  In most cases the database configuration/size will not need to be modified.  Click “Next”.

SEE 11.0.1 0016.png

 

12.  Create a management password for the Symantec Endpoint Encryption Management Server.  This password will be used for a few specific things, detailed on page 31 of the installation guide.  After you create the password, click “Next”.

SEE 11.0.1 0017.png

 

13.  Select an installation path for the product, and click “Next”.

SEE 11.0.1 0018.png

 

14.  To begin the installation, click “Install”.  If you want to change any settings to this point, click “Back”.  When you click install, the program installation will begin.

SEE 11.0.1 0019.png

SEE 11.0.1 0020.png

 

15.  When the product finishes installation, click “Finish”.  After a few moments, the SEE Configuration Manager will appear.

SEE 11.0.1 0021.png

 

16.  Choose whether you would like to submit anonymous data to Symantec to analyze and help improve the product functionality, and click “Next”.

SEE 11.0.1 0022.png

 

17.  Enter the Web Server configuration data.  It is recommended to use HTTPS, but for my purposes here I selected HTTP communication for client-to-server communication.  A service account with a non-expiring passphrase should be used for access.  The account only needs to be a standard domain user.  When finished, click “Next”.

SEE 11.0.1 0023.png

 

18.  Click on the green “+” symbol to set up AD configuration.

SEE 11.0.1 0024.png

 

19.  Enter your AD Forest information.  You will need to use an AD account to facilitate communication with a catalog server to complete AD Sync.  We again recommend using a service account with a non-expiring password.  TLS/SSL is recommended.  When finished, click “Next”.

SEE 11.0.1 0025.png

 

20.  Click “Finish”.

SEE 11.0.1 0026.png

SEE 11.0.1 0027.png

 

21.  Open the IIS Manager.  You should now see a web site with Symantec Endpoint Encryption Services.  After verifying this, close the IIS Manager.

SEE 11.0.1 0028.png

 

22.  Next we will also do a brief walkthrough for a few component installations.  Since everything else requires the Management Agent, we will start there.  Double-click the SEE Management Agent appropriate for your server.  Mine is 64-bit, so I have selected the 64-bit installer.

SEE 11.0.1 0029.png

 

23.  Click “Run”.

SEE 11.0.1 0030.png

 

24.  Click “Next” to begin installation.

SEE 11.0.1 0031.png

 

25.  Read the next screen regarding multi-factor authentication, and click “Next”.

 

SEE 11.0.1 0032.png

 

26.  Read the license agreement, and if you agree to the terms, select “I accept the terms in the license agreement” and click “Next”.

SEE 11.0.1 0033.png

 

27.  Select which authentication you wish your users to use, password or PIV (smart card) authentication.  Click “Next”.

SEE 11.0.1 0034.png

 

28.  Select an installation directory, and click “Next”.

SEE 11.0.1 0035.png

 

29.  The next step confirms the location and communication for the SQL database that was set up in the SEE Management Server.  Click “Browse”, select the appropriate database server, then click “OK”.

SEE 11.0.1 0036.png

SEE 11.0.1 0037.png

 

30.  During the installation process, some changes will be made to the SQL database.  These changes require a valid login for the database server, which can either be the currently logged in user credentials, or a SQL account, such as the “sa” account.  Since I set up no permissions for my current AD account, I chose to use the “sa” account, and entered the login ID and password.  After selecting the login method, click “Next”.

SEE 11.0.1 0038.png

 

31.  Enter the current Management Password set up in step 12.  Click “Next”.

SEE 11.0.1 0039.png

 

32.  Click “Install” to begin installation, or “Back” to make changes.

SEE 11.0.1 0040.png

 

33.  When installation completes, click “Finish”.

SEE 11.0.1 0041.png

 

34.  Install the remaining components that you desire.  I have included screenshots for the Drive Encryption and Removable Media installs, and you can see that the remaining components are fairly straightforward, and require little input.

SEE 11.0.1 0042.png

SEE 11.0.1 0043.png

SEE 11.0.1 0044.png

SEE 11.0.1 0045.png

SEE 11.0.1 0046.png

SEE 11.0.1 0047.png

 

SEE 11.0.1 0048.png

SEE 11.0.1 0049.png

SEE 11.0.1 0050.png

SEE 11.0.1 0051.png

SEE 11.0.1 0052.png

SEE 11.0.1 0053.png

 

Statistics
0 Favorited
3 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Jun 12, 2019 09:29 PM

Hi, I want to know if this process is the the same for Windows Server 2019? 

Jul 06, 2015 05:26 AM

Hi, I want to know if this process you described is the the same for an install on a Windows Server 2008 R2? Is it exactly the same steps?

May 21, 2015 11:25 AM

For whatever reason, the Web Site is not creating properly.  You will need to uninstall the Management Server, check the prerequisites, and reinstall.

I usually see that error when something is missed in the prereqs, specifically the IIS 6 Management Compatibility and Scripting Tools.  We use both IIS 6 and IIS 7 components for generating the web site in IIS.

You can check the following article to go over the initial configuration steps to doublecheck the roles:
https://www-secure.symantec.com/connect/articles/symantec-endpoint-encryption-1101-initial-server-configuration

I have come across one case where we uninstalled, and the prereqs were correct, so we simply reinstalled and it was able to complete successfully.  That is definitely not normal, and I have to assume something interrupted or prevented part of the original install from installing correctly.  In every other case, it has been a missed prerequisite.  We have been pushing for some documentation changes in the installation guides for better continuity, and less jumping around.  It makes it really easy to miss something.

 

May 21, 2015 10:14 AM

Could you clarify the SSL setup on step 17?

Specifically, I create a CSR through IIS and get a .cer back from our internal CA. When I select that .cer file in the "CA Certificate" "browse" button I get the message back "invalid certificate selected."

Based on that I chose to use HTTP with port 8080 as you did.

(*EDIT* I finally got a cert that worked here.)

 

Also, the "IIS Client Authentication Account" is not clear. For testing, I used the same domain account used for the server admin, database access, etc.

From the install guide page 30:

"Each client computer shares a single domain user account.
It uses this account for basic authentication to IIS on the
Symantec Endpoint Encryption Management Server. The
IIS client authentication account is a regular domain user
account and does not require specific privileges."

 

Regardless, when I get to the end and click "Finish" I am presented with this message: "Save failed for Web Server Configuration due to invalid data. Enter valid data." Then it pushes me back to the web server config screen. Unfortunately it is not obvious what data is invalid.

 

Basically,, my setup for testing uses one account, which is a domain service account (with logon). That account has local admin to the test server and dbo database access.

Related Entries and Links

No Related Resource entered.