I have some PCs that recently moved from one site to another, so I need to be able to change their parent server remotely, as there is no admin on site at the new location. The two SEPM servers are unrelated, and have never been replicated. I have found the following two KB articles, neither of which appears to be helpful:
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/9be6f2bba7de30fd88257641006ca89b?OpenDocument
Option 1 in this article is to redeploy the client with the "clear logs and reset communications" option -- I tried this and it did not work. This may be because the clients may have been migrated from SAV to SEP, which the article specifically states clients that were migrated may not be able to be moved in this fashion.
Option 2 seems to require an administrator to run the tool on each PC.
Option 3 states to stop the Symantec Management Client service and manually replace the sylink.xml file. This would be acceptable, as I could not only do this remotely, I could even script it. However, the SMC service cannot be stopped while Windows is running in normal mode (the "stop" and "restart" options are grayed out, and the "smc -stop" cmdline does not work, either), which renders this option invalid.
Here is article 2:
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/9be6f2bba7de30fd88257641006ca89b?OpenDocument
Unfortunately, this approach seems to break using digital certs to secure communication, as the necessary files, such as the sylink.xml file, do not ever get updated on the clients.
Did I miss something, or am I looking at a rip-and-replace scenario (have someone run around and manually uninstall SEP from each PC, then remotely redeploy the client)?