Endpoint Protection

 View Only

  • 1.  Easiest way to remotely migrate SEP clients from one SEPM server to another

    Posted Apr 30, 2010 03:54 PM
    I have some PCs that recently moved from one site to another, so I need to be able to change their parent server remotely, as there is no admin on site at the new location.  The two SEPM servers are unrelated, and have never been replicated.  I have found the following two KB articles, neither of which appears to be helpful:
    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/9be6f2bba7de30fd88257641006ca89b?OpenDocument
    Option 1 in this article is to redeploy the client with the "clear logs and reset communications" option -- I tried this and it did not work.  This may be because the clients may have been migrated from SAV to SEP, which the article specifically states clients that were migrated may not be able to be moved in this fashion.
    Option 2 seems to require an administrator to run the tool on each PC.
    Option 3 states to stop the Symantec Management Client service and manually replace the sylink.xml file.  This would be acceptable, as I could not only do this remotely, I could even script it.  However, the SMC service cannot be stopped while Windows is running in normal mode (the "stop" and "restart" options are grayed out, and the "smc -stop" cmdline does not work, either), which renders this option invalid.
    Here is article 2:
    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/9be6f2bba7de30fd88257641006ca89b?OpenDocument
    Unfortunately, this approach seems to break using digital certs to secure communication, as the necessary files, such as the sylink.xml file, do not ever get updated on the clients.

    Did I miss something, or am I looking at a rip-and-replace scenario (have someone run around and manually uninstall SEP from each PC, then remotely redeploy the client)?


  • 2.  RE: Easiest way to remotely migrate SEP clients from one SEPM server to another
    Best Answer



  • 3.  RE: Easiest way to remotely migrate SEP clients from one SEPM server to another

    Posted Apr 30, 2010 05:20 PM

    Sylink Replacer would certainly do the trick, but I'm curious about where you say that smc -stop did not work via command line (it's normal to see it greyed out through Services.msc).  Was the SMC process passworded on the old system?

    sandra


  • 4.  RE: Easiest way to remotely migrate SEP clients from one SEPM server to another

    Posted Apr 30, 2010 05:42 PM
    Prachand,
    Sylink-remote did not work.  I suspect for the same reason the KB steps did not work -- the batch file runs the smc -stop command, which doesn't work.  However, the sylinkreplacer tool did indeed work!  Not sure what it does differently, as it seems to function in a similar fashion.  Thanks for the info!

    Sandra,
    It occurred to me if the process was password protected it may be an issue, so I disabled that feature and verified, however, when running smc -stop from the command line, still nothing would happen.  It would not report an error, but the service would not stop and the sylink.xml file was still unable to be renamed or replaced because it was locked in use.