Endpoint Protection

 View Only

  • 1.  Decommission First SEPM server in site

    Posted Jan 21, 2010 11:39 AM

    I inherited a slightly poor design for an installation of SEPM with several sites and with failing replications. I've simplified this configuration from 7 sites down to 2 which works perfectly fine.
    However I currently have a site which has 3 servers in it. The first server installed needs to removed, the other two will remain. Is there anyway to change the 'primary' server of a site? If I decomission the first server what issues will I run into?

    I assume this has to be possible as servers get replaced and I'm really hoping this isn't dependant on a restore of some kind.



  • 2.  RE: Decommission First SEPM server in site

    Posted Jan 21, 2010 11:51 AM
    create  management server list
    as per this doc
    Creating and assigning a management server list for a Symantec Endpoint Protection Manager
    http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/e2ac3b646ae21969882573c20063533f?OpenDocument
    assing priority to your second server
    let your cleints move to other server
    then uninstall this server
    let me know if you have any questions.


  • 3.  RE: Decommission First SEPM server in site
    Best Answer

    Posted Jan 21, 2010 11:51 AM
     If the 1st SEPM/Primary database sepm goes down it will break the complete replication.


  • 4.  RE: Decommission First SEPM server in site

    Posted Jan 21, 2010 12:09 PM

    I've changed the management server list already so I'll give it a try early next week. I find it worrying that when I try to force replication from a newer server it states "Only the first server of the site can perform the replication".



  • 5.  RE: Decommission First SEPM server in site

    Posted Jan 22, 2010 12:35 AM
    With the help of new   management server list you can connect the clients to another server,But if you remove the first server all replications will break for ever.
    Ref:How do I move Symantec Endpoint Protection Manager from one server to another with a different IP address and host name?

    I think the best option in your case is remove one of the partner server and keep the master server as it is .You can move the client of this server to master server with the help of a new management server list.
    If you are worried about the poor H/w configuration of your server. You can install it in a new server which is having sufficient hardware,keep the same name (case sensitive) and IP address ,follow the disaster recovery procedure
    Best Practices for Disaster Recovery with Symantec Endpoint Protection


  • 6.  RE: Decommission First SEPM server in site

    Posted Jan 22, 2010 09:19 AM

    This is working as designed - multi-server(s) cannot be added.
     
    Replication is initiated from the first server in the list.  In the second site, replication fails because the only contact it has in the "Replication Symantec Endpoint Protection Manager List" is off-line.

    Check this

    How to temporarily substitute a Symantec Endpoint Protection Manager (SEPM) that performs Replication with another SEPM within the same Site

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008121310010348