Antivirus Server Issue

Hi Experts!!
We have depolyed primary SAV server ver 10.1 with Symantec Console and with 100 clients. For some reason we cannot access the console now. Due to this clients are not updating virus deftn files.We do not have a secondary server.

Is it possible that a newly built server can be made as a secondary server to the current primary server and all clients migrated to the secondary server ?
Thanks:)
vbongaralaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jhalapradeepCommented:
Hi,

When you try to access the SAV console, does it failes on authentication? Or have to forgot the credentials?
You may try to run Iforgot.exe file to reset the password.

Regards,
Pradeep Jhala
0
jhalapradeepCommented:
Hi,

You can follow the steps in this document to move clients from one primary server to another or secondary server.
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2005041111454648?Open&docid=20051122084245935&nsf=local%20replicas%5Cinter%5Cent-securityintl.nsf&view=br_docid/pf&seg=ent

Regards,
Pradeep jhala
0
jhalapradeepCommented:
Basically you will need to copy the GRC.DAT file from secondary server to the clients machine under c:\documnet setting\...........\7.5 and restart the computer.

Regards,
Pradeep Jhala
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

vbongaralaAuthor Commented:
Thanks for the prompt response.

I'm aware of the procedure to migrate clients from old primary server to new primary server.

But what i wanna know is - with access to primary server not available  via the symantec console, how is it that i can make another server as SECONDARY server and then point all clients to this as the primary server.

0
jhalapradeepCommented:
Hi,

You will need the SSC access for this. You didnt answer my first question about the SSC access.
Have you tried Iforgot.exe if you have forgot the password? Or there is any other access issue?

Regards,
Pradeep Jhala
0
vbongaralaAuthor Commented:
Sorry if i missed that.
SSC access is not available. We remember the password but sitll it sys cannt connect.

Thanks:)
0
jhalapradeepCommented:
Hi,

Then probably it will be difficult to make this happen. So we might need to work on fixing SSC access first. Can you tell me when was the last time you were able to access it and whether any thing changed in that server that caused this issue?

Regards,
Pradeep Jhala
0
vbongaralaAuthor Commented:
The issue with SSC access has been there for last 1 yr or so and everytime..it happens we reboot the server and issue gets fixed but then again after 10 dys issue reoccurs again.

No changes have been made.Also note that we do not have backup of PKI folder.

Thanks:)
0
jhalapradeepCommented:
Hi,

I was going through resources about this particular issue. And all ends to a possible solution as Either Upgrade or Reinstall of SSC console.
-But before doing that, if possible try to restart the server so that you can access the SSC console and set the secondary server.
-Once done, you can then reinstall the SSC console after taking the backup of the PKI folder:
-This article will help understand about PKI folder backup and restore in case of server failures.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2005040513373748

Regards,
Pradeep Jhala

0
vbongaralaAuthor Commented:
Seems to see some hope in your post. But i have few doubts:

1. Does reinstalling SSC fix the issue permanently ?

2. If i reboot the server and SSC access is restored, plz send me the procedure how to setup a
    secondary server for the current primary server or atleast the link ?

3. "Once done, you can then reinstall the SSC console after taking the backup of the PKI folder"
   
    Here you mean - once the SSC access is restored after the reboot, take the backup of PKI folder
    and then resintall SSC console ? Is this what you meant ?

4. PKI folder is created after reinstall of SAV or SSC ?

Thanks:)

 

0
jhalapradeepCommented:
Hi,

1) Yes as we have observed the issues in multiple environment, the reinstall of SSC has fixed this issue permanently.

2) You can check this document  to designate a primary server and / install secondary managed server:
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2006032717252948

3)Yes once the SSC is accessible, you can copy the PKI folder.

4)Once you install and designate the new primary server, you will need to backup the servergroup root certificates . Or the PKI folder itself. You will find all the information  in above posted link.

Regards,
Pradeep Jhala
0
vbongaralaAuthor Commented:

Currently, both Symantec System Center and Symantec Antivirus are installed on the same server.

I know its possible to uninstall SSC with out affecting Symantec Antivirus ..but would appreciate if you could endorse it.

Thanks:)
0
jhalapradeepCommented:
Hi,

Yes you can for sure upgrade the SSC with SAV server installed. Just be cautious about the PKI and root certificate backup.

Regards,
Pradeep Jhala
0
vbongaralaAuthor Commented:
Hi,

Thanks for the inpputs.I will try and get back to you,

0
vbongaralaAuthor Commented:
Hi,

We did not get approval from client to uninstall and reinstall SSC from the current primary symantec server.

Instead, we installed  SAV and SSC fresh on another server, in a new server group and migrated 2 clients mapped to old primary server to this new primary server successfully. Encouraged by this - we are going ahead to migrate all clients to this new primary server.

But after migration is done, we need to come back to the old primary server and fix it. Following is required:

a. Resintall SAV and SSC again fresh on the old primary server and make it primary.

b. The newly installed primary server should be demoted as Secondary Symantec server and then
    used as backup.

Question is - How do we go about above 2 steps ? I find no documentation for this in Symantec site.

Thanks:)
0
jhalapradeepCommented:
Hi,

You have already given answer to your question within this post :)

The procedure that you followed right now to install SSC and SAV to another server and moved clients to them.
The same procedure you will need to follow to get the clients back to the old(repaired/fixed) primary server and console.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2005041111454648?Open&docid=20051122084245935&nsf=local%20replicas%5Cinter%5Cent-securityintl.nsf&view=br_docid/pf&seg=ent

So basically:
a) Reinstall SSC and the SAV on old server and then make this server as primary.
b) once the server is made primary you can follow the procedure to copy replace GRC.dat file to the clients so that they will again start reporting to this fixed primary server.
and then you can use the newly created server as ur backup secondary server.

Regards,
Pradeep Jhala
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
vbongaralaAuthor Commented:
Once the old server is built and made primary, doesn't clients automatically migrate back to this old server ? Is copying .dat files the only way to migrate clients from one primary server to another ?

If this is the case, say, we make the old server (repair/fixed) primary server, then, obviously the another server would becomes the secondary server in the same server group. Right ?

As this time all clients have mapped to old server as their primary server.

What if now, the same old primary server crashes ? Do we promote secondary server in the same group as primary and again follow the copy process of .dat file from this server to all clients again to make them mapped to this server again ?

Is this the only way  to make clients talk to secondary server when it becomes primary ?

Thanks:)
0
vbongaralaAuthor Commented:
Thanks a lot.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.