How can i move multiple sepm clients from one manager to another

Hi,
I have two sites where they have their own SEPM manager.
Site A - around 2500 sepm clients - Have their own SEPM manager - SQL Database
Site B - around 2250 sepm clients - Have their own SEPM manager - SQL Database
Now my question is that - we want to make Site A as a centralized location and shut down the Site B SEPM manager.But the challenges comes when we shut down Site B SEPM manager,my all SEPM clients will go offline and not able to communicate their location manager.
Is that any way to move all Site B clients into Site A without any downtime.

Hope you understand my query...If any one know please help me.
WKR
Sensy

adminsclAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

larsrohrCommented:
You'll probably want to use the SylinkDrop tool, running a script on each of the clients of Site B, which will get them to start reporting to Site A SEPM manager.

See:
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008020615383348
http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/Symantec/Q_24697886.html

This presumes that you don't mind having these clients start fresh with Site A SEPM manager -- not bringing their history along from the SQL db at Site B.
0
larsrohrCommented:
You can generate the desired sylink.xml file at Site A:

   In Symantec Endpoint Protection MR3 and later you can log into the Manager, click on the Clients tab,
   right-click on the intended group and select "Export Communication Settings...".
   This will export a sylink.xml file that includes the "RegisterClient PreferredGroup" value.

Then just copy sylink.xml and SylinkDrop.exe (from the Tools dir on CD2 of SEPM) someplace that all Site B clients have access to.  If they all map the same shared drive, that's great.  Worst case, you can copy both sylink.xml and SylinkDrop.exe to each client.

Then make each client run (by login script or using psexec, for instance):
  c:\temp\sylinkdrop -silent c:\temp\sylink.xml
(using whatever paths are appropriate)
0
adminsclAuthor Commented:
Agreed bt the challenges comes with more than 2600 hundred live production users and apart from that they all are in different different group. The hierarchey is different from Site A and Site B. IF i use Sylink drop then all clients will move to default group in site A and its very hard to move clients one by one to their respective group.
Is that any option available in replication point of view..What you suggest.

Thanks
Sensy
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

larsrohrCommented:
Using the sylink.xml export mentioned above, you can export different ones for different groups (group1_sylink.xml, group2_sylink.xml, ...).
Then you can run sylinkdrop on some Site B clients using group1_sylink.xml, and use other xml files with other Site B clients.

Depending on your current hierarchy, your desired hierarchy, and the number of different groups, this may not be too horrendous.  If your different SEP groups correspond to different active directory groups, or different login scripts, that would help.

Aside from SylinkDrop, I'm not aware of any way of moving clients from one SEPM manager to another established SEPM manager.  Replication, I think, can only be set up if you are installing a new SEPM manager as an additional server for the Site B.
0
adminsclAuthor Commented:
Yes..I am think too that through replication, its hard to achieve the goal.What i am thinking is that can we replicate the SQL data of Site B to Site A and after manual replication sync we will shut down Site B SEPM manager, so i think client from Site B might be routed to Site A with green dot in sepm client from Site B.
Please suggest more technically ...

Thanks
Sensy
0
jhalapradeepCommented:
Hi,

You can create a Management server list (MSL) in SEPM and set sepm A as primary  and SEPM B as secondary on priority.. On the SEPM B.
So that all the clients on SEPM B will start reporting to the SEPM A. So atleast you can make sure that the clients will not be offline during this process.

->Secondly: Rather than using SYlink drop tool. YOu should use SYlink replacer utility.
This utility works from the central locatoin(Server). So you can export multiple sylink.xml files as per the groups and then Run the Sylink replacer from the SEPM A server and target the SEPM B clients according to the groups.

-> Another option is to make SEPM B as a replication partner and then once the SYNC happens... with the new MSL (as mentioned in point one), you can decomission SEPM B.

Regards,
Pradeep JHala
0
jhalapradeepCommented:
Hi,

Please refer to this document for creating and assigning MSL:
http://service1.symantec.com/support/ent-security.nsf/docid/2007123110045548

Regards,
Pradeep Jhala
0
jhalapradeepCommented:
One More important point:

-As you have installed two SEPMs with different Databases.. Replication on existing SEPMs will not be possible.
-> So best option will be to create MSL and get all SEPM B clients communicating to SEPM A and then as required... assign the clients to required groups using SYlink replacer utility.
Download this utility from here:
http://www.symantec.com/connect/downloads/sylinkreplacer-tool-connecting-sep-clients-sepm


Regards,
Pradeep Jhala
0
adminsclAuthor Commented:
Hi Prdaeep,

Thanks for inputs.Please explain below.
1.How can i run SYlink replacer utility from central location means site A for all sepm clients in Site B. Please explain this..
2.Secondly both the sites (A+B) have their own database and when i tried to make replication between them.I get error"locally Sync". it may be due to different certifcate used by each of them.

I think we are near to solution..Pls Pradeep it would very nice if u provide me solution on this without any single downtime.

Thanks
Shakti

0
jhalapradeepCommented:
Hi,

1) Download the Sylink replacer from the link I mentioned in last post.
2) Make sure u are logged in as domain admin on the server to run it.
3) Export the sylink.xml file from the required group.
  -> right click on client group and click on export communication settings and save it as sylink.xml
  -> This option will be available only if the version of the SEPM is higher than SEP 11.0 MR3
4) When you run sylink replacer utility you will have two options.. either mention the IP address range.. but that wont be a good option for you as you want client to get in desired group.
5) So create a text file with IP address listed in a single column (You will need to run this multiple time as you have different groups and multiple sylink files.
6)Enter the IP address of one group of machines and then run the sylink replacer.(Repeat this till all the groups are covered and all the machines are reporting to SERVER A.

-> Regarding question 2. : As I already mentione in my last post,... replication option is NO GOOD for this case as the SEPM are already installed and have their own databases.
->SO you need to skip that option.
->Running the sylink replacer should be the best option for you with no downtime.

Regards,
Pradeep Jhala
0
adminsclAuthor Commented:
Hi,

Thanks pradeep sir for your extended weekend support. Let me try this in pilot setup and will come with positive solution.

Thanks again
Sensy
0
adminsclAuthor Commented:
Hi Pradeep,

I stuck in MSL configuration.I configure MSL as per the the link you provided me.Bt when i shutdown SITE B server all connected client shows offline (No Green DOT) on them.I Set  priority 1 for SITE A and priority 2 for SITE B. Is anything more to do..means should i configure location awareness for all my group also.

With Regards
Shakti
0
adminsclAuthor Commented:
And when i am trying to see the log in SEPM management console at Site A in server tab. I found that " client is trying to register with invalid domain ID from Site B". Is that i have to do with that.??
Please suggest.

With Regards
Sensy

0
jhalapradeepCommented:
Hi,

Make sure you add both IP address and Host name in that MSL

For example:
Create Priority1
Add server and type in IP address and communication port #
again add server in same priority and type in Host name and communication port#

Similary do it for priority 2.

Regards,
Pradeep Jhala

0
adminsclAuthor Commented:
Hi Pradeep,

Thanks for your response.I checked settings again.Everything seems to be fine but problem same remain.When i shut down SITE B server all connected clients shows offline.One thing should i disable "remember last location" from Manage location tab under client or do something else.

Regards
Sensy
0
adminsclAuthor Commented:
One thing more as both the sites have their own database and SEPM manager so If we enable MSL on Site B then how clients get register themselves for Site A. Thts y i am getting error "client is trying to register with invalid domain ID from Site B". What u say...
0
jhalapradeepCommented:
Hi,

As I have mentioned earlier.... can you please run sylink replacer on a small group and test it? As it is the best possible option for you:

1) Download the Sylink replacer from the link I mentioned in last post.
2) Make sure u are logged in as domain admin on the server to run it.
3) Export the sylink.xml file from the required group.
  -> right click on client group and click on export communication settings and save it as sylink.xml
  -> This option will be available only if the version of the SEPM is higher than SEP 11.0 MR3
4) When you run sylink replacer utility you will have two options.. either mention the IP address range.. but that wont be a good option for you as you want client to get in desired group.
5) So create a text file with IP address listed in a single column (You will need to run this multiple time as you have different groups and multiple sylink files.
6)Enter the IP address of one group of machines and then run the sylink replacer.(Repeat this till all the groups are covered and all the machines are reporting to SERVER A.

Regards,
Pradeep Jhala
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
adminsclAuthor Commented:
Hi Pradeep,

I did all as you suggest n get success most of them bt still Windows XP PC is not replaced with new Sylink. A error on replacer that " No More data available".
Beside Windows 2k3 server have no problem and they all are migrated successfuly to new site. So what should be the reason with Windwos XP only.

With Regards
Sensy
0
jhalapradeepCommented:
Hi,

The most important thing to run sylink replacer is to use Domain admin account
You should be logged on to the server as domain admin. So when you run sylink replacer it first checks for all the account information. And it displays whether the account is part of domain admins and local admins.. and all such permissions. It should pass these permissions to run it effectively.

Other causes includes:
1. The client computer might be turned off or logged off.
2. Firewall on the Client is ON
3. File sharing is not enabled.

Regards,
Pradeep Jhala
0
adminsclAuthor Commented:
Not get success because we have to open file and print share for this and this is against policy. So looking for another possible solution.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.