Symantec Endpoint Protection Installation and Administration Guide

Portugues Chinese (Simplified) Czech Deutsch Español Français Italian Japanese Korean Polish Russian Chinese (Traditional) English

Reconfiguring Symantec Endpoint Protection Manager after changing the computer's IP address and host name

The
Symantec Endpoint Protection
 (SEP) clients use the host name and IP address of the Symantec Endpoint Protection Manager (SEPM) computer to communicate with SEPM. If you change the computer's host name and the IP address, the clients do not automatically maintain communication. In addition, the SEPM cannot connect to the database because the database server's name is changed and its previous certificate with old computer name and IP address is not valid.
The SEPM web console displays a certificate error because the SEPM computer's IP address and host name are different from the certificate's.
You perform these tasks when SEPM and SEP clients communicate over HTTPS only, and not HTTP.
To reconfigure Symantec Endpoint Protection Manager and generate a certificate for the SQL Server Express or SQL Server databases:
  1. In the Symantec Endpoint Protection Manager, update the management server list to use both the current and the new host name and IP address, and make sure it is assigned to all clients.
    The updated list allows SEP client to continue to communicate with SEPM after hostname and IP address changes.
  2. On the
    Clients
     >
    Policies tab, click the
    General
     >
    Security Settings
     tab, and clear
    Enable secure communications between the management server and clients by using digital certificates for authentication
    . Disabling secure communications allows the clients to still communicate with the SEPM without needing to authenticate communications with the SEPM.
  3. On the
    Clients
     >
    Clients
     tab, check that the clients are still connected to the management server.
  4. Change the SEPM computer IP address.
  5. Change the SEPM computer host name, and then restart the SEPM computer.
    You can rename just the computer host name and not necessarily the IP address.
  6. Stop the SEPM services by running the following commands:
    net stop semsrv
    ,
    net stop semapisrv
    , and
    net stop semwebsrv
    .
  7. In the following files:
    <
    Symantec Endpoint Protection Manager installation directory
    >\tomcat\conf\Catalina\localhost\root.xml
    <
    Symantec Endpoint Protection Manager installation directory
    >\tomcat\instances\sepm-api\conf\Catalina_WS\localhost\jdbc.properties
    1. Change
      jdbc:sqlserver://
      SEPM_OLD_COMPUTER_NAME
      :2638
       to
      jdbc:sqlserver://
      SEPM_NEW_COMPUTER_NAME
      :2638
      . If you use a different port number than 2638, continue to use the other number.
    2. Change
      trustServerCertificate = false
       to
      trustServerCertificate = true
  8. Restart the SEPM service by running the following commands:
    net start semsrv
    ,
    net start semapisrv
    , and
    net start semwebsrv
    .
  9. Log on to SEPM.
    If the
    Failed to connect to the server
     message appears, click
    OK
     and log on anyway.
  10. Generate a new SEPM server certificate.
    This step matches the SEPM-to-SEP client certificate information with the new computer name and IP address.
  11. Log off the SEPM console.
  12. Do one of the following steps:
    Microsoft SQL Server Express database
    Microsoft SQL Server database
    1. Reconfigure SEPM. The TLS message appears.
    2. Generate and import a new SQL TLS certificate. Complete the configuration.
    3. Log on to SEPM.
    Embedded database
    Log on to SEPM.
  13. Enable
    Enable secure communications between the management server and clients by using digital certificates for authentication
    .
  14. Check that the clients are still connected to SEPM.

Reconnecting the Microsoft SQL Server database to the clients after changing the computer's host name

If you use the Microsoft SQL Server as the database server on the same computer as SEPM, the server name used for ODBC connections changes after you change the computer's host name. You must update the server name that used for ODBC connections. You only change the computer name of SEPM and not the IP address.
To change the server name that ODBC connections uses:
  1. On the Symantec Endpoint Protection Manager computer, click
    Start
     >
    Run
    .
  2. In the Name field, type either
    odbccp32.cpl
     (32-bit) or
    odbcad32.exe
     (64-bit) and click
    OK
    .
  3. In the
    ODBC Data Source Administrator
     dialog box, click the
    System DSN
     tab.
  4. Select
    SymantecEndpointSecurityDSN
     as the System DSN and click
    Configure
    .
  5. Enter the correct connection destination for the server name, such as \, and then click Next.
  6. If you use Windows authentication, select
    With Integrated Windows authentication
    . If you use SQL server authentication,check
    With SQL Server authentication using a login ID and password entered
     and and input Login ID and password. check
    Connect to SQL Server to obtain default settings for the additional configuration options
    , and then click
    Next
    .
  7. Select
    Change the default database to:
    , select
    sem5
    , and then click
    Next
    .
  8. Click
    Finish
    .
  9. On the ODBC Microsoft SQL Server dialog, click
    Test Data Source
    .
    If you see the message
    TEST COMPLETED SUCCESSFULLY!
    , the ODBC connection test is finished.