Reconfiguring Symantec Endpoint Protection Manager after changing the computer's IP address and host name
Symantec Endpoint Protection(SEP) clients use the host name and IP address of the Symantec Endpoint Protection Manager (SEPM) computer to communicate with SEPM. If you change the computer's host name and the IP address, the clients do not automatically maintain communication. In addition, the SEPM cannot connect to the database because the database server's name is changed and its previous certificate with old computer name and IP address is not valid.
The SEPM web console displays a certificate error because the SEPM computer's IP address and host name are different from the certificate's.
You perform these tasks when SEPM and SEP clients communicate over HTTPS only, and not HTTP.
To reconfigure Symantec Endpoint Protection Manager and generate a certificate for the SQL Server Express or SQL Server databases:
- In the Symantec Endpoint Protection Manager, update the management server list to use both the current and the new host name and IP address, and make sure it is assigned to all clients.The updated list allows SEP client to continue to communicate with SEPM after hostname and IP address changes.
- On theClients>Policies tab, click theGeneral>Security Settingstab, and clearEnable secure communications between the management server and clients by using digital certificates for authentication. Disabling secure communications allows the clients to still communicate with the SEPM without needing to authenticate communications with the SEPM.
- On theClients>Clientstab, check that the clients are still connected to the management server.
- Change the SEPM computer IP address.
- Change the SEPM computer host name, and then restart the SEPM computer.You can rename just the computer host name and not necessarily the IP address.
- Stop the SEPM services by running the following commands:net stop semsrv,net stop semapisrv, andnet stop semwebsrv.
- In the following files:<Symantec Endpoint Protection Manager installation directory>\tomcat\conf\Catalina\localhost\root.xml<Symantec Endpoint Protection Manager installation directory>\tomcat\instances\sepm-api\conf\Catalina_WS\localhost\jdbc.properties
- Changejdbc:sqlserver://toSEPM_OLD_COMPUTER_NAME:2638jdbc:sqlserver://. If you use a different port number than 2638, continue to use the other number.SEPM_NEW_COMPUTER_NAME:2638
- ChangetrustServerCertificate = falsetotrustServerCertificate = true
- Restart the SEPM service by running the following commands:net start semsrv,net start semapisrv, andnet start semwebsrv.
- Log on to SEPM.If theFailed to connect to the servermessage appears, clickOKand log on anyway.
- Generate a new SEPM server certificate.This step matches the SEPM-to-SEP client certificate information with the new computer name and IP address.
- Log off the SEPM console.
- Do one of the following steps:Microsoft SQL Server Express database
Microsoft SQL Server database
- Reconfigure SEPM.
- Log on to SEPM.
If the SQL Server database is on the same computer as SEPM, see: Reconnecting the Microsoft SQL Server database to the clients after changing the computer's host nameEmbedded databaseLog on to SEPM.
- Reconfigure SEPM. The TLS message appears.
- Generate and import a new SQL TLS certificate. Complete the configuration.
- Log on to SEPM.
- EnableEnable secure communications between the management server and clients by using digital certificates for authentication.
- Check that the clients are still connected to SEPM.
Reconnecting the Microsoft SQL Server database to the clients after changing the computer's host name
If you use the Microsoft SQL Server as the database server on the same computer as SEPM, the server name used for ODBC connections changes after you change the computer's host name. You must update the server name that used for ODBC connections. You only change the computer name of SEPM and not the IP address.
To change the server name that ODBC connections uses:
- On the Symantec Endpoint Protection Manager computer, clickStart>Run.
- In the Name field, type eitherodbccp32.cpl(32-bit) orodbcad32.exe(64-bit) and clickOK.
- In theODBC Data Source Administratordialog box, click theSystem DSNtab.
- SelectSymantecEndpointSecurityDSNas the System DSN and clickConfigure.
- Enter the correct connection destination for the server name, such as \, and then click Next.
- If you use Windows authentication, selectWith Integrated Windows authentication. If you use SQL server authentication,checkWith SQL Server authentication using a login ID and password enteredand and input Login ID and password. checkConnect to SQL Server to obtain default settings for the additional configuration options, and then clickNext.
- SelectChange the default database to:, selectsem5, and then clickNext.
- On the ODBC Microsoft SQL Server dialog, clickTest Data Source.If you see the messageTEST COMPLETED SUCCESSFULLY!, the ODBC connection test is finished.