Before beginning, do the following:
- Sever communications with the client computers before backing up the database. This will prevent any data loss between the backup and the actual database upgrade. The easiest way to do this is to stop the Symantec Endpoint Protection Manager service.
- Remove any replication partnerships established with this Symantec Endpoint Protection Manager.
- Install an instance of a supported version of Microsoft SQL Server.
For the supported versions of Microsoft SQL Server for your version of Symantec Endpoint Protection, see the following document:
Release notes, new fixes, and system requirements for all versions of Endpoint Protection
Note: Uninstall and reinstall the Symantec Endpoint Protection Manager as part of this process. This is currently the only way of removing the embedded database (after backing it up) and reconfiguring the Symantec Endpoint Protection Manager for Microsoft SQL. During the Symantec Endpoint Protection Manager reinstallation, it is recommended to let the installer create and initialize the database; optionally use a SQL Server database created and initialized manually previously.
The procedure depends upon whether the file Recovery_timestamp.zip (where timestamp represents the date and time of the creation of the file) exists on the machine that runs Symantec Endpoint Protection Manager. This file is found by default under C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Server Private Key Backup\. Installation location may vary.
To upgrade from the embedded database to SQL with a recovery_timestamp.zip
Note: Do not select the recovery file during any portion of this procedure.
- Back up the Database with the Symantec Endpoint Protection Manager Database Back Up and Restore tool (Start > Programs > Symantec Endpoint Protection Manager > Symantec Endpoint Protection Manager Tools > Database Back Up and Restore > Back Up).
- Copy Recovery_timestamp.zip to another location, and then extract both keystore.jks and settings.properties from the Recovery_timestamp.zip. Open settings.properties with Notepad.
- Uninstall Symantec Endpoint Protection Manager and reboot.
Do not remove the database backup files.
- Reinstall Symantec Endpoint Protection Manager with the Microsoft SQL Server database.
Do not select the recovery file.
- Log on to the Symantec Endpoint Protection Manager, and then restore the keystore.jks file.
- Click the Admin tab, and then click Servers.
- Under View Servers, expand Local Site, and then click the computer name that identifies the local site.
- Under Tasks, click Manage Server Certificate.
- In the Certificate dialog box, click Next > Update the Server Certificate > Next > JKS Keystore (JKS) > Next.
- Click Browse, and then browse to and select the extracted keystore.jks file.
- In the settings.properties file opened in Notepad, copy the keystore.password and then paste it, using Ctrl + V, into the Keystore Password and Key Password boxes. The only supported paste mechanism is Ctrl + V.
- Click Next until completed restoring the certificates, and then log out of the Symantec Endpoint Protection Manager.
- Stop the Symantec Endpoint Protection Manager and Symantec Endpoint Protection Manager Webserver services.
- Restore the database with the Symantec Endpoint Protection Manager tool (Start > Programs > Symantec Endpoint Protection Manager > Symantec Endpoint Protection Manager Tools > Database Back Up and Restore > Restore).
- When the database is restored, the Management Server Configuration Wizard starts.
Do not select the recovery file.
Note: While reconfiguring the management server, the following warning may appear, "The management server name already exists. Do you want to replace it with the new server?" Click Yes. Otherwise, the Symantec Endpoint Protection Manager lists the server name twice.
- When configuration is complete, log on to Symantec Endpoint Protection Manager.
To upgrade from the embedded database to SQL without a recovery_timestamp.zip
- While logged on to the Symantec Endpoint Protection Manager, back up the Symantec Endpoint Protection Manager server certificate.
Do not simply copy or move the Server Private Key Backup folder. This folder may have multiple files, none of which is necessarily the current certificate.
- Click the Admin tab, and then click Servers.
- Under View Servers, expand Local Site, and then click the computer name that identifies the local site.
- Under Tasks, click Manage Server Certificate.
- In the Certificate dialog box, click Next > Back up the Server Certificate > Next.
- Choose a new backup location, such as the Desktop.
- Click Next until completed backing up the certificates.
The certificate backup will consist of two files: keystore_timestamp.jks and keystore_timestamp.xml.
- Back up the database with the Symantec Endpoint Protection Manager Database Tool (Start > Programs > Symantec Endpoint Protection Manager > Symantec Endpoint Protection Manager Tools > Database Back Up and Restore > Back Up), and then move or copy the backup from the following default directory:
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\backup\
It is important to move the *.zip file from this location, as it may be removed during the uninstallation of the Symantec Endpoint Protection Manager.
Warning: When moving the database backup file to another location, assure the integrity of the copied archive. If the archive is corrupted it will not be possible to restore the database!
Note: Backups created using the built-in backup utility that are larger than (or that result in a zip file that is) 4 GBs will appear corrupt or invalid to third party zip utilities.
- Uninstall the Symantec Endpoint Protection Manager and embedded database.
Use the Change installation option in Add/Remove Programs.
Warning: Uninstall the Symantec Endpoint Protection Manager with the Change installation option or the database upgrade process will fail. This option allows for the removal of the embedded database. The Remove option does not uninstall the embedded database.
- Reinstall Symantec Endpoint Protection Manager with the Microsoft SQL Server database.
Create a new database or use an existing database using a manually initialized database. This database will be overwritten with the backup later in this procedure.
Note: The Symantec Endpoint Protection Manager must be reinstalled to the same computer that it was removed from, or on a computer with the same IP address and host name.
- Log on to the Symantec Endpoint Protection Manager, and then restore the keystore.jks file.
Do not simply replace the contents of the Server Private Key Backup folder with the certificate backup from a previous step.
- Click the Admin tab, and then click Servers.
- Under View Servers, expand Local Site, and then click the computer name that identifies the local site.
- Under Tasks, click Manage Server Certificate.
- In the Certificate dialog box, click Next > Update the Server Certificate > Next > JKS Keystore (JKS) > Next.
If one of the other certificate types has been implemented, select that type.
- Click Browse, and then browse to and select the keystore_timestamp.jks file.
- With Notepad, open the keystore_timestamp.xml file from the server certificate backup made in Step 1, and locate the keystore password by searching for keystorePass=.
- Copy the value between quotes and then paste it, using Ctrl + V, into the Keystore Password and Key Password boxes.
- Click Next until completely restoring the certificates, and then log out of the Symantec Endpoint Protection Manager.
Note: If an error message appears concerning an invalid keystore file, invalid passwords may be entered. Retry the password copy and paste. The only supported paste mechanism is Ctrl + V.
- Stop the Symantec Endpoint Protection Manager service.
- Restore the backup copy of the database (Start > Programs > Symantec Endpoint Protection Manager > Symantec Endpoint Protection Manager Tools > Database Back Up and Restore > Restore).
- Reconfigure the Symantec Endpoint Protection Manager management server to recognize the Microsoft SQL database.
This step is necessary to reconfigure the restored database so that it is recognized as part of a SQL server installation.
- Run the Management Server Configuration Wizard from the Start menu.
- Select Reconfigure the management server, and then click Next.
- Customize Server and Web console port as desired. The Server name should remain the same. Click Next.
- Click Microsoft SQL Server for database type, and then click Next.
- Specify the Microsoft SQL server (name\instance), port, database name and password.
- Click Next until you have completed the wizard.
Note: While reconfiguring the management server, the warning, "The management server name already exists. Do you want to replace it with the new server?" may appear. Click Yes. Otherwise, the Symantec Endpoint Protection Manager lists the server name twice.
- Log on to Symantec Endpoint Protection Manager.
Technical Information
During the Symantec Endpoint Protection Manager installation, rather than let the installer initialize the database, use a Microsoft SQL Server database previously created and initialized manually.