How to move the SEE-MS SQL database from one server/instance to another

book

Article ID: 152340

calendar_today

Updated On:

Products

Endpoint Encryption Desktop Email Encryption Drive Encryption Encryption Management Server File Share Encryption Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

Symantec Endpoint Encryption uses MS SQL as the backend infrastructure.  Backing up the database is going to use all standard steps and we do recommend making regular backups of the SEE Database.

If you need to move the SEE Database from one server to another, the method is going to be the same as any MS Database.

This article will go over the general guidance to move the SEE Database from one MS SQL Server to another (different physical locations).

Resolution

As mentioned above, Symantec always recommends having a backup of the SEE Database located at a different location for backups so that if the current database server/location is not available.  This recommendation is provided even if you are not moving the database in case the current database server goes down, you will have that capability.  , it can be easily moved and then the SEEMS Configuration Manager can be used to update this information.

It is also possible to simply move from one instance to another instance and just reconfigure the SEEMS Configuration Database page.

TIP: Before you start, take a screenshot of the Database screen on the SEEMS Configuration Manager as a reference.  Be ready to revert the changes if needed.

Steps to Change the Database:

Step 1: Backup the existing SEE database using the MS SQL backup process.
Step 2: On the new MS SQL Server make sure to include all the same users and permissions from the original server.
Step 3: Restore the database on the new MS SQL server using the MS SQL database restore process.
Step 4: On the SEE Management Server, run the SEEMS Configuration Manager.
Step 5: Change the database server name to the new server\instance and port with the appropriate login and password.
Step 6: Update all systems that are running the SEE-MS console with the new DB server\instance.

The SEE Online Help file offers the following information:

"This option displays the NetBIOS name of the computer that hosts the Symantec Endpoint Encryption database. If you use a named instance, this field displays the NetBIOS name and the instance name. For example, SEEDB-01\NAMEDINSTANCE.
You should edit this option if you moved the Symantec Endpoint Encryption database to a different computer, or if you renamed the computer.
To enable TLS/SSL, this name must match the common name (CN) in the server-side TLS/SSL certificate."

 

Validate the change was successful:

Once you make the change, wait for a few minutes, and then check the following:

*Have several SEE clients check in via the SEE Management Agent.
*Look at the Computer Status Report and ensure other clients are checking in.
*Login to the SEE Web Portal and ensure you are able to login, and then search in the reporting (On SEE 11.4) and look for recovery keys.

 


Other methods for moving the SEE Management Server Database to another location

If you reinstall the SEE Management server, during the Database portion of the setup, you can then enter the new MS SQL server\instance at this time.

To check that these values were updated properly, you can check the following registry keys:

 
HKLM\Software\Encryption Anywhere\Management Console\Framework

The SQLServer value should reflect the new Server\Instance

 

If you run into any snags with this, feel free to reach out to Symantec Encryption Support and always be ready to revert the changes back to what it was before. 

Additional Information

Scenario 1:
163292 - Migrating from one SEE Management Server to another (Completely new SEE Database)

Scenario 2: (PGP to SEE)
227509 - Migrating from Symantec Encryption Desktop to Symantec Endpoint Encryption (Drive Encryption components)

Scenario 3: Moving SEE Clients from the same database to another SEE Management Server with the same Database
154122 - How to Migrate Symantec Endpoint Encryption Management Console and all the clients from one Server to another Server, without moving the existing SQL Server

Scenario 4: Moving same SEE database from one DB instance to another
152340 - How to move the SEE-MS SQL database from one server/instance to another

Scenario 5: Moving from one SEE database to a completely different SEE database.
178631 - How to migrate Symantec Endpoint Encryption version 11 Clients from one Management Server to another