Changing the IP address of the Symantec Encryption Management Server (PGP Encryption Server)
search cancel

Changing the IP address of the Symantec Encryption Management Server (PGP Encryption Server)

book

Article ID: 153407

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption Endpoint Encryption Desktop Email Encryption Drive Encryption File Share Encryption Information Centric Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK PGP Encryption Suite Mobile Encryption for iOS

Issue/Introduction

Symantec Encryption Management Server (PGP Encryption Server) uses a statically assigned IP address on the network interfaces. 

If you need to change the IP addresses, do so with care as doing so incorrectly could cause an outage to the production environment.

Resolution

Important Note: There is risk involved in changing the IP address of the PGP Server and should be done only during off hours to minimize the impact.  
If the PGP Encryption Servers are clustered, changing the IP address will break the cluster status.  Reach out to Symantec Encryption Support if you need to change the IP address and you are in a cluster for further assistance.
IMSFR-1010

In order to change the IP address of the server, first take a backup of the server and backup the Org Keypair as well.  For more information on backing up the PGP Server, see the following articles:

180196 - HOW TO: Backup the Organization Key on Symantec Encryption Management Server

180249 - HOW TO: Configure the Backup Location and schedule for Encryption Management Server

153588 - Restore Backup files to Symantec Encryption Management Server (PGP Server)

153318 - Restoring Encryption Management Server Backups larger than 2GB (Or using PGP Server Backup files via CLI)


To take a backup from your server, login to the SEMS, and click on System, Backups, and make note of the remote location where the backup is stored.

It is also recommended to take a snapshot of the Virtual Machine in case something goes wrong, it's easy to revert (Backups take time and effort to restore, but are generally easy to do, but snapshots are easier to use).

It may be necessary to obtain console access to the server, so the best option if you need to change the IP address, it is to contact Symantec Encryption Support for further guidance. 


There are 2 options to change the IP address of the Symantec Encryption Management Server:


Option 1. Through the PGP Web Interface

Step 1: Login to the PGP Server and navigate to System, Network.
Step 2: For each network interface change the IP address, subnet mask and default gateway. Ensure these are correct before clicking Save.
Step 3: Update your DNS records to map your FQDN to this new IP address.
Step 4: Restart all services.  To do this, go to System, General Settings:


Option 2. By modifying the configuration file

This is the preferred method, but to change this file,  please contact Symantec Encryption Support for further assistance. 

 

If the FQDN for the PGP Server has not changed, then there are no changes needed for the PGP Desktop client. 

If you are unsure what the hostname is, check the registry for the PGPSTAMP, which should show you which FQDN was used for client-server communications.  If the FQDN is different, reenrollment may be needed.  If you are unsure, please reach out to Symantec Support for further assistance.

PGPSTAMP Location:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PGP Corporation\PGP\PGP Stamp, this will have the entry with either IP address or hostname.

If you need any assistance above and beyond these steps, log a new support case with Symantec Encryption Support who can assist with this.


WARNING: Changing the hostname on the PGP Server is a significant change and should be done only after following the steps above and understanding the risks. 
If you do run into any issues, such as the cluster is no longer working after changing the hostname or IPs, ***do not break the cluster*** instead, reach out to Symantec Encryption Support for further guidance.
EPG-36131

Additional Information

EPG-36131

EPG-23728