ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Create EnforceReinstallationResources.zip for disaster recovery or migration

book

Article ID: 161246

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

You need to back up the Protect directory on the Symantec Data Loss Prevention (DLP) Enforce server, for disaster recovery or migration purposes.

Environment

DLP 12.5 - 15.x

Resolution

For this process the EnforceReinstallationResources.zip will need to be created using one of the following methods:

Method 1 - Using the ReinstallationResourcesUtility.exe

This method is covered in the DLP Install guide under the "Creating the Enforce Reinstallation Resources file" section. See the Install guide for further details. Here is a summary:

Step 1

Switch to the \EnforceServer\15.7\Protect\bin directory by running the following command from a command prompt:


cd C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.7\Protect\bin

Step 2

Generate an Enforce Reinstallation Resources file by running the following command:

"C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.7\Protect\bin\ReinstallationResourcesUtility.exe" export "C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.7\Protect C:\EnforceReinstallationResources.zip"

 

Method 2 - Manually create the EnforceReinstallationResources.zip

Windows

Note: These steps assume that the DLP Enforce server is installed to C:SymantecDLP, and that the user is operating in a command line window with a working directory outside of that path.

  1. Create the config directory and copy over the CryptoMasterKey.properties file, preserving permissions:
    • mkdir config​​
    • robocopy /SEC c:\SymantecDLP\Protect\config .config CryptoMasterKey.properties
    • robocopy /SEC c:\SymantecDLP\Protect\config .config EncryptedPropertiesFilesEncryptionKey.key (this file is required for DLP versions 15.0.x)
  2. Create the keystore directory
    • ​​​mkdir keystore
    • robocopy /SEC c:\SymantecDLP\Protect\keystore .keystore
  3. Create the EnforceReinstallationResources.zip file:
    • zip -r EnforceReinstallationResources.zip config keystore

Note: The zip command is present on single-tier and two-tier deployments under the oracle bin directory. In a three-tier setup, send the copied files to a compressed folder using Windows Explorer.

To manually create in Linux (15.5 and above)

create the config directory while preserving permissions

  • mkdir -p /tmp/config 
  • cp -p /opt/Symantec/DataLossPrevention/EnforceServer/15.8.00000/Protect/config/CryptoMasterKey.properties /tmp/config/
  • cp -p /opt/Symantec/DataLossPrevention/EnforceServer/15.8.00000/Protect/config/EncryptedPropertiesFilesEncryptionKey.key /tmp/config/

Create the keystore directory

  • mkdir -p /tmp/keystore
  •  cp -r -p /opt/Symantec/DataLossPrevention/EnforceServer/15.8.00000/Protect/keystore/* /tmp/keystore/

Create the zip archive

  • cd /tmp
  •  zip -r reinstallationresources.zip config keystore

Verify the zip archive 

  •  unzip -l reinstallationresources.zip

 

 

 

 

Additional information

For detailed information about DLP backups and recovery, see the Data Loss Prevention System Maintenance Guide.

Attachments