ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Create EnforceReinstallationResources.zip for disaster recovery or migration

book

Article ID: 161246

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

You need to back up the Protect directory on the Symantec Data Loss Prevention (DLP) Enforce server, for disaster recovery or migration purposes.

Environment

DLP 15.7.x - 15.8.x

Resolution

For this process the EnforceReinstallationResources.zip will need to be created using one of the following methods:

Method 1 - Using the ReinstallationResourcesUtility.exe (Windows) or ReinstallationResourcesUtility (Linux)

This method is covered in the DLP Install guide under the "Creating the Enforce Reinstallation Resources file" section. See the Install guide for further details. Here is a summary:

Step 1

Switch to the DLP bin folder:

Windows: C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\bin 
Linux: /opt/Symantec/DataLossPrevention/EnforceServer/<version>/Protect/bin

Step 2

Generate an Enforce Reinstallation Resources file by running the following command:

Windows: 
C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.7\Protect\bin> ReinstallationResourcesUtility.exe export "C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.7\Protect" "C:\EnforceReinstallationResources.zip"

Linux:
[[email protected] bin]# ./ReinstallationResourcesUtility export /opt/Symantec/DataLossPrevention/EnforceServer/15.7/Protect/ /tmp/EnforceReinstallationResources.zip

Method 2 - Manually create the EnforceReinstallationResources.zip

Windows

Note: These steps assume that the DLP Enforce server is installed using default settings (C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect), and that the user is operating in a command line window with a working directory outside of that path.

  1. Create a EnforceReinstallationResources folder in your Desktop or any other location you prefer
  2. Create the config directory and copy over the CryptoMasterKey.properties file, preserving permissions:
    • mkdir config​​
    • robocopy /SEC "C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config" .config CryptoMasterKey.properties
    • robocopy /SEC "C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config" .config EncryptedPropertiesFilesEncryptionKey.key
  3. Create the keystore directory
    • ​​​mkdir keystore
    • robocopy /SEC "C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\keystore" .keystore
  4. Create the EnforceReinstallationResources.zip file:
    • zip -r EnforceReinstallationResources.zip config keystore

Note: The zip command is present on single-tier and two-tier deployments under the oracle bin directory. In a three-tier setup, send the copied files to a compressed folder using Windows Explorer.

To manually create in Linux (15.5 and above)

create the config directory while preserving permissions

  • mkdir -p /tmp/config 
  • cp -p /opt/Symantec/DataLossPrevention/EnforceServer/<version>/Protect/config/CryptoMasterKey.properties /tmp/config/
  • cp -p /opt/Symantec/DataLossPrevention/EnforceServer/<version>/Protect/config/EncryptedPropertiesFilesEncryptionKey.key /tmp/config/

Create the keystore directory

  • mkdir -p /tmp/keystore
  •  cp -r -p /opt/Symantec/DataLossPrevention/EnforceServer/<version>/Protect/keystore/* /tmp/keystore/

Create the zip archive

  • cd /tmp
  •  zip -r EnforceReinstallationResources..zip config keystore

To verify the zip archive (Windows or Linux):

  •  unzip -l reinstallationresources.zip

 

Point to this new EnforceReinstallationResources.zip when reinstalling Symantec Data Loss Prevention from your backup version.
If you reinstall using Silent Mode, you include the following parameters (in addition to other required parameters):

Windows: REINSTALLATION_RESOURCE_FILE="C:\EnforceReinstallationResources.zip"

Linux: REINSTALLATION_RESOURCE_FILE=/tmp/EnforceReinstallationResources.zip

If you choose to run the EnforceServer.msi file to complete the installation, on the Initialize Database panel select Preserve Database Data and specify the EnforceReinstallationResources.zip file.

 

Additional information

For detailed information about DLP backups and recovery, see the Data Loss Prevention System Maintenance Guide - 15.7 / 15.8.

Attachments