How to move or migrate Management Agents from one Notification Server to another.

book

Article ID: 169641

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

There is a need to change which Symantec Management Platform Notification Server (SMP or NS) that Symantec Management Agents (SMA) report to.

Resolution

There are two general methods depending on the availability of the SMP the agents are currently reporting to. Both have possible drawbacks that need to be weighed against needs and resource availability.

For readability:

  • Original_NS  - Will be the NS that SMAs are currently configured to communicate with.
  • New_NS - Will be the NS that SMAs will be migrating to.


If the Original_NS is available.

  1. On the Original_NS
    1. Make sure all methods that automatically install the SMA are turned off.
      1. Navigate to: Actions > Agents/Plug-ins > Push Symantec Management Agent
      2. Make sure the 'Scheduled Push to Computers' policy is turned off then click 'Save changes'
      3. If any custom jobs have been created to install the agents, ensure they are disabled.
      4. If any deployment jobs use images that have the SMA pre-installed, any deployment jobs using those images need to be disabled until the image can be recreated with an updated agent.
    2. If using HTTPS for communications between SMA and NS then the certificate for the New_NS needs to be delivered to the SMA for installation. Use any method at your disposal, the following are methods that you can use to deliver the certificate:
       
      Method 1:
      1. Go to the New_NS, Navigate to: Settings > Agents/Plug-ins > Symantec Management Agent > Symantec Management Agent Communication Profiles
      2. Select the New_NS agent communication profile, right-click>Export (If you are using CEM, click the "Export Cloud-enabled configuration for CEM agents" box). Click "OK" and move the XML created to the Original_NS.
      3. On Original_NS, import the New_NS agent communication profile XML under Settings > Agents/Plug-ins > Symantec Management Agent > Symantec Management Agent Communication Profiles
      4. On Original_NS, open the SMP Console and go to Settings > All Settings > Agents/Plug-ins > Symantec Management Agent > Settings > Targeted Agent Settings.
      5. In the middle panel, right-click "All Desktop computers (excluding 'Site Servers')" and select "Clone".
      6. In the pop-up that appears, type an appropriate name, for example, "Migration Agents to New SMP" and click "OK".
      7. Disable the original "All Desktop computers (excluding 'Site Servers')" policy so you don't end up with two policies targeting the same client machines (having 2 targeted agent settings can cause confusion to the client machines on choosing which one to follow).
      8. The new policy with the name you created will appear in the middle panel. Click on the "General" tab.
      9. Select the target associated with this policy and click on the X icon (delete the selected target).
      10. Click on "Applies to" and choose "Targets". A pop-up window called "Select a resource target" appears.
      11. Click on "New" and then "Target". A pop-up called "Create new target" appears.
      12. Type an appropriate name for the target such as "Agent Migration Computer Target".
      13. Then, click the "Add rule" button.
      14. Click on the down arrow and select "exclude computers not in".
      15. Next, click on the down arrow and select "Computer list".
      16. Finally, click on the down arrow and select the computer(s) you want to migrate to the new Notification Server. Click on "Update results" to verify that the new target includes only the computer you just added. Then click "OK".
      17. Enable the policy with the new target by turning the policy "On".
      18. Now click on the "Advanced" tab.
      19. Check the box called "Specify an alternate communication profile for the Symantec Management Agents to access Notification Server".
      20. Click the pencil icon, and a pop-up called "Select Communication Profile for Symantec Management Agent" will appear.
      21. Select the New_NS agent communication profile with the name of your new / destination Notification Server.
      22. Click the radio button called "HTTPS URL" and verify that the URL points to the new / destination Notification Server. Click "Save changes".
      23. Go to the Symantec Management Agent (SMA) on the computer you are testing on and click on "Update Configuration".
       
      Method 2:
      1. Navigate to: Settings > Agents/Plug-ins > Symantec Management Agent > Symantec Management Agent Communication Profiles
      2. Select the profile that is the FQDN of the Current_NS.
      3. Click on 'Edit' on the 'SSL certificates are defines for current profile'.
      4. Click on the yellow asterisk (*) and add the certificate from the New_NS.
        1. This will automatically send the certificate out to any SMA when it requests a configuration update.
      5. Navigate to the Communication Profile for the Notification Server and change the details to reference the New_NS.
        1. On the New_NS Navigate to: Settings > Agents/Plug-ins > Symantec Management Agent > Symantec Management Agent Communication Profiles
        2. Select the profile that is the FQDN of the New_NS.
        3. Take note of the settings for HTTP Communication hosts and HTTPS communication hosts.
        4. On the Original_NS Navigate to: Settings > Agents/Plug-ins > Symantec Management Agent > Symantec Management Agent Communication Profiles
        5. Select the profile that is the FQDN of the Original_NS.
        6. Set the HTTP Communication hosts and HTTPS communication hosts values to what you noted from the New_NS.
          1. This will automatically send the new settings out to any SMA when it requests a configuration update and the Agent will swap over to the New_NS as its Notification Server.

    If the Original_NS is not available.

    • NOTE: The following method will also work if the Original_NS is still available but step 1 above regarding the SMA install processes must be done first.
    1. From the New_NS Push the agent out to all computers you want to switch over.
      1. Navigate to: Actions > Agents/Plug-ins > Push Symantec Management Agent
      2. Then use one of the following methods to install a new agent on the client computers.
        1. Turn on the Scheduled Push to Computers Policy with the default 'Windows Computers with no Symantec Management Agent Installed Target' in place.
          1. Run an AD Import, or Network Discovery to populate the computer list.
        2. Use the Roll out Agents to Computers section
          1. Manually enter a list of computers or use a CSV file of Computer names or IP addresses to populate the list of computers.
          2. Highlight all computers in the list.
          3. Click install and adjust the Install settings before clicking The Install button on the Pop-up window.
    2. This will push a new install of the agent to the client computers replacing the communication settings for the old Notification Server with the information from the new Notification Server.