Change a DLP agent from one endpoint server to another.

book

Article ID: 171131

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Enforce

Issue/Introduction

Occasionally a Symantec Data Loss Prevention (DLP) Endpoint Prevent agent needs to be redirected to a different Endpoint Server. Or an agent needs to have its Endpoint Server priority list changed.

Resolution

Here are several methods of changing the Endpoint Server or modifying the Endpoint Server list for a DLP agent. Select the one that fits your needs the best:

  1. Changing the Endpoint Server through the console
  2. Changing the Endpoint Server using a script
  3. Manually running the vontu_sqlite3 utility to change the server
  4. Use a new agent install package to upgrade and change the server

Method 1: Changing the Endpoint Server through the console

  1. Browse to System > Agents > Overview and click the number under the green check to view the agents in good standing
  2. Select the Agents you want to change endpoint servers
  3. Click the Change Server button
  4. Add the information for the endpoint servers. Note that secondary and tertiary servers can be added by using the plus button.
  5. Click Ok

A task running icon (clipboard with play option) now appears next to the agent. Once the change is successful you see an event for that agent that reports "Change Endpoint Server task execution succeeded" in the agent details.

Method 2: Changing the endpoint server through script

This Method is used if the agents are not communicating to the DLP Endpoint server.

Locate the agent install files .zip (see this KB) that was used when generating the agent install package. (This .zip can also be obtained through https://fileconnect.symantec.com) Extract and copy the tools folder appropriate for the client architecture to the client machine in the DLP Endpoint Agent agent folder.  

Once the tools are in the DLP Agent folder use the follow examples to build a script to change the server settings.

The vontu_sqlite3 tool can be used like in the following method that echo's a single command in to the utility. Note that the password must also be supplied. Below is how the syntax of the batch file is structured

echo Update CONFIGURATION set Value="<EndpointServer>:<port>" where NAME="ServerCommunicator" and SETTING="SERVER_HOST_AND_PORT_LIST"; | vontu_sqlite3.exe -db=cg.ead -p=<agent_tools_password>

Below is an example of setting a primary endpoint server name of 192.160. 2.100 on port 10443 and an alternate Endpoint Server host of Win64oraenforce on port 10443:

echo Update CONFIGURATION set Value="192.160.2.100:10443;Win64oraenforce:10443" where NAME="ServerCommunicator" and SETTING="SERVER_HOST_AND_PORT_LIST"; | vontu_sqlite3.exe -db=cg.ead -p=protect4
 
 

Method 3: Manually running the vontu_sqlite3 tool to change the server

You may also use the vontu_sqlite3 tool locally on the endpoint agent.

This method is used if a few of the agents are not communicating to the DLP Endpoint server.

Locate the agent install files .zip (see this KB) that was used when generating the agent install package. (This .zip can also be obtained through https://support.broadcom.com) Extract and copy the tools folder appropriate for the client architecture to the client machine in the DLP Endpoint Agent  folder. We specifically need the vontu_sqlite3 tool. 

For Reference the default agent locations are:

Mac OSX: /Library/Manufacturer/Endpoint Agent/
Windows: c:Program FilesManufacturerEndpoint Agent

Once the tools are in the DLP Agent folder run the following commands:

vontu_sqlite -db=cg.ead

Apply the tools password as needed. Then use the following commands in the vontu_sqllite3 tool to update the configuration (Note these are case sensetive). Be sure to change the value to direct to your sever and port: 

Update CONFIGURATION set VALUE="192.168.2.100:10443" where NAME="ServerCommunicator" and SETTING="SERVER_HOST_AND_PORT_LIST";  
.exit

Next stop the agent service

service_shutdown -p=<Endpoint Tools Password>

Then

Start the service (windows)

net start edpa

or

Start the service (Mac)

/bin/launchctl load /Library/LaunchDaemons/com.symantec.manufacturer.agent.plist

 

Method 4: Use a new agent install package

This method is typically only used if the computers are no longer connected and the previous methods are not viable.
Example: You have several Mac clients that need to be reinstalled. You can use this method instead of manually running the vontu_sqlite utility on each computer.

Note that you cannot upgrade an agent to a version it already has or older. For example, you cannot upgrade DLP agent 15.0 MP1 to 14.6 MP2 or 15.0 MP1 or upgrade to an earlier hotfix agent of the same GA release.

Follow these steps to use an agent install package to redirect the agents.

  1. From Enforce go to System > Agents > Agent packaging
  2. Put in needed values and specify the new Endpoint Server (See the admin guide for further details)
  3. Generate the install package
  4. For Mac agents, you must repackage the client in OSx. See the Symantec Data Loss Prevention Installation Guides
  5. Uninstall the current agent on the computers. See DLP Endpoint Agent Uninstall and Remove for details
  6. Restart the client
  7. Install the new agent on the client. See Symantec Data Loss Prevention Installation Guides

If you meet the prerequisites of an upgrade, then you can do an agent upgrade with an updated Endpoint Server list. See Symantec Data Loss Prevention Upgrade Guides.

 

Attachments