Change a DLP agent from one endpoint server to another.

book

Article ID: 171131

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Enforce

Issue/Introduction

Occasionally a Symantec Data Loss Prevention (DLP) Endpoint Prevent agent needs to be redirected to a different Endpoint Server. Or an agent needs to have its Endpoint Server priority list changed.

Resolution

Here are several methods of changing the Endpoint Server or modifying the Endpoint Server list for a DLP agent. They are listed in an order of recommendation. Select the one that fits your needs the best:

  1. Changing the Endpoint Server through the console
  2. Changing the Endpoint Server using a script
  3. Using the vontu_sqlite3 utility to change the server
  4. Use a new agent install package to change the server

Method 1: Changing the Endpoint Server through the console

  1. Browse to System > Agents > Overview and click the number under the green check to view the agents in good standing.
  2. Select the Agents you want to change Endpoint Servers.
  3. Click the “Change Server” option.
  1. Add the information for the endpoint servers. Note that secondary and tertiary servers can be added by using the plus button.
  2. Click “OK”.

 

A task running icon (clipboard with play option) now appears next to the agent. Once the change is successful you see an event for that agent that reports "Change Endpoint Server task execution succeeded" in the agent details.

 

Method 2: Changing the endpoint server through script

 

In version 15.0, the “update_configuration” tool was removed. In versions greater than 15.0, the vontu_sqlite3 tool must be used to update the configuration. This section describes how to use both utilities.

NOTE: The "After 15.0" method can also be used on versions before 15.0 as well.

This Method is used if the agents do not communicate with the DLP Endpoint Server.

Locate the Symantec_DLP_<version>_Agent_Win-IN.zip that was used when generating the agent install package (See Agent Install Files Information). Extract the tools folder appropriate for the client architecture. Copy the extracted files to the client computer into the DLP Endpoint Agent folder. 

Once the tools are in the DLP Agent folder run the following command and adjust the value parameter for the Endpoint Server in your environment.

Before 15.0:

update_configuration.exe -name=ServerCommunicator -setting=SERVER_HOST_AND_PORT_LIST -type=str -value=<EndpointServer>:<port>

After 15.0

echo Update CONFIGURATION set Value="<EndpointServer>:<port>" where NAME="ServerCommunicator" and SETTING="SERVER_HOST_AND_PORT_LIST"; | vontu_sqlite3.exe -db=cg.ead -p=<agent_tools_password>

If updating to multiple servers then use a semicolon as a delimiter. For example:

Before 15.0

update_configuration.exe -name=ServerCommunicator -setting=SERVER_HOST_AND_PORT_LIST -type=str -value=Win-2k8DetecSrv:10443;Win64OraEnforce:10443

After 15.0

echo Update CONFIGURATION set Value="Win-2k8DetecSrv:10443;Win64OraEnforce:10443" where NAME="ServerCommunicator" and SETTING="SERVER_HOST_AND_PORT_LIST"; | vontu_sqlite3.exe -db=cg.ead -p=protect4

You can now restart the agent using the service_shutdown.exe then starting the edpa or wdp service or restart the client computer. Once the agent restarts the new changes take place.

For security reasons remove the tools (update_configuration.exe, etc.) from the client computer.

Method 3: Changing the server via vontu_sqlite3 utility

You may also use the vontu_sqlite3 tool locally on the endpoint agent.

Currently mac agents do not have an update_configuration.exe equivalent. If the agents cannot get a configuration update from the Enforce Server, this method is one of the only other options to change the server. This method requires that you have the agent tools password that was used when installing the agent.

First obtain the vontu_sqlite3 agent tool using the same process as described in Method 2. Note that the mac agent files are in Symantec_DLP_14.X_Agent_Mac-IN.zip. Once the vontu_sqlite3 tool is in the endpoint agent folder run the following command from that directory.

vontu_sqlite3 -db=cg.ead -p=<tools password>

This command brings you to a sqlite> prompt. Then type the following (case sensitive) to update the server:

update CONFIGURATION set VALUE="<EndpointServer>:<port>" where NAME="ServerCommunicator" and SETTING="SERVER_HOST_AND_PORT_LIST";

Example:

update CONFIGURATION set VALUE="192.168.2.100:10443;Win64OraEnforce:10443" where NAME="ServerCommunicator" and SETTING="SERVER_HOST_AND_PORT_LIST";
.exit

Then restart the agent by restarting the client or using one of the following command lines:

Mac:

/bin/launchctl unload /Library/LaunchDaemons/com.symantec.manufacturer.agent.plist
/bin/launchctl load /Library/LaunchDaemons/com.symantec.manufacturer.agent.plist

Windows (agent tool):

Service_shutdown -p=<tools password>
net start edpa

When the agent starts back up it connects to the configured server.

Method 4: Use a new agent install package

This method is typically only used if the computers are no longer connected and the previous methods are not viable.
Example: You have several Mac clients that need to be reinstalled. You can use this method instead of manually running the vontu_sqlite utility on each computer.

Follow these steps to use an agent install package to redirect the agents.

  1. From Enforce go to System > Agents > Agent packaging
  2. Put in needed values and specify the new Endpoint Server (See the admin guide for further details)
  3. Generate the install package
  4. For Mac agents, you must repackage the client in OSx. See the Symantec Data Loss Prevention Installation Guides
  5. Uninstall the current agent on the computers. See DLP Endpoint Agent Uninstall and Remove for details
  6. Restart the client
  7. Install the new agent on the client. See Symantec Data Loss Prevention Installation Guides

Note that you cannot upgrade an agent to a version it already has or older. For example, you cannot upgrade DLP agent 15.0 MP1 to 14.6 MP2 or 15.0 MP1.

If you meet the prerequisites of an upgrade, then you can do an agent upgrade with an updated Endpoint Server list. See Symantec Data Loss Prevention Upgrade Guides.

 

Attachments