Change a DLP agent from one endpoint server to another

book

Article ID: 171181

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Enforce

Issue/Introduction

There are times when an agent needs to be redirected to a different Symantec Data Loss Prevention (DLP) Endpoint server or an agent needs to have its endpoint server priority list changed.

Resolution

There are three methods of changing the endpoint server or modifying the endpoint server list for a DLP agent.

  • Through the Console, with a script, or manually with the Vontu_sqlite3 tool.

Changing the endpoint server through the console

  1. Browse to System > Agents > Overview and click the number under the green check to view the agents in good standing
  2. Select the Agents you want to change endpoint servers
  3. Click the Change Server button
  4. Add the information for the endpoint servers. Note that secondary and tertiary servers can be added by using the plus button.
  5. Click Ok

A task running icon (Clipboard with play button) will now appear next to the agent. Once the change is successful you will see an event for that agent that reports "Change Endpoint Server task execution succeeded" in the agent details.

DLP Agent - Change Endpoint Server

 

Changing the endpoint server through a script

This Method is used if the agents are not communicating to the DLP Endpoint server.

Locate the agent install files .zip (see TECH249541) that was used when generating the agent install package. (This .zip can also be obtained through https://fileconnect.symantec.com) Extract and copy the tools folder appropriate for the client architecture to the client machine in the DLP Endpoint Agent agent folder.  

Once the tools are in the DLP Agent folder use the follow examples to build a script to change the server settings.

Using Vontu_Sqlite3

In 15.0 the update_configuration tool was removed. The vontu_sqlite3 tool can be used in it's place using the following method that echo's a single command in to the utility. Note that the password must also be supplied. Below is how the syntax of the batch file is structured

echo Update CONFIGURATION set Value="<EndpointServer>:<port>" where NAME="ServerCommunicator" and SETTING="SERVER_HOST_AND_PORT_LIST"; | vontu_sqlite3.exe -db=cg.ead -p=<agent_tools_password>

Below is an exmaple of setting a primary endpoint server name of 192.160. 2.100 on port 10443 and an Alternate Endpoint Server host of Win64oraenforce on port 10443:

echo Update CONFIGURATION set Value="192.160.2.100:10443;Win64oraenforce:10443" where NAME="ServerCommunicator" and SETTING="SERVER_HOST_AND_PORT_LIST"; | vontu_sqlite3.exe -db=cg.ead -p=protect4

 

Using Update_configuration Utility

This method is obsolete as of 15.0.

update_configuration.exe -name=ServerCommunicator -setting=SERVER_HOST_AND_PORT_LIST -type=str -value=<EndpointServer>:<port>

If updating to multiple servers then use a semicolon as a delimiter. For example:

update_configuration.exe -name=ServerCommunicator -setting=SERVER_HOST_AND_PORT_LIST -type=str -value=Win-2k8DetecSrv:10443;Win64OraEnforce:10443

You can now restart the agent using the service_shutdown.exe then starting the edpa or wdp service or restart the client machine. Once the agent restarts the new changes will take place.

For security reasons remove the tools (update_configuration.exe, etc) from the client machine.

 

Using Vontu_sqlite3 Tool (manually)

This is the only local option for OSX Mac clients to change the server because there is no update_configuration.exe equivillent tool for mac. Vontu_sqllite3 available for both windows and mac clients.

This method is used if the agents are not communicating to the DLP Endpoint server.

Locate the agent install files .zip (see TECH249541) that was used when generating the agent install package. (This .zip can also be obtained through https://fileconnect.symantec.com) Extract and copy the tools folder appropriate for the client architecture to the client machine in the DLP Endpoint Agent  folder. We specifically need the vontu_sqlite3 tool. 

For Reference the default agent locations are:

Mac OSX: /Library/Manufacturer/Endpoint Agent/
Windows: c:Program FilesManufacturerEndpoint Agent

Once the tools are in the DLP Agent folder run the following commands:

vontu_sqlite -db=cg.ead

Apply the tools password as needed. Then use the following commands in the vontu_sqllite3 tool to update the configuration (Note these are case sensetive). Be sure to change the value to direct to your sever and port: 

Update CONFIGURATION set VALUE="192.168.2.100:10443" where NAME="ServerCommunicator" and SETTING="SERVER_HOST_AND_PORT_LIST";  
.exit


Now restart the system or use the service_shutdown -p=<Endpoint Tools Password> to restart the DLP Agent. 

Attachments