There are times when an agent needs to be redirected to a different Symantec Data Loss Prevention (DLP) Endpoint server or an agent needs to have its endpoint server priority list changed.
There are three methods of changing the endpoint server or modifying the endpoint server list for a DLP agent.
A task running icon (Clipboard with play button) will now appear next to the agent. Once the change is successful you will see an event for that agent that reports "Change Endpoint Server task execution succeeded" in the agent details.
This Method is used if the agents are not communicating to the DLP Endpoint server.
Locate the agent install files .zip (see TECH249541) that was used when generating the agent install package. (This .zip can also be obtained through https://fileconnect.symantec.com) Extract and copy the tools folder appropriate for the client architecture to the client machine in the DLP Endpoint Agent agent folder.
Once the tools are in the DLP Agent folder use the follow examples to build a script to change the server settings.
Using Vontu_Sqlite3
In 15.0 the update_configuration tool was removed. The vontu_sqlite3 tool can be used in it's place using the following method that echo's a single command in to the utility. Note that the password must also be supplied. Below is how the syntax of the batch file is structured
Below is an exmaple of setting a primary endpoint server name of 192.160. 2.100 on port 10443 and an Alternate Endpoint Server host of Win64oraenforce on port 10443:
Using Update_configuration Utility
This method is obsolete as of 15.0.
If updating to multiple servers then use a semicolon as a delimiter. For example:
You can now restart the agent using the service_shutdown.exe then starting the edpa or wdp service or restart the client machine. Once the agent restarts the new changes will take place.
For security reasons remove the tools (update_configuration.exe, etc) from the client machine.
This is the only local option for OSX Mac clients to change the server because there is no update_configuration.exe equivillent tool for mac. Vontu_sqllite3 available for both windows and mac clients.
This method is used if the agents are not communicating to the DLP Endpoint server.
Locate the agent install files .zip (see TECH249541) that was used when generating the agent install package. (This .zip can also be obtained through https://fileconnect.symantec.com) Extract and copy the tools folder appropriate for the client architecture to the client machine in the DLP Endpoint Agent folder. We specifically need the vontu_sqlite3 tool.
For Reference the default agent locations are:
Mac OSX: /Library/Manufacturer/Endpoint Agent/
Windows: c:Program FilesManufacturerEndpoint Agent
Once the tools are in the DLP Agent folder run the following commands:
Apply the tools password as needed. Then use the following commands in the vontu_sqllite3 tool to update the configuration (Note these are case sensetive). Be sure to change the value to direct to your sever and port:
Now restart the system or use the service_shutdown -p=<Endpoint Tools Password> to restart the DLP Agent.