Operations when changing IP address and host name of Endpoint Protection Manager computer
search cancel

Operations when changing IP address and host name of Endpoint Protection Manager computer


Article ID: 176131


Updated On:


Endpoint Protection


What to do if I change IP address and hostname of Symantec Endpoint Protection Manager (SEPM) computer.


Symantec Endpoint Protection (SEP) clients uses host name and IP address of SEPM to communicate with.
If you change host name and IP address of SEPM, existing clients will not be able to establish communication because there is no way to obtain new host name and IP address of SEPM. 

SEPM Web console also displays a certificate error. This is because SEPM's IP address and computer name are different from those of the certificate.

To minimize the impact on the SEP client, before changing host name and IP address of SEPM, assign a management server list that uses the new host name and IP address,  and the current host name and IP address. This allows SEP client to continue to communicate with SEPM after hostname and IP address is changed.
check Change the IP Address that clients use to communicate with the Endpoint Protection Manager

To avoid this problem, generate a new certificate after changing SEPM computer name and IP address, and match the SEPM/SEP client certificate information with the new computer name and IP address.

This procedure applies when SEPM and SEP clients communicate only over HTTPS.

You may need to be careful when recreating a certificate. The certificate change affects HTTPS communication between SEPM and SEP.
For the certificate renewal procedure that does not interfere with SEPM/SEP client communication, see the following technical information.

Update the server certificate on the management server without breaking communications with the client

Note: If the management server list is set incorrectly, SEP client will not be able to establish communication with SEPM. Pay close attention to your settings to ensure that you do not apply incorrect settings. We recommend that you assign settings to test groups in advance and check that there are no problems with the settings.

See the following technical information about certificate generation and the relationship with SEPM/SEP communication.

Generating a new server certificate

Best practices for updating server certificates and maintaining the client-server connection

If you are running SEPM 14.3 RU1 (14.3.3384.1000) and later, check Reconfiguring Symantec Endpoint Protection Manager after changing the computer's IP address and host name.

If you are using Microsoft SQL Server as the database server, and you are using a Microsoft SQL database on the same computer as SEPM, the server name used for ODBC connections is changed after the host name change. (only change the computer name of SEPM)
Follow the instructions to correct the server name used for ODBC connections.

  1. Click the "Start" button and select "Run".
  2. Enter odbccp32.cpl in the name field and click the OK button. The ODBC Data Source Administrator starts.
    Note: For 64-bit OS, enter C:\Windows\syswow64\odbcad32.exe
  3. Select "System DSN" tab.
  4. Select "SymantecEndpointSecurityDSN" as the System DSN and click the "Configure" button.
  5. Enter the correct connection destination as the server name like \.
  6. Click "Next" button.
  7. If you use Windows authentication, check "With Integrated Windows authentication".
    If you use SQL server authentication,check "With SQL Server authentication using a login ID and password entered" and and input Login ID and password.
    check "Connect to SQL Server to obtain default settings for the additional configuration options.".
  8. Click "Next" button.
  9. Check "Change the default database to:", and select sem5.
  10. Click "Next" button.
  11. Click "Finish" button.
  12. On ODBC Microsoft SQL Server dialog, click "Test Data Source" button.
  13. If you see the message "TEST COMPLETEDSUCCESSFULLY!", the ODBC connection test is complete.