search cancel

Technical considerations for upgrading to Endpoint Encryption 11.3.1 and above


Article ID: 212284


Updated On:


Endpoint Encryption


Please see the Symantec Endpoint Encryption Upgrade Guide for full details about upgrading to release 11.3.1 and above.

This article outlines some of the technical considerations to consider prior to upgrading.


Symantec Endpoint Encryption 11.3.1 and above.


1. Downloading the installation files

In order to download the installation files you will need to be registered on the Broadcom portal. Please see article 145581 for how to register a new basic user account for the portal. You will then need to upgrade to an Enterprise account by following the steps in article 142873. You will need your site ID. Once registered, navigate to the Download Management page and search for Endpoint Encryption. Select the Release and Language in order to view the available files and download the appropriate zip file.

2. SQL Server rights

In releases prior to 11.3.1, in order to upgrade you used to need a SQL Server account with system administrator rights. This is no longer the case for upgrades, only for fresh installs. Instead, you can upgrade by connecting to the database using an account that has the db_owner role over the SEEMSDb database. See article 206626 for details on how to grant that access.

3. Installation permissions

The Windows account that runs the MSI file on the Endpoint Encryption Management Server needs local administration rights.

4. TLS Certificate Validity

Prior to upgrading, it is recommended to check that the TLS certificate on the Endpoint Encryption Management Server has a reasonable period of validity remaining and obtain a new certificate if required. The server certificate must have the Server Authentication attribute enabled. See article 172147 for details.

If you obtain a new server certificate you will need to supply its public root certificate in DER format as part of the configuration so it is recommended to export it to a file in advance.

5. SQL Server System CLR Types and Management Objects

Prior to upgrading please ensure that SQL Server System CLR Types and SQL Server Management Objects are installed on the Endpoint Encryption Management Server. These components were also required in previous releases but for release 11.3.1 and above you need the SQL Server 2012 SP4 versions of these. In previous releases the SQL Server 2008 R2 SP1 versions were used. See article 163229 for details. Please do not uninstall the SQL Server 2008 R2 version of Management Objects until after the upgrade. In fact there is no need to uninstall the 2008 R2 versions of these items at any point.

6. TLS 1.2

Endpoint Encryption 11.3 and above disables TLS 1.0 and 1.1 by default. Note that Endpoint Encryption clients running release 11.1 and above will be able to connect to the server using TLS 1.2. Although TLS 1.0 and 1.1 can be enabled in release 11.3 and above, it is not recommended.