Removing a Symantec Encryption Management Server node (PGP Server) from a cluster
search cancel

Removing a Symantec Encryption Management Server node (PGP Server) from a cluster

book

Article ID: 214887

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK Drive Encryption Desktop Email Encryption Endpoint Encryption File Share Encryption

Issue/Introduction

A PGP Server (Symantec Encryption Management Server) cluster member may need to be removed from the cluster for various reasons.

For example:

  • You have added a new cluster member and then wish to decommission an existing cluster member running on old hardware or in a different data center.
  • You wish to simplify the cluster topology in order to make it easier to maintain.
  • Your requirements have reduced and you no longer need so many cluster members.

If a PGP Server cluster member needs to be removed from the cluster, please do the following:

  1. Contact Symantec Encryption Support to see if this is really needed.  Removing a cluster member to simply add it back is not generally a good idea and support can help further troubleshoot. 
  2. Login to the administration console of a cluster member other than the one you are removing from the cluster.
  3. Navigate to System / Clustering.
  4. Click the delete button next to the cluster member that you wish to remove from the cluster.
  5. Login to the administration console of all cluster members and check that the deletion of the cluster member replicated around the cluster.

Sometimes, clicking on the delete button causes you to be returned to the administration console logon screen. When you login again, the cluster member has not been deleted.

 

CAUTION: Before attempting to delete a PGP Server from a cluster, it is best to reach out to Symantec Encryption Support for further guidance.  
This is because cluster members are commonly just fine, and further troubleshooting can be performed.  
In other environments where the PGP server's database is large, deleting the cluster node, and re-adding will sometimes complicate things, making it necessary to replicate all the data again. 

Environment

PGP Server (Symantec Encryption Management Server)

Resolution

In order to delete a cluster member using the administration console, you must be logged into Encryption Management Server using an account that has the SuperUser role.

Navigate to System / Administrators and check that the account you are using has a role of SuperUser:

If removing a cluster member using an account with the SuperUser role does not work first time, please do the following:

  1. Contact Symantec Encryption Support for guidance if you are in the midst of troubleshooting a clustering issue. 
    It is usually better to troubleshoot the issue than to simply remove the cluster node. 
  2. Login to the administration console of all cluster members.
  3. Navigate to System / General Settings.
  4. Click on the Restart Services button. This will restart the replication service.
  5. Try to delete the cluster member again.

It is possible to remove a cluster member by making changes to the database but this needs to be done very carefully to avoid serious consequences. Therefore, if the cluster member deletion still fails, please open a case with Technical Support.

Attachments