Changing the port for SEE Client Communication and the SEE Management Server Web Console
search cancel

Changing the port for SEE Client Communication and the SEE Management Server Web Console

book

Article ID: 416444

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

This article will discuss how to change the port on the SEE Management Server, to allow currently-deployed clients to continue to communicate, all while using the web portal.

The steps in this guide will allow you to change the port for OAuth, which all SEE 12 clients are now using.

Environment

SEE 12, SEE 11.4*

SEE 12 clients have been deployed to the environment. SEE clients on version 11.4 and older will need to potentially change the "Web Access (Windows)" for these steps to work.

Resolution

*Before doing any of these steps, take screenshots of the SEEMS Configuration Manager, as well as a snapshot of the Windows server where SEE is installed.
Backup the database, etc.

*It's always a good idea to test smaller groups before the entire enterprise to ensure the steps you are taking will cover your specific environment.

 

Changing the port:

For this example, we will use "seems.example.com", which currently uses port 443 for TLS communications. We will be changing the port from 443 to port 7800.
The communications URL is https://seems.example.com:443/SEEIdentityServer

 

Step 1:
Open the Internet Information Services (IIS) Manager, and navigate to and expand the Sites and look for "Symantec Endpoint Encryption Services".

Step 2:
Right-click on the website and select "Edit Bindings...".  Add a new HTTPS binding with the new port (7800) and certificate.
The SEE website will now have two HTTPS bindings.

Step 3:
Login to the SEE Management Server Web Console:  https://seems.example.com:7800/webconsole.

Step 4:
You can now use the "Server Commands" to send the new port to all the SEE clients.
In the web console, select the Group/endpoints that you want to send the command.  From the "More options", select "Change Web Access (Oauth)".
The pop-up window will show the default port (443). Change this port to 7800.

Step 5:
Send the "Change Web Access" command.
Note that when the command is sent, the URL is validated. Since the binding has already been added in IIS, the validation should succeed.
The SEE Webserver will temporarily have two active HTTPS interfaces, one on port 443 and another on the new port 7800. Both will be working at this time.

Step 6:
Once all the clients have received and processed the command, it is recommended to delete the newly added configuration from IIS.

Step 7:
When all the clients are working, and the web console is working, now change the configuration in the SEEMS Configuration Manager to ensure the UI and backend IIS are synchronized.

 

 

Note: If you would like to change the FQDN for the server, reach out to Symantec Encryption Support for further guidance. 

Powered by Wolken Software