How To: Migrate Symantec Endpoint Protection Manager to a New Server

For whatever reason, you may find yourself tasked with migrating (moving) an installation of SEPM (Symantec Endpoint Protection Manager) from one server to another. Based on my research, I’ve found two methods for this.

  • Replication Method
  • Backup/Restore Method

Of the two methods listed above, replication is your best bet and easiest method to use.

Rest easy—it’s quite simple (depending on your current scenario.)

Example Scenarios:

  • Original SEPM server is still functioning, but is being retired
  • Original SEPM server crashed and is no longer available

Granted, these example scenarios are NOT, by any means, a complete list of scenarios you might find yourself in.

Keep in mind, if your SEPM server has crashed and/or is no longer functioning correctly, the replication method cannot be used (because there is no ‘good’ database to replicate from.) At this point you must use the backup/restore method, so hopefully you have a recent backup of your SEPM database and configuration to use.

My specific scenario was this:

SEPM needed to be migrated from old, overtaxed server, to new virtual server, built solely to run this app. 

This means, we still had the original SEPM running and could use it to replicate the database from. Also, the new server would have a different hostname and IP than the previous server, another requirement for replication. Here are the rest of the requirements for a successful replication:

  • Original SEPM server is operational
  • Credentials for original SEPM server console
  • New SEPM server has different hostname than old SEPM server
  • New SEPM server has different IP address than old SEPM server
  • New SEPM server must be installed as ‘additional site’ during initial installation

Once I determined I had satisfied all requirements for replication, I was ready to start the process.

Summary of replication process:

  1. Configure new server for installation
  2. Install SEPM on new server
  3. Configure it for replication with the first site
  4. Change the priority of the management servers to reflect that the new server is the master
  5. Verify all clients are targeting new master server
  6. Uninstall SEPM from old server


Once you have the new server up, configured, and ready for SEPM, you can proceed to the step-by-step instructions!

  1. First, start the installation Symantec Endpoint Protection Manager on the new server.
  2. When you get to the Management Server Configuration Wizard panel, select the Advanced Configuration type and click Next.
  3. Specify how many computers will be managed by this new server and click Next.
  4. Next, choose the option Install an additional site (this is the only option that will install a management server and a database necessary for replication.) 
  5. In the Server Information panel, either proceed with the default values or change them, then click Next.
  6. In the Site Information panel, choose a different ‘Site Name’ from your previous SEPM installation (they cannot be the same) and proceed.
  7. In the Replication Information panel, you will need to specify the following values before clicking Next
    • Replication Server Name - The hostname or IP address of your previous SEPM server
    • Replication Server Port - The port number of your previous SEPM server (the default is 8443)
    • Administrator Name - The username used for console access to the previous SEPM server
    • Password - The password used to log onto the console of the previous SEPM server
  8. In the Certificate Warning dialog box, click Yes.
  9. In the Database Server Choice panel, choose either an ’embedded database’ or a ‘Microsoft SQL Server database’, irrespective of what you have on your previous SEPM server, and then click Next to complete the installation.
  10. Once the installation has finished, log onto the new SEPM server and confirm that all your policies and clients have migrated over.
  11. Next, click Policies.
  12. Then, expand Policy Components and click on Management Server Lists.
  13. Right-click the Default Management Server List for ‘YourNewSEPMSiteName’ and select Assign.
  14. In the dialog box that appears, select all the locations/groups and click Assign to replace the existing ‘Management Server’ list with the new one.
  15. Log into the old SEPM server and click on Policies.
  16. Expand Policy Components and click on Management Server Lists.
  17. Add a new ‘Management Server’ list and enter in the values for your new SEPM server.
  18. Assign this newly created ‘Management Server’ list on the old SEPM server by right-clicking the list and selecting Assign.
  19. Wait the appropriate amount of time for all the clients to reflect the change and connect to the new SEPM server. To confirm this, click on Clients on the new SEPM server and check for a ‘green dot’ next to each client. If any of the clients are showing a ‘red arrow’ this means they are still pointing to the old SEPM server. If this is the case, go back and confirm that the new ‘Management Server’ list is correctly applied to all the groups and clients you’re migrating.
  20. After the migration process has completed successfully it is a good idea to leave the old SEPM server running for a couple of days before completing the next few steps.
  21. Uninstall SEPM from the old server.
  22. Log in to the new SEPM console and delete the old SEPM server from the Replication Partners list and Remote Sites.
  23. Under Policies -> Policy Components -> Management Server Lists, delete the Default Management Server List for YourOldSEPMSiteName’.

And we’re done!