Page 1 of 1 1
Topic Options
#176610 - 2007-05-30 11:40 PM Change the path name of Symantec Antivirus parent server in workstations
Adolfo Offline
Fresh Scripter
*****

Registered: 2007-01-25
Posts: 49
Loc: Cali, CO
Hi all,

I'm going to change the path name of Symantec Antivirus parent server in all workstations because there is a new one.

How can I change the parent server name in workstations via KiXtart? Is it possible the change and recommended only editing values in regedit?

The Symantec Client Antivirus Version is 10.0.2.2000

All users are administrators in their computers

Thank you all in advance

Top
#176611 - 2007-05-30 11:48 PM Re: Change the path name of Symantec Antivirus parent server in workstation [Re: Adolfo]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
It really shouldn't work I don't think as it should now be using Certificates. You can drag and drop the clients though from the console into another server. Just changing Parent Server though (I don't think) is supported anymore. You can double-check / call Symantec to find out though.

Drag and Drop works pretty good though. I assume you're talking about Corporate Edition.

Top
#176617 - 2007-05-31 09:50 AM Re: Change the path name of Symantec Antivirus parent server in workstation [Re: NTDOC]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
We did this some time ago. I wrote a script that does it remotely. It requires the ping() and fADSIServiceRun() UDF's. You should change the name of the old and the new certificate to the names they have in your setup. We did not copy the grc.dat file I can’t remember anymore why we skipped that part.
Computers.txt holds all computer names that have trouble communicating with the management server. It reads the file line by line, pings the computer and if the ping is successful it updates the certificate and restarts two services if the ping is not successful it writes the name to the computers_error.txt file.


 Code:
Break on

Call @SCRIPTDIR + "\ping().udf"
Call @SCRIPTDIR + "\fADSIServiceRun().udf"

$path = "\C$\Program Files\Symantec AntiVirus\pki\roots\"
$service1 = "Symantec Event Manager"
$service2 = "Symantec Settings Manager"

$rc = Open (1, @SCRIPTDIR + "\computers.txt", 2)
$rc = Open (2, @SCRIPTDIR + "\computers_error.txt", 5)

$computer = ReadLine (1)
While @ERROR = 0
	$online = Ping($computer,0,1,1000)
	If $online <> "0"
	?"Online."
		Del "\\" + $computer + $path + "36a2999be3558f4bb9ea6e7df080fae6.0.servergroupca.cer"
		Copy @SCRIPTDIR + "\new\e69e7a505a9e5540bdbda2b1db9498e1.0.servergroupca.cer" "\\" + $computer + $path
		fADSIServiceRun($computer, $service1, 0)
		fADSIServiceRun($computer, $service2, 0)
		fADSIServiceRun($computer, $service1, 1)
		fADSIServiceRun($computer, $service2, 1)
	Else
		?$computer + " is not online."
		$rc = WriteLine (2, $computer + @CRLF)
	EndIf
	$computer = ReadLine (1)
Loop

$rc = Close(1)
$rc = Close(2)


Client-server communication problems occur after repair or reinstallation of server
Ping() - checks for reply , or returns ip-address of remote host
fADSIServiceRun() - ADSI routine that starts, stops ,pause, and continues a service
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#176631 - 2007-05-31 07:28 PM Re: Change the path name of Symantec Antivirus parent server in workstation [Re: Mart]
Adolfo Offline
Fresh Scripter
*****

Registered: 2007-01-25
Posts: 49
Loc: Cali, CO
It works like this:

1. Stop “Symantec Settings Manager” service

2. Replace certificates located in %programfiles%\Symantec AntiVirus\pki\roots\ with certificates located in \\NewServer\vphome\pki\roots

3. Start “Symantec Event Manager” service

Thanks for your help

Top
#176634 - 2007-05-31 08:14 PM Re: Change the path name of Symantec Antivirus parent server in workstation [Re: Adolfo]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
Yep.
I know the event manager is dependant of the settings manager but just to be safe we stopped and started both of the separately just to be sure they are both running.

I still can't' remember why we skipped the grc.dat part but what the heck it worked and that's what it's about.
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#176660 - 2007-06-01 12:16 AM Re: Change the path name of Symantec Antivirus parent server in workstation [Re: Mart]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Well I suppose I need to revisit this myself as I brought up a new one and did the changes I was supposed to do and most clients worked fine but others went into limbo land. It may not have been as secure with the GRC.DAT method but it sure the heck was easy to manage and script that way.
Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
2 registered (morganw, mole) and 414 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.054 seconds in which 0.023 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org