| Adolfo |
| (Fresh Scripter) |
| 2007-05-30 11:40 PM |
Change the path name of Symantec Antivirus parent server in workstations
|
Hi all,
I'm going to change the path name of Symantec Antivirus parent server in all workstations because there is a new one.
How can I change the parent server name in workstations via KiXtart? Is it possible the change and recommended only editing values in regedit?
The Symantec Client Antivirus Version is 10.0.2.2000
All users are administrators in their computers
Thank you all in advance
NTDOC
|
| (KiX Master) |
| 2007-05-30 11:48 PM |
|
|
Re: Change the path name of Symantec Antivirus parent server in workstation
|
It really shouldn't work I don't think as it should now be using Certificates. You can drag and drop the clients though from the console into another server. Just changing Parent Server though (I don't think) is supported anymore. You can double-check / call Symantec to find out though.
Drag and Drop works pretty good though. I assume you're talking about Corporate Edition.
| Mart |
| (KiX Supporter) |
| 2007-05-31 09:50 AM |
|
|
Re: Change the path name of Symantec Antivirus parent server in workstation
|
We did this some time ago. I wrote a script that does it remotely. It requires the ping() and fADSIServiceRun() UDF's. You should change the name of the old and the new certificate to the names they have in your setup. We did not copy the grc.dat file I can’t remember anymore why we skipped that part.
Computers.txt holds all computer names that have trouble communicating with the management server. It reads the file line by line, pings the computer and if the ping is successful it updates the certificate and restarts two services if the ping is not successful it writes the name to the computers_error.txt file.
Code:
Break on Call @SCRIPTDIR + "\ping().udf" Call @SCRIPTDIR + "\fADSIServiceRun().udf" $path = "\C$\Program Files\Symantec AntiVirus\pki\roots\" $service1 = "Symantec Event Manager" $service2 = "Symantec Settings Manager" $rc = Open (1, @SCRIPTDIR + "\computers.txt", 2) $rc = Open (2, @SCRIPTDIR + "\computers_error.txt", 5) $computer = ReadLine (1) While @ERROR = 0 $online = Ping($computer,0,1,1000) If $online <> "0" ?"Online." Del "\\" + $computer + $path + "36a2999be3558f4bb9ea6e7df080fae6.0.servergroupca.cer" Copy @SCRIPTDIR + "\new\e69e7a505a9e5540bdbda2b1db9498e1.0.servergroupca.cer" "\\" + $computer + $path fADSIServiceRun($computer, $service1, 0) fADSIServiceRun($computer, $service2, 0) fADSIServiceRun($computer, $service1, 1) fADSIServiceRun($computer, $service2, 1) Else ?$computer + " is not online." $rc = WriteLine (2, $computer + @CRLF) EndIf $computer = ReadLine (1) Loop $rc = Close(1) $rc = Close(2)
Client-server communication problems occur after repair or reinstallation of server
Ping() - checks for reply , or returns ip-address of remote host
fADSIServiceRun() - ADSI routine that starts, stops ,pause, and continues a service
| Adolfo |
| (Fresh Scripter) |
| 2007-05-31 07:28 PM |
|
Re: Change the path name of Symantec Antivirus parent server in workstation
|
It works like this:
1. Stop “Symantec Settings Manager” service
2. Replace certificates located in %programfiles%\Symantec AntiVirus\pki\roots\ with certificates located in \\NewServer\vphome\pki\roots
3. Start “Symantec Event Manager” service
Thanks for your help
| Mart |
| (KiX Supporter) |
| 2007-05-31 08:14 PM |
|
|
|
Re: Change the path name of Symantec Antivirus parent server in workstation
|
Yep.
I know the event manager is dependant of the settings manager but just to be safe we stopped and started both of the separately just to be sure they are both running.
I still can't' remember why we skipped the grc.dat part but what the heck it worked and that's what it's about.
|
NTDOC
|
| (KiX Master) |
| 2007-06-01 12:16 AM |
|
|
|
Re: Change the path name of Symantec Antivirus parent server in workstation
|
Well I suppose I need to revisit this myself as I brought up a new one and did the changes I was supposed to do and most clients worked fine but others went into limbo land. It may not have been as secure with the GRC.DAT method but it sure the heck was easy to manage and script that way.