Wednesday, October 13, 2010

Installing SEPM 11 step-by-step

In this post I will show the procedure to follow to install Symantec Endpoint Protection Manager 11, console, and embedded database on a Windows Server 2008 R2 Enterprise Edition.

Symantec Endpoint is the new name for the successor of Symantec AntiVirus Corporate Edition. In a nutshell, Symantec Endpoint 11 (aka SEPM 11) adds handling of spyware, a firewall and support for endpoint security health verification, among other secondary features. The last published version of Symantec AntiVirus was version 10, and Endpoint Protection begins at version 11, so no wonder if you get a moment lost trying to understand why Symantec did not reset version numbering even if they changed the product name...

As a background information, you must know that SEPM 11 can run on any Windows 2008 version (R2 included) and VMware ESX 2.5 or later figures among its supported platforms. This is valid starting from Release Update 5 (RU5). And from Release 5,
Symantec Endpoint Protection Manager can now be used with Microsoft SQL Server 2008.

The last patch released by Symantec is the Release Update 6 Maintenance Patch 1 (RU6 MP1).

Let’s start by installing and configuring IIS:
  • Log in as administrator: the real one, not a domain account ! (no need to disable UAC)
  • Run oobe.exe
  • Click on “add roles”
  • Select Web Server (IIS)
  • Select the following roles services:
  • Application Development
  • IIS 6 management Compatibility
  • Click on next and verify that you have all of the following:

· Web Server
o Common HTTP Features
§ Static Content
§ Default Document
§ Directory Browsing
§ HTTP Errors
o Application Development
§ .NET Extensibility
§ ISAPI Extensions
§ ISAPI Filters
o Health and Diagnostics
§ HTTP Logging
§ Request Monitor
o Security
§ Request Filtering
o Performance
§ Static Content Compression
· Management Tools
o IIS Management Console
o IIS 6 Management Compatibility
§ IIS 6 Metabase Compatibility
§ IIS 6 WMI Compatibility
§ IIS 6 Scripting Tools
§ IIS 6 Management Console
  • Click Install
  • Reboot the server

To install Symantec Endpoint Protection Manager:
  • Login as local administrator (not a domain admin, it won't work well)
  • Insert the product disc into the drive, and start the installation. For downloaded products, open the CD1 folder and double-click Setup.exe.
  • On the Welcome page, click InstallSymantecEndpoint Protection Manager.
  • Click Next.
  • A check is performed to verify that IIS is installed and properly configured and, if not, you will get an error message saying that “to continue the installation, make sure that the Internet Information Services (IIS) World Wide Web Publishing Service (W3SVC) is installed and running” and that “the following IIS role services must also be installed: ASP.NET, CGI, and IIS 6.0 Management Compatibility”:
  • A check is also performed to see if the computer meets the minimum system requirements. If it does not, a message will tell you which resource does not meet the minimum requirements. You can click Yes to continue installing Symantec Endpoint Protection Manager, but performance can be affected.
  • On the License Agreement page, select I accept the terms in the license agreement, and then click Next.
  • On the Destination Folder page, accept or change the installation directory, and then click Next.
  • On the Select Web site page, check Create a custom Web site, and then accept or change the TCP Port. I have used the suggested port 8014.
  • Click Next.
  • On the Ready to Install the Program page, click Install.
  • When the installation finishes, and the Install Wizard Completed page appears, click Finish.
  • Wait for the Management Server Configuration Wizard page to appear, which can take several seconds. If you are prompted to restart the computer, restart the computer, log on, and the wizard appears automatically for you to continue.
  • Select the option to configure the Symantec Endpoint Protection Manager with an embedded database in Advanced mode
  • On the Management Server Configuration Wizard page, select Advanced, and then click Next.
  • Select the number of clients you want this server to manage, and then click Next.
  • Check Install my first site, and then click Next.
  • On the server information page, accept or change the default values, and then click Next.
  • On the site name page, in the Site name box, accept or change the default name, and then click Next.
  • On the encryption password page, provide and confirm a password, and then click Next.
  • After you install Symantec Endpoint Protection Manager and become comfortable with the administration tasks, you must secure the cryptographic files that you need for disaster recovery.
  • On the database type page, check Embedded database, and then click Next.
  • On the system administrator account page, provide and confirm a password of 6 or more characters.
  • Click Next.
  • Use the user name and password that you set here to log on to the console for the first time.
  • Wait while the installation creates the database, which can take several minutes.
  • On the Management Server Configuration Wizard Completed page, do one of the following:
  • => To deploy client software with the Migration and Deployment Wizard, click Yes, and then click Finish.
  • => To log on to the Symantec Endpoint Protection Manager console first, and then deploy client software, click No, and then click Finish.

Finally, for a general review of SEP 11 by PCMag, click here.

I hope you will find this procedure useful. Do not hesitate to leave comments or to rise problems you have encountered during the installation process.


  1. This is great info. I was having a problem with the (IIS) World Wide Web Publishing Service (W3SVC) error but fo that corrected with your blog I found on Google. My problem gets even worse though as the next error I get is... can not be installed on this platform. Disheartened I realized that I didn't read the system requirements correctly and Installed Windows 2008 64 bit and am trying to install SEPM 11.03. When I try to download the update from to download release 5 or later, i can not enter my serial number because i can't find it. Emails my "local support team" has not helped. Any ideas on how I can get SPE installed on my Win2k8 64 bit VM I just built?

    Thanks, Tom

  2. As I said in my post, there is no compatibility between SEPM for Windows 2008 unless you are using RU5 or newer. I am sorry I cannot help with the license problem. You should get in touch with Symantec for this kind of issues.


Related Posts Plugin for WordPress, Blogger...