The management server must always be upgraded before the clients.
If the upgrade fails, use the management-server-config.bat tool in the bin folder to attempt a database repair using the backed-up recovery.zip .
This comprehensive guide will walk you through every aspect of the upgrade process, from understanding the benefits of moving to 14.3 to detailed step‑by‑step instructions and post‑upgrade validation. Whether you are a seasoned system administrator or managing this upgrade for the first time, this article aims to provide all the information you need for a smooth, successful transition.
Before proceeding to client deployment, verify that the management server is stable and functioning correctly. symantec endpoint protection upgrade 14.2 to 14.3
The management console must always be at a version equal to or higher than the clients. Download the Installer: Obtain the 14.3 installation files from the Broadcom Support Portal Run Setup.exe:
If using multiple management servers, cancel any active replication tasks.
Are your endpoints primarily on-premise, or do you have a large number of ? The management server must always be upgraded before
| Issue | Likelihood | Mitigation | |-------|------------|-------------| | Database upgrade fails (SQL compatibility) | Medium | Ensure SQL is at least 2016, run DBCC CHECKDB pre-upgrade. | | Client communication breaks after SEPM upgrade | Low | Restart Symantec Management Service; check firewall port 8014. | | Custom policies lost or reset | Low | Export all policies before upgrade as XML backup. | | High memory usage post-upgrade (Java console) | Medium | Increase SEPM heap size (set SEPM_JVM_MAX_MEMORY ). | | 14.3 client fails on Windows 7 / old OS | High | – keep 14.2 client or retire the OS. |
This wizard launches automatically post-installation to upgrade the database schema.
Before starting the installer, ensure your environment meets the new 14.3 requirements. System Requirements Whether you are a seasoned system administrator or
Keep a record of your management server list, replication partners, and specific policy configurations. Download the Correct Installation Media
If you are writing a report or planning a migration, the critical path identified in the technical documentation includes:
The upgrade path is straightforward (SEPM first, then clients), but don't forget to check your custom policies and OS compatibility first!
Locate the recovery.zip file, typically found in C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Server Private Key Backup\ . Store this file on an external drive.
Ensure your hosting Windows Server is compatible with SEP 14.3. Windows Server 2012 R2, 2016, 2019, and 2022 are supported.