Restoring Encryption Management Server Backups larger than 2GB

http://www.symantec.com/business/support/index?page=content&id=TECH149146

Issue

Due to a limitation of Apache, it is not possible to restore backups of 2GB or greater using the Encryption Management Server (previously PGP Universal Server) administrative interface.  To restore backups larger than 2GB requires accessing the server from the command-line interface.

Accessing the Symantec Encryption Management Server (SEMS) command line for read-only purposes (such as to view settings, services, logs, processes, disk space, query the database, etc) is supported. However, performing configuration modifications or customizations via the command line may void your Symantec Support agreement unless the following procedures are followed.

Any changes made to SEMS via the command line must be:

  • Authorized in writing by Symantec Support.
  • Implemented by a Symantec Partner, reseller or Symantec Technical Support.
  • Summarized and documented in a text file in /var/lib/ovid/customization on the PGP Universal Server itself.

Changes made through the command line may not persist through reboots and may be incompatible with future releases. Symantec Technical Support may also require reverting any custom configurations on SEMS back to a default state when troubleshooting new issues.

Solution

To restore a backup larger than 2GB in size:

  1. Copy the most current backup file of SEMS to a network drive or other location.
  2. Export the Organization Key of the server from the SEMS administrative interface.
    Note: It is important to export the full keypair with no passphrase. Entering the passphrase will cause the restore process to fail.
  3. Install SEMS from the .iso image.
  4. Import your SSH key to the server.
  5. Import the Organization key to the server.
  6. Connect to the server with WinSCP and copy the backup to the /var/lib/ovid/backups/ directory on the server.
  7. Access the server via SSH. For more information on accessing the server via SSH, see article TECH149673.
  8. Run pgpbackup --restore <backupfile.pgp> --key <orgkeyfile.asc> --done
  9. Restart tomcat using the command: #pgpsysconf --restart tomcat