Updating the PAT Version on the Server

When you change a Standby Security Management Server to Active, the new Active Security Management Server can have an older Policy Assignment Table (PAT) version than the clients. If the PAT version on the server is lower than the PAT version on the client, the client will not download policy updates.

To fix this, update the PAT number on the Active server.

To get the PAT version:

If the Active Security Management Server is available, get the last PAT version from it.

On the Active Server:

Run: uepm patver get

If the Active Security Management Server is not available, get the last PAT version from a client that was connected to the server before it went down.

On the client computer:

1. Open the Windows registry.
2. Find HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\EndPoint Security\Device Agent
3. Double-click the PATVersion value.

   The Edit String window opens.

4. Copy the number in the Value data field. This is the PAT version number.

To change the PAT version on the server:

1. Open a command prompt.
2. Run the Endpoint Security Management Security utility (uepm.exe) and set the new PAT version:

   uepm patver set <old_PAT_version_number> + 10

3. Make sure the new PAT version is set by running:

   uepm patver get

Deleting a Server

You can delete a Remote Help server or a Secondary Endpoint Security Management Server. Before you do that, make sure none of the remaining servers have connectivity to the deleted entities.