What exactly are you pushing through the Deployment wizard? Sounds interesting yet strange way to do things...

This is not originally intended to deploy definition updates although I suppose it could work with some package tweaking, this seems quite strange.

I suggest you do go ahead with patching (do a backup of the server beforehand if necessary) and then drop the JDB on the SEPM, then that should be problem solved.

Could you tell us exactly what files you are trying to push though? 

Regards

 That patch doesn't update definition.
To update the definition on all the client copy the JDB file on the SEPM server and if your clients are communicating with SEPM it will update the definitions.
The patch is not for clients it is only for SEPM Manager. the issue was never with clients it was always with SEPM.

Check this article.

How to update definitions for Symantec Endpoint Protection Manager using a JDB file

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007100820002048

For doing it manually on the clients use this
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008052116163448

@ Jeremy L

I have created a similar / exact same network as the client's (2003 Server with SEPM and XP with a SEP 11.0.4 installed), I successfully push the AntiVirus and AntiSpyware protection without Network Threat Protection and Proactive Threat Protection (using the Migration and Deployment Wizard) and upgraded the client to 11.0.5002.333 and the newest definition update, so I believe that should work with my client's pc too.

As I mentioned, I tried the Push from Migration and Deployment Wizard @ my client's pc, the setup executed but the definition didn't change so that's why I found it weird, thanks anyways =D

@ Vikram
I will check that out and let you know as soon as I tried the method you provided, thanks a lot =D

You can do this to upgrade the client, if your clients I already on 11.0.5002 then the installation package will not get process and neither will the definitions you may have added to the package 

Patching the SEPM is the only way, fail safe as long as you backup the DB before hand (we never know but we have had very few issues with the patch)

Surely for a small network like this, you don't need one month to get a critical patch approved?

@ Vikram

I have just tried the .JDB file for Symantec Endpoint Protection Manager on my testing machine, it took a while but it worked both on my Server machine and the client machine, thanks.

There is something that I don't understand (on my testing machines), I did not import active directory on the console(since there is one client only), I only have a group created under client, and add a computer account and user account, but there is no "green light" people are saying on the website, why does the client getting the update itself?

I will try the JDB file method @ my client's network later today and see if it works.

@ Jeremy L

Which one is a better method? Patching the SEPM or using the JDB file to update the SEPM? What is the difference between the two? What are the pros and cons?

Thanks for your help! Vikram and Jeremy, I am learning a lot!

patching will help sepm to get rid of date issue  ( there is a separte patch as vikram mentioned JDB file does not contains it)
JDB helps to update virus defs to your manager it will only update Antivirus and antispyware
to install client software you should create a package and run it on client machine, you should add computer account or user accounts in SEPM this will not install client software..

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007082915561148 

 No grren dot still getting updates..strange
Client must be logged off it is not showing green dot

@ Rafeeq

Thanks Rafeeq, I did create a package and have it installed successfully on my own testing machines, and I have tried to do the same with one of my client's network machines as I mentioned above, the only difference is, the package was executed on the my client's network machines but the definition didn't update itself.

On my client's network, everything went fine, it's just that the definition is not updating, it stays @ 31 Dec 2009, r127, and the definitions are varies on diff machines.

@ Vikram

I have successully updated my client's server's SEPM to the latest definition (Feb 16, 2010, r39) for now. 

There are 2 problems that I am seeing now.

1) I have seen people saying that after doing the "Migration and Deployment Wizard", the client's computer names will be added to the group under client, which I don't see that, all I did is manually type in the computer name and domain name, so when I want to run command on the manually typed client, it returns "The selected client has not yet connected to the server.  You cannot do this action until the client has connected to the server"

2) From what I have seen between my testing network and my client's network, the only difference is, from SEPM of my testing network, Virus Definition Distribution under home, the number of computer = 2.   On the other hand, from my client's network, SEPM of my client's Server, Virus Definition Distribution under home, the number of computer = 1.  So I believe I am not connecting the clients to the server in my client's network, I tried to manually typed in the name and domain, which gave me no luck.

Please advise how to connect the client to the sever, thanks.

 Looks like either there is communication issue between the client and the server.
Delete all entries from SEPM - Clients.

Create and deploy the package and make sure Windows firewall if Off on both client and server 

On the SEP client  interface
go to help and support - Troubleshooting 
what does it show next to server
does it show self managed , Offline or the server name ?

It shows me the static IP I have assigned to the client computer next to the server

 Static IP of the client on the Client GUI ??It should show SEPM servers IP address over there.
And all your SEPM server and clients should have static IPs.

I am sorry, yes, that's the server's static IP (next to the server under troubleshooting)

 If it is showing servers IP that means it is communicating and it would have a green dot on it.
If on any client IP or Name is not there then thats a problem.

I don't see the green dot.

I have created a new group and add the computer account manually, typing in the computer name and domain name, but I don't see the green dot yet.

Should the group and green dot appear after migration and deployment automatically?

 delete the clients that you have manually added .
Close SEPM restart SEPM service and then log back into SEPM
you will see the client back - normal and with green dot.

Closed SEPM and restarted SEPM, and logged back into SEPM
I still don't see the client back, which group does the client go to? I don't see it from the Default Group and the newly group that I created

Should I remove the client's SEP and deploy again? or remove SEPM from Server and SEP from client and redo?

 No need to re-install..it does take some time.

On the Client again go to help and support - troubleshooting

it will tell you the group name there itself

at the same page click on Update below update policy
Client should be in SEPM within a min.

hmmmm...I see your point...from the client's troubleshooting...the group it is showing (my company\office pc) does not exist in my server's SEPM, which only have default group at the moment, is there a way to switch it?

Thanks Vikram, now I have the client connected to the server, and most importantly with green dots!!!

You are the man, I have to try running command on the client with SEPM, if successful, I will apply the same to my client's network

Thanks Vikram, now everything works fine on both my testing machines and my client's network.

I am learning a lot