can you check this document and try this on one

How to restore/retain client-server communication using custom installation settings without having to use the sylink drop tool

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008052008163148 

Do you put back the certificate files.?
If no do as follows.
Copy back the old server server.xml and keystore.jks to \Program Files \Symantec\Symantec Endpoint Protection Manager\tomcat\conf  and \Program Files \Symantec\Symantec Endpoint Protection Manager\tomcat\etc respectively.Reconfigure your SEPM

Try this once
Symantec Endpoint Protection Manager 11.x communication troubleshooting 

Each client will communicate to SEPM based on its heart beat interval.If you want a client to communicate immediately either restart the SMC service or click on update policy...

OK - the problem isn't as extensive as I first thought

I've got lots of machines now connecting - my problem is with about 20% now

The ones who can connect all appear in the management console. the ones who can't connect seem to have disappeared from the database, their machines cannot be found.

So, it's possibly not the communication settings or misconfiguration on the SEPM.

But how do I get them back in without re-installing?

ideas?

I think best option is replacing the sylink file in the clients.You can also check the possibility which is suggested by Refeeq. 

ok - let me see if i'm doing this right

is replacing the sylink file the same as using the sylinkdrop tool to import an exported communication settings file from a group in SEPM?

i.e. replace with My_Company_xxxxx.xml

or is there an actual sylink file I should be using?

cheers

yes its one and the same 

Right - some progress

the sylink thing doesn't work

but this does

from the client I've done the following with success

1. Delete the following registry value: HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HardwareID  

Do you any time used images for reimaging the PCs? 

Have a look in below doc

Configuring Symantec Endpoint Protection client for
deployment as part of a drive image

resetting communication as per the above link deletes all these; well if you dont want to uninstall or reinstall you call follow the above procedure.
 

no - SEP has never been deployed as part of an image - it's installed automatically after a machine is imaged....

Check the possibility of duplicate clients once

to remove the duplicate entries in
the SEPM database:

http://127.0.0.1:9090/servlet/ConsoleServlet?ActionType=ConfigServer&action=CleanClients

  Ref: remove the duplicate entries in the SEPM database

I've run it - but nothing yet - maybe will take a while?

nah - still isn't working

and deleting that registry key and file only works on clients with RU5 on - and...when it does work, if it runs more than once it creates duplicate entries........

how many clients are left out ?
 

it's hard to say - a quick walk around says 2 in 10 machines  - so 20%

can' tell from management console as as lot of people work out of the office so it's normal not to show green dots against all the machines in the group

I mean, I've scripted the registry and file removal so Ican put that in login script or something, but it only works on RU5 clients, which we've only about 30% of.....

how are you replacing the sylink file? also are you sure that those problem clients aren't trying to contact the secodary "useless" server?

if you haven't already, I suggest you push a new client out to all of your workstations using the migration and deployment wizard to create the installer then push the client to your workstations. afterwards you'll have to go to each workstation and use the sylink replacement tool locally to ensure that the sylink file is set correctly. i've done it this way countless times and it's worked like a charm. i do see that you have remote workstations, so you may have to rely on the end user to replace the sylink file for you.

thanks for that.....

I really didn't want to have to push the install out again - it's a rellitively new installation/rollout and now having to somehow push a new install out will be a pain....I understand if that's the only thing then I've got to do it....

the secondary server is no longer useless.....it was reconfigured yesterday and now shares the same SQL DB as the other one, clients are checking into both....

cheers

i have noticed, that if you try to push the client out to multiple machines at once, the push fails. i've had to push them out manually 1 by 1, to have success. it maybe something to look out for. you can try two or three at a time, (haven't done so yet, i'll let you try it out first if you do ;)) and see how that goes.

good luck with that. let us know how things turn out.

well just tried to one machine - fail - it pushed and installed fine.... but no green dot afterwards

ahh well home time now - will follow up tomorrow with anything new

to be sure, are you using the correct sylink file? if all else fails, use the saylink file located in the default group. you can verify that file by going to the folder where the sylink file is located, open the LSprofile file with wordpad and make sure it's the default group.

home sounds good right now.
good luck

yeah tried using the sylink file from default group.... still no luck

my little scripts works for getting ru5 clients back on....but not with version 4's

to get them working I have to push an upgrade out to them, then run the script....

god, there's got to be an easier way to wipe communications from these clients and get them to check back in???

How to point Symantec Endpoint Protection(SEP) clients to a new Symantec Endpoint Protection Manager after you have either uninstalled, are going to decommission or replace the Existing Primary Symantec Endpoint Protection Manager (SEPM). 

Hi - sorry to keep this dragging on.

I've tried the last 2 suggestions to no avail....

What I have found out now though is this

I've opened up the SQL database and can find the missing clients actually in the database....but they don't show in SEPM console - so for some reason they exist in the DB but not in the console

Now, all these missing machines belong to groups in SEP that don't exist anymore.....(I moved the machines out into other groups ages ago and deleted the old groups, then SEP database got corrupt)..... so the fact that the groups don't exist but the clients still think they are in there is strange.....

I've tried deleting the orphaned machine entries from the database itself, then replace the policy on the SEP client, but it just recreates back in the datbase but not in the SEP console and the clients still thinks it's in a group that doesn't exist.

I've tried recreating the group to see if the client goes back in there, but, it doesn't :-( guessing the groups have a unique identifier

any new suggestions based on what i've said above?

cheers

open sepm
click on clients
click a group
click on policies on the right hand side 

right - all sorted now

I actually don't need to replace the sylink file on the machines - I only need to remove the computer from the tables above and then restart the client....the green dot disappears but then comes back presumably when it tries to check back in.

Thanks all for the sugestions and pointers.....