Right click on the client and move it to the appropriate group so that the policies configured for the specified group will be applied to the clients.

Or export the Sylink.xml from the intended group and replace it on the client.

The client is in the correct group already.  We use AD groups.
The description field for the client in SEPM  matches a different physical machine in AD.
There were two computers listed in SEPM with the computer name, but there is only one actually in Active Directory with that name.
The wrong machine (the one that used to be in a different AD group)  has the green dot on it in SEPM,
Whatever file the local client uses to identify itself to SEPM has a problem (likely somehow became duplicated with the other computer) and we want a method to clear it out.

Hi ,

Looks like you have multiple entries of the same machine in your SEP Manager. Probably you will find an entry of the Machine in an incorrect group where the client is reporting with a green dot. Another one in the actual AD group where you should not see a green dot on the client.

Is this the only machine facing this problem ?

If yes you can, try this:

-> Remove the machine from your domain.
-> Make sure you AD does not reflect the Machine anymore.
-> Sync your SEP M to the AD.
-> You should not see the machine in the AD group anymore.
-> Add the Machine to your Domain again and check your AD as well.
-> Now sync your SEP Manager with AD.

Even a restart of my DC has, at times fixed this problem for me :)

Other info that you may need:

A.) Just deleting the client from the SEP Manager , should delete the entry of the client from the SEP Manager. At the next heartbeat interval or connection time the client should reappear in the SEP M with new ID.

Since we have SEP M in sync with AD , you may not be able to delete that from SEP M directly. Hence I have suggested the above steps.

B.)The client's hardware ID is in the registry :
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HardwareID

"Hardware ID" and "Unique ID" are linked in DB

Use this SQL command to know the corresponding PC Name for a Hardware and Unique ID
SELECT [CLIENT_ID]
      ,[DOMAIN_ID]
      ,[GROUP_ID]
      ,[COMPUTER_ID]
      ,[HARDWARE_KEY]
      ,[COMPUTER_NAME]
  FROM [sem5].[dbo].[SEM_CLIENT] where [COMPUTER_NAME] = 'Your PC Name'

courtesy :
https://www-secure.symantec.com/connect/forums/unique-id

Could you please let us know the version of SEPM that you are using. Also the type of database in use. If you could send us the detailed information we can narrow down to the root cause.

The client was MR4 MP2.  We solved the problem by doing a complete removal of the Endpoint client and then installing RU5 client, but we would like a less drastic and less time consuming fix if this happens on other clients in the future.

So, is there no single file that can be deleted from the client or a command that can be run on the client to reset or regenerate a new unique client/hardware ID so SEPM will see it as brand new client at the next contact?

in future if you face duplicate entries issues.

you may follow this link , try anikeths suggestion, it really works.

http://www.symantec.com/connect/forums/duplicate-ad-imported-clients-ru5