I recently completed a push of 12.1.4 to over 1k servers.  This was to replace McAfee.  While looking to see who needed to be contacted to reboot their servers I've uncovered almost 500 servers not reporting to the SEPM.  All pushes completed successfully however when testing a small batch of these servers the SEPM is only seeing McAfee EPO on them.  Is it not going to recognize that SEP is installed until after the reboot and thus this is a good indeication of who needs to reboot their servers or did half of these replacements actually fail?

The deployment wizard is what is seeing them as running only the McAfee EPO.

If you check one of the boxes, is SEP showing up on it? Even though it needs to be rebooted SEP should still be there.

What exactly does the SEPM console show?

Have you ever seen the client status on SEPM server or clients?

Have you ever followed these article steps

About the third-party security software removal feature in Symantec Endpoint Protection 12.1 RU1 MP1 and later

• Article: TECH178757
• Updated: January 21, 2014
• Article URL: http://www.symantec.com/docs/TECH178757

edit

Third-party security software removal in Endpoint Protection 12.1

• Article: TECH195029
• Updated: January 23, 2015
• Article URL: http://www.symantec.com/docs/TECH195029

I haven't had our server team check the physical servers yet but I have a list of servers that I used the deployment wizard to push SEP packages to replace McAfee on these servers.  Out of 1k+ servers, when I search in the group that they were being put into, I find 775 servers which include new servers that were built with SEP installed. Leaves me a difference of almost 500 servers.  When I compare the list of the machines that the deployment wizard said were successfully pushed the package I can identify the machines. Connecting to them again via the deployment wizard shows them only running McAfee EPO though I will admit I only checked this on a handful.  I haven't checked the numbers today and I plan on both having the Server team verify by querying for a running smc.exe process as well as connecting to a larger pool of machines via the deployment wizard.

This was previously tested, was successful and over half the machines are showing in the console most of which, if not all, have already been rebooted.  It is these 500 machines that concern me.  So the deployment wizard should show them running SEP?  They are not reporting to the SEPM console.

This morning there are now 800 servers in the container in question.

Would seem the SEP push failed then. Do you have a SEP_INST.log file?

Where is that located?

%temp% directory.

I do not own or manage the servers though if you're refering to the temp file on the servers that the package was pushed to.  It seems strange and a little frightening if at least a third of the pushes failed. Going through the list there are a number of these servers that are, at least right now, not online and some that do report having Symantec installed.