Seems there is a reporting issue with SEPM.

All clients are reported as having out-of-date AV definitions in SEPM. After checking multiple machines, all of them had received the latest AV definitions. This proved that SEPM was still able to download the AV content from the Internet and distributed to all clients. Somehow the AV definitions information was not sent back to SEPM.

Ran Symantec Validation tool and confirmed SQL DB is in working condition and communicating to SEPM.

Rebooted SEPM and about 10 clients reported the correct information to SEPM within 5 minutes but this number stayed the same since.

Attempted to delete 1 client entry in SEPM, updated policy in SEP and SEPM reported this device as "not reporting status".

SEPM version is SEP11RU7, same as SEP.

SQL DB is on MS SQL server 2008.

Any help will be appreciated.

Thanks.

do you mean clients are not reporting to SEPM? are all the clients having this issue?

was there any change in certificate ?

Please check if you have a lot of .DAT/.TMP/.ERR files into SEPM\data\inbox subfolders (especially Agentinfo). If yes, it means clients are reporting their logs to the SEPM, but the manager is not able to process them.

Also Check this

Clients cannot send data back to Symantec Endpoint Protection Manager

Check this comments

https://www-secure.symantec.com/connect/forums/sepm-shows-client-virus-definition-not-available#comment-8464131

Pete, SEPM seems to be able to report the correct information such as last client uptime, IP address etc. Only the AV definition is out-of-date.

All clients are affected on this.

No change on the certificate. Only change was the database migration from 2005 to 2008 and had to run the configuration wizard in SEPM to point to the new DB instances.

Manish, there are ~360 files in the agentinfo folder but most of them are back in 2012. only 6 files dated in April 2013.

Manish, checked the folder permission - everyone has FULL access to the inbox folder.

Hello,

How many disk space available in SEPM ?

Try to replace sylink.xml file one of client.

is teh DB on local system or remote?

if remote have you upgraded the SQL client on SEPM?

Manish - there are about 20Gb of free space available in SEPM. Appreciate if you can provide a link on how to replace sylink.xml file.

Pete - DB is located in another server. And no, we haven't upgraded SQL client on SEPM.

Run the SymHelp tool on the SEPM to see if it shows any errors

Symantec Help (SymHelp) Download

upgrade the SQL client on the SEPM , it should be compatible with SQL server for communication.

Hi

Please upgrade to SEP 12.1.2 and also the clients.

Regards

Pete, it seems the SEPM and the SQL server are communicating to each other as the client details are identical. But will check the SQL client on SEPM.

Sameer, there is a plan of upgrading to SEP12.1.2 but this will take some time to implement.

Vishal, SEPM has about 20Gb free space.