Have you checked your server Private Key and compared it to your client private key?
On your server; where the SEPM is installed, navigate to:
[installation drive]:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\
Of course, if this is where the server is installed. In the Agent folder, look for the last created folder by date stamp. You should have a collection of numbers for folder names, each of these will represent your groups defined in the SEPM server.
Find one, preferably with today or yesterday's time stamp. Open up one of these folders and you will find a file called:
SYLINK.XML
Open the SYLINK.XML file with whatever application you like for text editing.
Towards the bottom of the file, you will see:
- <ServerCertList>
<Certificate Name="[name of your server]">
[Lots of letters and numbers representing your Certificate or private key to establish connection between server and client.]
*********************************************
On your client machine, without a green dot, extract the same file from the installation folder.
[installation drive]:\Symantec or where ever you installed it.
In the root of the installation folder, find the
SYLINK.XML file, open it up and verify the exact same thing:
- <ServerCertList>
<Certificate Name="[name of your server]">
[Lots of letters and numbers representing your Certificate or private key to establish connection between server and client.]
***Note here, even IF you named the server the same as it was or did not change the name at all, just reinstalled, the first portion:
- <ServerCertList>
<Certificate Name="[name of your server]">
will be the same.
This serves little interest to us. We want to Ensure that the rest of the Server Key:
[Lots of letters and numbers representing your Certificate or private key to establish connection between server and client.]
Is identical to the one the server is trying to push out. If they differ, you must replace the file on the clients.
First try on a single machine, using the
SYLINKDROP tool, which can be found on your CD. Take the SYLINK.XML from the server agent folder indicated above and drop it into a client.
Does your green dot come back?
If so, use the Sylinkdeployment tool provided by Symantec.