Hi,
For sure if you noticed that the clients are not all displayed and some of them are switching on the SEPM Console, that's an expected behavior if the clone image has not been prepared correctly.
Your SEP clients gonna have the same hardware ID.
In this situation, for example let's say you have 15 SEP clients with the same hardware ID, you will see only one displayed on the SEPM Console and online.
And the 15 SEP clients gonna be displayed randomly during the day when they are updating from the SEPM server.
SEP 1 updading and displayed on the SEPM Console. The 14 other SEP clients are not displayed.
An hour later, SEP 2 displayed on the SEPM Console, The 14 other SEP clients including SEP 1 not displayed anymore.
Etc etc ^^
To check if there are duplicated, just give a look on the ersecreg and secars log on the SEPM side.
You will see all your clients registering to your SEPM.
You could perform research by taking one of the Hardware ID and see if you noticed that one with different IP address. If so, you have some duplicates.
You should be aware as well about the SEP Client registration work flow and then I think you will understand better why this unexpected behavior occurs.
Keep in mind that it's the information of the SEPM database that has priority on everything, no matter if you re-deploy SEP install machine on clients with remove all previous logs, policy and reset of the communication.
Work flow chart of SEP client registration to SEPM => http://www.symantec.com/docs/TECH91587
Kind Regards,
A. Wesker