Thanks for the reply...I should have detailed the troubleshoot steps I've taken so far...

The article you sent was on of the first I tried, it didn't seem to do anything (live update via SEPM's Admin>servers>Local Site>Download LiveUpdate Content) failed with an Error=4.

I also:

Uninstalled/re-installed (from the installation package) LU on the server, was able to download 32/64 bit defs via SEPM's Admin>servers>Local Site>Download LiveUpdate Content, not being pushed out to clients.  Local server client not updating unless I run LU manually (gets defs directly from symantec).

Uninstalled/re-installed (from the installation package) LU on a client, all communication seems OK, not getting updates from manangement server.  Local client not updating unless I run LU manually (gets defs directly from symantec). 

Ran Secars test from client, received status "OK".

Downloaded latest JDB file, placed in "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming" - files picked up by system and numbered folders appear in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{EDBD3BD0-8395-4d4d-BAC9-19DD32EF4758} which contain full.zip files.

I'm probably forgetting something, but will update the thread as I remember.

Thanks for the reply...I forgot to list the troubleshooting steps that I had performed...the JDB file I downloaded was vd3a6202.jdb, downloaded and installed today around 3pm EST.

Are you seeing the SEPM server updated till 2012/09/03 rev003 via the sylog?  The SEPM interface is showing 2012/09/17 r2.  

See attached screenshots just taken now (around 11pm EST).

Checked policy numbers prior to TEST group creation, policy #'s match.

Created a new TEST group, left all settings as default.  Moved client, client's system tray icon's green dot disappeared and troubleshooting tool shows the client as disconnected.  (See screenshots).

Thanks very much for your input on this Ashish, I really appreciate it.  The sylink log is attached to my first post.

Server is Server 2003, client is XP so no UAC.

Strangely, the secar test that succeeded before now fails w/ a 403 error.  Using URL:

http://192.168.9.8:8014/secars?hello,secars 

On 80 I get:

C:\>telnet egrn-ws 80

From what I'm seeing here:

http://www.symantec.com/business/support/index?page=content&id=TECH163787

Port 80 was used prior to SEPM 11.x MR3, and changed to 8014 in later  builds...since we're on 12.1, should port 80 even be responding?  Like I said, the server firewall is disabled and SEPM is using Apache (not IIS) for web services.

Thanks again...

Thanks for the links, Ashish...I'm seeing some troubleshooting steps in them that I haven't tried yet.

Getting late here, so I'm going to try those out in the morning and I'll report back. 

I ran through the steps in that link, manual run of LUALL.exe in step 4 downloaded and installed 4 items sucessfully (2 of which were 32/64 bit definitions, don't recall the other 2).

Fired up SEPM and ran a Liveupdate from Admin > Server > Local Site > Download LiveUpdate content.

Status of SEPM LU download, screenshot shows installed downloads:

OK, I did this on a client machine...after re-downloading all defs to the SEPM server, all folders in the client's "\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions" received definitions from the server except for the "HIDefs" and "VirusDefs" folders which only contained an empty "newdefs-trigger" folder.

I tried updating the server via JDB file again, same result.  Seems that server communication isn't the issue, given the ability to download the other def types.

After doing this, the client's SEP interface said that there were no virus definitions loaded, so I fully uninstalled SEP from the client and re-installed from a freshly created installer package.  Same result, all defs update except for the virus defs.  The client now shows virus defs from 9/2011, around the time taht the server was originally deployed.  All other def time stamps are from Aug/Sept 2012

In my previous post, after removing the virus defs from the client manually I cleared and redownloaded defs to the SEPM server according to:

http://www.symantec.com/business/support/index?page=content&id=TECH166923

The client downloaded all defs except for the a/v defs...I then reinstalled defs to the SEPM server via JDB file.  Client still wouldn't download the a/v defs.

I then uninstalled SEP from the client and reinstalled using a freshly created installer....again, all defs updated except for the a/v defs which are showing a date around 9/2011...aproximately when the SEPM server was deployed.