Video Screencast Help

SEPM offline client query is not correct

Created: 21 Jun 2012 | 7 comments
PeterMakto's picture

Hi there,

I have a big problem about the Management Console. When I want to list the clients by Health State, between the offline clients there are some online too. What is wrong with my Console? I use SEP 12.1 RU1, and SQL database.

Please help to solve this problem

Best Regards

Comments 7 CommentsJump to latest comment

Alex_CST's picture

If you take a look at this article

Do the same SEP endpoints report the same information there?  Just trying to narrow down if it is an SQL error or just a bug with the SEPM sorting.

Please mark posts as solutions if they solve your problem!

PeterMakto's picture

Hi weevil,

The Client online status by Group report says there is 259 offline client. On the Home tab, the Endpoint Status says 1092 offline client which actually completery worng, because I can ping 323 of them.

pete_4u2002's picture

looks like those clients are not communicating. can you check the communication troubleshooting link

Symantec Endpoint Protection Manager 12.1 Communication Troubleshooting

Mithun Sanghavi's picture


It seems that AD is in sync with SEPM.

Were there any changes made in the AD?

Did you check if these Clients are actually Online or Offline?

There are 2 solutions for this issue as it relates to systems or sessions that have been re-imaged/reloaded.

Solution 1: Remove the client from SEPM if it is going to be rebuilt or re-imaged.

  1. If you know in advance that a group of systems are going to be re-imaged, you can remove those clients from the console ahead of time.
  2. If you have clients that are strictly running on virtual machines which are reloaded or re-imaged on a regular basis, create a separate client group for those clients. When it comes time to re-image them, they will be easier to locate when placed in their own group.

Solution 2: Configure SEPM to remove clients which have not connected within a specific number of days.

1. In the SEPM, go to the Admin page.
2. Select Domains.
3. Under Tasks, select Edit Domain Properties
4. In the Edit Domain Properties window, on the default General tab, note the option to "Delete clients that have not connected for specified time."

Configuring a low value for this setting would clear up the duplicates more quickly. 

It is important to consider clients that are offline over the weekend. Setting this value to 1 or 2 will likely cause all your clients to be removed after a weekend.
A recommended value for large enterprise environments would be 7 to 14 days.
Hope that helps!!

Mithun Sanghavi
Senior Consultant

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

PeterMakto's picture

Hi Mithun,

I'm not pretty sure, to the 2. solution is working fine, because as you can see, the Last Time Status Changed filed is the same of every line. btw I've sent an email to you.

Mithun Sanghavi's picture


I see that this seems to resolve the issue.

I received your email. However, in reference to the Tool. I believe he is talking about the "MoveClient" utility.

To have this utility, you would have to Download  

"Symantec_Endpoint_Protection_12.1.1_MP1_Part2_Tools_EN.exe "

from Symantec Fileconnect website and unzip the same. Once done, browse to ....\Tools\NoSupport\MoveClient

Note: This utility is NO Support utility.

Hope that helps!!

Mithun Sanghavi
Senior Consultant

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

PeterMakto's picture


the customer did not synchronize the AD servers with SEP, only to the administrator accounts. I've checked some clients (ping requests) and they are really online. I'll recommend the customer Mithun's 2. solution.