I know you said the clients are up-to-date, but can you tell from the policy serial number if they are picking up policy changes too?
If so, you should be able to just move them to a different group, disable the smc password protection, replace the copmmunications file, and move them back (as an initial bit of troubleshooting).
If they are not connecting to the SEPM at all, then I'd recommend following through the various tests described in the below article:
http://www.symantec.com/docs/HOWTO80740
And possibly enable & post the sylink logs for a deeper understanding of what the SEP Client thinks is happening:
http://www.symantec.com/docs/TECH104758