Here's an interesting one.

I've just upgraded our SEPM from RU6 MP3 to 12.1 RU2 upgrade went ok and clients checked into the manager.

SEPM is reporting that the clients online and checking in but when I check the local client on the SEPM it has no green dot and troubleshooting is showing offline.

I can't update the sylink file as the original installation was done by someone else and nobody seems to have the client stop/uninstall password.

Local client is now upgraded to 12.1 RU2 and initially checked in and now reporting offline again. All Defs are up to date.

This is resolved on SEPM 12.1.2 MP1

New fixes and features in Symantec Endpoint Protection 12.1 Release Update 2 Maintenance Pack 1

Thanks Manish,

But I'm getting the opposite to this issue the SEPM is saying online the clients are not.

should be a port issue.

How to bypass the IIS proxy after upgrading to Symantec Endpoint Protection Manager 12.1

Are the client are update ?

Check Windows firewall and UAC should be disable

try to restart sep client system

I know you said the clients are up-to-date, but can you tell from the policy serial number if they are picking up policy changes too?

If so, you should be able to just move them to a different group, disable the smc password protection, replace the copmmunications file, and move them back (as an initial bit of troubleshooting).

If they are not connecting to the SEPM at all, then I'd recommend following through the various tests described in the below article:

http://www.symantec.com/docs/HOWTO80740

And possibly enable & post the sylink logs for a deeper understanding of what the SEP Client thinks is happening:

http://www.symantec.com/docs/TECH104758

i have this issue but only when the duplicate host entry forund on server as well as in network. one of the clients was in workgroup and other is in domain.

Check the mac address of online entry, is it same?

Try the step on client

Checked the client status: offline
Took the backup of the registry
Delete the following registry keys:
 HKEY_USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
 HKEY_USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Set the proxy enable in the registry to 0 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Uncheck the proxy setting option in the internet options settings.
Reboot the system.

Thanks all for help have managed to track down the original password import new sylink files which seems to be resolving the issue.

Although it is rather an odd issue even when I delete the machines they check back in but don't recieve latest policy even though everything is correct in the existing sylink file.