It seems to me that you do not have your internal LiveUpdate server, all your clients connect to your management server to receive virus defintion. With User Mode configuration, once the machine get rebooted, machine will have no communication to the management till next user log on.
To resolve your problem for the machine not being able to get virus definition updated automatically.
You can take advantage of locaiton feature, Click on Manage Locaiton, create Location One: there is a communication to the management server, this is the time that your user log on the machine, create a new Liveupdate setting policy for this location and choose to use default management server in the server settings.
Now you need to take care of the time when no one log on after machine reboot, create another location, let's call it Location Two: there is no communication to the management server. Create a new LiveUpdate setting policy for this location, choose to use default management server in the server settings, and select Use LiveUpdate, select use a specified internal LiveUpdate server, click Add, add our internal liveupdate server if you have one, add liveupdate.symantecliveupdate.com so that your machine at least can go to Symantec to update definition, I think you use GUP for your client as well, select GUP for this location as well. Since you add liveupdate.symantecliveupdate.com in the server settings, you will need to make sure your proxy setting is configured properly if you are in a proxy enviornment (You can use settings.merge.liveupdate file to configure proxy setting if necessary).
To verify this setting, apply the while a user logon, reboot the machine, before anyone logon, access to the admin share of the machine to c:\document and settings\all users\applicaiton data\symantec\liveupdate, open setting.liveupdate file with notepad, you can see the host 0, 1, 2... that will be the host where the machine will update defintion from at the time no user log on the machine.