First you need to follow this, its same for any remote push you do from SEPM
http://www.symantec.com/business/support/index?page=content&id=tech163112
2) I doubt if SEP Tamper protection is blocking the replacement, check UAC, Tamper protection.
have you tried replacing it manually on one client, just to take out the possibility of Tamper protection, it should be either of these two