Endpoint Protection

In preparation for a move to Windows 7, we have set up a lab with 8 Windows 7 workstations and a number of Windows Server 2008 boxes, one of which is hosting a copy of SEPM. 

I have installed SEP 11.0.6 on most of the workstations, and they seem to be functioning normally; they are receiving content updates from the management server, and the Management page contains the information (server, group, etc.) I would expect to see.  But when I go to the Clients tab on the SEPM Console  I see just one computer.
Oddly enough the computer I see listed differs from one session to the next, and it sometimes changes depending on the "View" I select from  the "View:" dropdown list.

I've tried hitting "Refresh" a few times on the console, and I've clicked the "Update" policy profile buttons on clients, to force some sort of interaction, but nothing seems to make a difference.  Can anybody help me figure out what's going on?

Have you created domains in SEPM..Are the clients Registered with different domains..check in
SEPM- ADMIN-Domains

Check on the clients if you see the green dot on it..If NO then it means they are managed and are updating from internet directly.

Have you used same image to create all 8 machines?
If yes, please follow document below for deploying SEP clients using image.
http://service1.symantec.com/support/ent-security.nsf/docid/2007110510364248

Possible cause is, when you deployed SEP clients using same image for all machines. All of them have same hardware ID, etc. Which can be confirmed from following location:
..\Program files\symantec\symantec endpoint protection manager\data\inbox\logs\exsecreg.log

If above is not the issue, then please make sure that following folder has "FULL PERMISSION" for "EVERYONE"
..\Program files\symantec\symantec endpoint protection manager\data\inbox\agentinfo

also search if the systems have turned to user mode, hence while seraching select user mode and computer mode.

also search if the systems have turned to user mode, hence while seraching select user mode and computer mode.

in the client GUI go to Help and support--->Trouble Shooting and note down the group ,In SEPM check in this same group for the client. Also assure that you are selected show all uses and computers option in the display filter.
                    Whether your clients are created form a common image, Then refer this KB
Duplicate Hardware IDs result in only one client showing up in the Symantec Endpoint Protection Manager for two systems.
For avoiding this type of issue in future take the steps as per this KB
Configuring Symantec Endpoint Protection client for deployment as part of a drive image

You  may upgrade  your  SEPM to RU^A version. Then, you will see clients  in uswr  mode( which you don't see in old  versions).After you switch all the user  mode  clients to computer  mode, you will ber able to see the clients  in SEPM, properly.

open sepm
click on clients
select display filter at the bottom
check user mode, see if clients are visible.
on the client machine go to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
check the preferred group,u should be able to see the client inside this group.
open sep-help and support - troubleshooting check thats communicating with the manager...u should see the server name.
if not then disable windows firewall and should have a green dot on the yellow shield

I checked the exsecreg.log and discovered that all clients do have the same Hardware ID.  I was surprised to find this, since I installed the clients from install files on a network share.  However, the clients were installed first as part of an image.  Before I installed the current clients, I uninstalled via the Control Panel.  Would this uninstall leave the Hardware ID in place?

So, what can I do to fix this?  Do I have to run Cleanwipe on all the clients?

you may need to run a batch file on all the the client's to delete Hardware ID from the said registry path ( mentioned by Rafeeq).

follow this link

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007110510364248

Hello Mitch,

Eeve if you turn off the windows firewall on the server hosting SEP Manager the client will not communicate with the Manager.

Keep the firewall on and create a rule for inbound traffice for the IIS port which is being used by symantec endpoint protection Manager.

If you have selected default settings while installing SEP Manager it would be 8014.

In few minutes you should be able to see the client reporting to the manager.

Thank you.

Is windows firewall on if yes try to disable windows firewall from services

does the client has green dot on them ?

There were only seven clients with this problem so I didn't run a batch file; I logged onto each machine and deleted the sephwid.xml file and the HardwireID registry entry.  And now these clients are all visible to the SEPM console.

When we start creating a production image, I'll make sure the HardwareID is blanked out before we deploy.

Thanks for your help.