Endpoint Protection

I have several workstations which never received a definition update after the client was installed. I also have workstations which stop getting definition updates after they were downloaded fine before. I can see that workstations are getting content from the SEPM (in the IIS log), but something is failing on the client. In one of the Symantec documents I found a mention of a client-side debugging. How can I enable it? Thanks.

 First of I would recommend you to upgrade your SEPM and all the clients to MR5 11.0.5002.xx

Troubleshooting Content Delivery to the Symantec Endpoint Protection client
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008092511045348

Symantec Endpoint Protection client debug logs
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008122313093748

If your servers are not at RU5 yet, try the following:

Use the console to identify clients with this problem - pre-RU5 they typically show a blank entry in the Definition field of the Client Protection Technology view. Take account of the geographical location of clients relative to SEPM servers and any traffic which is likely to result before proceeding to the next step.

Use the console to move the client to a different group. Try a different combination of GUP, LiveUpdate or direct SEPM updates to force the client to re-enumerate its policy and seek an update. On the client, request a policy update. Leave it in this group for a heartbeat interval (defined in Group Communications settings). If it updates, it usually gets back in sync and keeps up to date. Move it back to its home group.

Use the Intelligent Updater to bring it up to date. The underlying problem is not resolved but you will have mitigated the risk by getting it up to date for now.

If the above does not work, stop and restart the SEP service on the client. Leave it a heartbeat to give it a chance to update.

Next step, on the client, use Add and Remove Programs to rerun the installer. Leave it a heartbeat.

Uninstall / reinstall, or upgrade to RU5.

We are running 11.0.4014.26. Does the upgrade to MR5 require providing the Uninstall password on the clients? What exactly was fixed in the new release which would help me with the issue I see on my network?
As far as debugging is concerned, we are using only SEPM and GUP options for updates. Will the following logs be adequate:
. sylink
. sesclu?
Also, I noticed that Application Data directory under "c:\documents and settings\all users" does not exist on the affected computers. Do I have to reinstall the client to fix it? Thank you very much for your help.

I tried all that. I created a new group and moved all machines without definition updates to it. I changed the policy to allow TPM. Our networks are not connected to the Internet, so we only use SEPM and GUP for content updates. In the client logs I can see that the client connects to SEPM and gets the policy update, but no definition files. I tried manually requesting content from the client, manually pushing content from SEPM, rebooting the machine several times. I will try to enable some logging, as suggested by Vikram to get to the bottom of the problem. As I mentioned above, I can't see the c:\documents and settings\all users\application data on the affected machines. I will have to uninstall/reinstall the clients if nothing else works. The only problem is that I have to do it remotely... Thank you very much for all your suggestions.

<<<< As I mentioned above, I can't see the c:\documents and settings\all users\application data on the affected machines >>>

Application Data is a hidden folder and it can be found only on XP/2k3 systems
for Vista/Win7 and 2K8 it is C:\ProgramData\
here ProgramData is a hidden folder.

My bad. The folder is always there, my account is just not always configured to see hidden folders on a specific machine. Ignore that clue.

 Here is the Release notes for MR5/RU5
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/11.0/manuals/ru5/Release_Notes_for_Symantec_Endpoint_Protection_11_0_5.pdf

to upgrade to MR5 you wont need the un-install password.

https://www-secure.symantec.com/connect/forums/documentation-upgrading-endpoint
this might help you for upgrade.