After upgrading ​Symantec Encryption Management Server 3.3.2 MP8 or above from release 3.3.2 MP7 or below, some ​consumer policies fail to replicate fully between cluster members.

The policy items that fail to replicate are as follows are new in 3.3.2 MP8, where n is 5 by default:

1. Enable logging (Windows clients only) in Desktop / General
2. Expire passphrase after n days with a grace period of n days for passphrase user (Windows clients only) in Desktop / Drive Encryption

Similar policy replication failures may result when upgrading to any release that has additional policy items.

No error messages are displayed but if one of these policy items is changed on one cluster member it fails to replicate to the others.

Duplicate entries in the pref_container and pref_data database tables are created after incremental replication completes. Incremental replication runs by default at 11 pm each day.

Please contact Symantec Support to resolve this issue.