Endpoint Isolation fails with "Isolation failed: Error: Endpoint cannot be isolated. You must have a SEPM Host Integrity/Quarantine policy configured."
There can be a few reasons why this error occurs:
For issues 1 and 2 above, in Symantec Endpoint Protection Manager verify that the SEP Client's SEPM Group is correct and that the required Host Integrity/Quarantine Policy is applied.
For duplicate or orphaned clients, verify whether the client details indicate that it may be a duplicate or orphaned client:
Verify the "Last Check-in Time". A time sometime in the past may indicate that the client is no longer present
Verify the MAC ADDRESS. Clients with the same Host Name and IP address but a different MAC ADDRESS is an indication that these are duplicate clients.
Verify the SEPM Group. Clients with the same Host Name and IP address but a different SEPM Group is an indication that these are duplicate clients.
In the examples below, a duplicate client "WIN7-Client" exists. It has not been connected since 25 December last year and has in fact been removed from SEPM.