One or more Symantec Endpoint Protection Manager (SEPM) display Authentication or Connection Errors as their Status. The Status changes to "Healthy" automatically after some time, but can change to an Error intermittently.

Advanced Threat Protection (ATP)

The errors can display as any of the following:

• Authentication Error
• Connection Error

Multiple SEPMs are configured to synchronize with Active Directory Servers in the background on a relatively frequent schedule.

The synchronization process between the SEPMs and the Active Directory servers can temporarily lock SEPM database tables.  When this coincides with some connection activity between ATP and the SEPMs, information requested by ATP will be temporatily unavailable, resulting in a "SEPM is not Healthy" status. 
When the next ATP to SEPM connection no longer coincides with the SEPM and Active Directory synchronization, the SEPM Status reverts back to "Healthy".
 

Minimize the database table lock occurences:
Limit the number of SEPMs that synchronize with an Active Directory server to one.