Endpoint Detection and Response (EDR) does not always send commands for specific Symantec Endpoint Protection (SEP) Clients to the correct Symantec Endpoint Protection Manager (SEPM), but only sends commands to the most recently connected SEPM.

SEPMs are replicating with only a single SEPM installed in each Site

Or:

SEPMs are replicating with multiple SEPMs installed in each Site

This second environment requires additional steps to resolve the issue.

In Endpoint Detection and Response/Symantec Endpoint Protection Manager (SEPM) Web Servers:

1. Check the "Replication is enabled between all SEPM's" box
2. In the Dropdown box select the database (it will show the database that you have configured in the Synapse  - Symantec Endpoint Protection Manager (SEPM) Databases section)
3. Leave the "Replication is enabled between all SEPM's" box checked.
4. Delete all SEPMs from the Endpoint Detection and Response/Symantec Endpoint Protection Manager (SEPM) Web Servers section
5. Once all SEPM are removed, add them back in one by one.

You will notice that the "Replication is enabled between all SEPM's" box will re-appear as "checked" after re-adding the first SEPM.

Additional steps for replicating SEPMs with multiple SEPMs installed in each Site​:

Create additional unique SEPM System Administrators on each SEPM in each Site.

For example:

2 Sites with 2 SEPMs each:

In Site1 create admin-001 and admin-002:

In Site2 create admin003 and admin004:

In EDR edit or add the SEPM connections in Endpoint Detection and Response/Symantec Endpoint Protection Manager (SEPM) Web Servers:

For SEPM1 in Site1 use admin-001:

For SEPM1 in Site1 use admin-002:

Repeat the steps with the relevant account details for the remaining SEPMs in Site2