Endpoint Detection and Response (EDR) does not always send commands for specific Symantec Endpoint Protection (SEP) Clients to the correct Symantec Endpoint Protection Manager (SEPM), but only sends commands to the most recently connected SEPM.
SEPMs are replicating with only a single SEPM installed in each Site
SEPMs are replicating with multiple SEPMs installed in each Site
This second environment requires additional steps to resolve the issue.
In Endpoint Detection and Response/Symantec Endpoint Protection Manager (SEPM) Web Servers:
You will notice that the "Replication is enabled between all SEPM's" box will re-appear as "checked" after re-adding the first SEPM.
Additional steps for replicating SEPMs with multiple SEPMs installed in each Site:
Create additional unique SEPM System Administrators on each SEPM in each Site.
2 Sites with 2 SEPMs each:
In Site1 create admin-001 and admin-002:
In Site2 create admin003 and admin004:
In EDR edit or add the SEPM connections in Endpoint Detection and Response/Symantec Endpoint Protection Manager (SEPM) Web Servers:
For SEPM1 in Site1 use admin-001:
For SEPM1 in Site1 use admin-002:
Repeat the steps with the relevant account details for the remaining SEPMs in Site2