Symantec Endpoint Protection Manager (SEPM) randomly hangs or gets unresponsive when you try manage client group settings, such as editing LiveUpdate policies or creating a new client group.
SQL trace logs may show database locks and SEPMs ADSITask-x.log may show frequently repeated entries such as:
2017-01-30 14:18:25.509 THREAD 36 FINE: LdapUtils>> login: logging into AD...
2017-01-30 14:18:27.015 THREAD 36 FINE: LdapUtils>> login: logging into AD...
2017-01-30 15:15:47.719 THREAD 36 FINE: LdapUtils>> login: logging into AD...
2017-01-30 15:16:57.170 THREAD 36 FINE: LdapUtils>> login: logging into AD...

 

• Multiple SEPMs connected to the same Database
• Multiple SEPMs are configured to Synchronize with Active Directory (AD)
• The AD Synchronization task is configured on more than one SEPM
• The AD Synchronization task is scheduled to run more frequently than the default 24 hours.

The synchronization process between the SEPMs and the Active Directory servers can temporarily lock SEPM database tables, causing the issues mentioned above.

Configure only one SEPM to Synchronize with Active Directory with the default 24 hours schedule.

Since all SEPMs in this environment share the same database this is sufficient.  
The intention behind the Synchronization with Active Directory actions is to ensure that Active Directory changes are synchronized with SEPM. Typically this is useful if SEPM client groups are imported Organizational Units from Active Directory, or if Active Directory Accounts passwords have a frequent expiry time.