You need to move your Cloud Detection Server and need to know what steps to take in order to do it.
If an old enrollment bundle is used at a different Enforce server than the original one to which the Detector is bound, it will fail with errors similar to those listed in DLP Cloud Service enrollment: error requesting client certificate from Symantec Managed PKI Service (broadcom.com):
This technote applies to all of the following types of Cloud Detectors:
Cloud Detection Servers are somewhat different from on-premise servers in that they "bind" to a specific Enforce server. Every Enforce server has a unique ID (visible in the Enforce Management Console when viewing the settings for Enforce).
Therefore, in order to move a Cloud Detector to a new Enforce server additional assistance is needed from Technical Support.
Open a new support case, identifying the Cloud Service as your product, and provide the details of what is happening (or if the Enforce server experienced a hard fail, or what has already happened).
Support will collect details, and involve other Symantec engineers as needed to unbind the Detector and allow a new enrollment bundle to be generated.