After performing the software update from ATP 3.2 or earlier to SEDR 4.0, your current client Enrollment statistics look stable at 85% or higher. If you add more groups to the ECC 2.0 Group Inclusion list, clients that are added are not Enrolled.

During the upgrade to SEDR 4.0, if the appliance was using a chained certificate, only the server certificate is presented, not the intermediate certs.

This has been resolved in SEDR 4.1.