You noticed that the clients are updated with the latest definitions, however the SEPM is not showing the updated information in the SEPM\Clients Tab.
SEP 14.2 RU1 MP1
exsecars.log shows below error.
02/10 10:24:02 [7576:12020] Force to update the USN for agent id: 769EEE8486921EF446063F8E7C2B892D
02/10 10:24:18 [7576:12020] Open File failed! File: 'E:\APPS\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo\75238adb-eedf-4165-9168-9f39e9cc2ebe.tmp' ÉÂ02/10 10:24:18 [7576:12020] ProcessAgentInfo error--Write File Error.!
02/10 10:25:46 [7576:12020] Open File failed! File: 'E:\APPS\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo\51b90408-6c68-4fb1-bdc9-23ecf2b0f23c.tmp' ÉÂ02/10 10:25:46 [7576:12020] ProcessAgentInfo error--Write File Error.!
1. The SEPM is unable to process the clients data due to the Permission Issue : ProcessAgentInfo error--Write File Error.!
2. E:\APPS\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo\ - Found 12458 *.dat file that are not processed by SEPM due to permission Issue
3. The Procmon shows 'E:\APPS\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo' directory is corrupt:
4. The information we are getting from Microsoft Filesystem Filter Manager:
5. There are other files also on E: which are affected. Other logs incoming rate are very less so might not be issue. Following are few:
6. Ntfs is also logging error about volume E:
2/20/2022 2:17:15 AM System Error Ntfs AMSDC1-V-54510.ShellECZ.com NT AUTHORITY\SYSTEM 55 *"A corruption was discovered in the file system structure on volume E:
The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x900000000000ae. The name of the file is ""\APPS\Symantec\Symantec Endpoint Protection Manager\data\backup.oldd\2020-Dec-14_03-00-06.zip""."
2/19/2022 2:58:22 AM System Error Ntfs AMSDC1-V-54510.ShellECZ.com NT AUTHORITY\SYSTEM 55 "A corruption was discovered in the file system structure on volume E:.
The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x17b000000000102. The name of the file is ""\APPS\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\semapisrv.log""."
Fix the disk Issue Or, move the SEPM to C:\ using disaster recovery process.
Disaster recovery best practices for Endpoint Protection
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Managing-management-servers-sites-and-databases/disaster-recovery-best-practices-for-endpoint-prot-v18588940-d15e2803.html