search cancel

TDAD AD Gateway fails to deploy after migrating the agent from SEPM-managed


Article ID: 254192


Updated On:


Endpoint Security Complete


An SES agent has been migrated from an on-premises Symantec Endpoint Protection Manager (SEPM) to the cloud. The Threat Defense for Active Directory (TDAD) AD Gateway feature does not successfully deploy, and the status is reported as "Not Responding".

Viewing the Activity History on the device, and filtering for Event Type Id:11-Command Activity shows the following:

"Command 'Feature Selection' is unsupported" or "Command 'Active Directory Gateway' is unsupported"


Component: TDAD AD Gateway


Unsupported client installation type: Embedded or VDI client


  1. Remove the failed AD Gateway from Active Directory integration in the ICDm
  2. Obtain and extract the original installation package from the old SEPM
  3. Create a new SES installation package, ensuring that the Feature Selection policy applied to the chosen Device Group has the Threat Defense for Active Directory feature selected for the relevant OS type
  4. In the extracted files from the old installation package, double-click the MSI file, then choose to uninstall the client. Reboot when completed
  5. Install the new SES installation package
  6. Add the device as an AD Gateway