Updating an existing policy and applying it to an existing group does not update the policy serial number. Once the server is rebooted or the Symantec services are cycled things begin working again.
Creating a new group does not generate a policy serial number and the corresponding folder in the C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent is not created.
After restarting the SEPM service, changes made prior to restart are applied, but then new updates also require the SEPM service to be restarted again.
PackagePublisherTask.log (recording all the events related to Policy Serial Number updates) shows that Package Publisher Task is only executed once, just after restarting SEPM, instead of on a regular basis as it should be.
Symantec Endpoint Protection 12.1 with SQL Database (does not apply to Embedded Database)
Gap in PackagePublisherTask, matching the moment when groups were added:
2011-10-27 17:02:14.640 THREAD 25 FIN: PackageTask started with priority=1, isFirstTime =false
2011-10-28 15:14:49.613 THREAD 21 GRAVE: ================== Server Environment =================== => match the moment when SEPM service has been restarted
All "Group checking" events in PackagePublisherTask: