The Symantec Endpoint Protection Manager (SEPM) lost its risk notification capability as the mail server is no longer sending them out on schedule. After enabling mail and scheduled report troubleshooting on the SEPM, the SecurityAlertNotifyTask log shows an incorrect entry for the SEPM server name. The correct and incorrect server names were both listed under Admin>Servers, and the old server reference could not be deleted.
In this scenario, the SEPM server was decommissioned and a new server was brought up in its place. The old server was all lower case while the new server used the same name but was typed completely in upper case. When the new SEPM server was installed, the customer used the recovery file from the original server and added the replacement server into the site as an additional server. This caused the perceived duplicate entry and this does not update the mail server properties to look at the new server name. In this state, the SEPM would not allow the admin the ability to delete the original server.