The Symantec Endpoint Protection client is not able to communicate with the Symantec Endpoint Protection Manager (SEPM). The CVE log shows "Error Code = 12029."

Possible causes for this situation include the following:

 - The SEPM service is not running.

 - The machine hosting the SEPM does not allow inbound traffic via the expected port.

 - A firewall or proxy server is blocking inbound traffic via the expected port to the machine hosting the SEPM.

 - The SEP client is attempting to communicate via HTTPS while the SEPM or associated website is not correctly configured to allow HTTPS.

Note: The Communications Port for Symantec Endpoint Protection Manager by default is 8014; this communications port may have been customized during the installation of the Symantec Endpoint Protection Manager or at a later time.

• When the Symantec Endpoint Protection Manager server is unavailable

OR

• Symantec Endpoint Protection Manager service on the SEPM server is stopped/not running

• Ensure that Symantec Endpoint Protection Manager Server is Running, the Symantec Endpoint Protection Manager Service is running and the Symantec Endpoint Protection Manager was not re-installed.

• Symantec Endpoint Protection Manager was completely re-installed without restoring the Database backup or the Server Certificates

• If the SEPM was completely re-installed without restoring the Database backup or the Server Certificates, we need to replace the sylink file on all the clients.
  
  Follow the KB Article to resolve the issue:
  Using the "SylinkDrop" Utility
  Restoring client-server communication settings by using the SylinkDrop tool

• When Windows Firewall is not allowing the SEP client to connect on port 8014

• Follow the steps below in order to allow the inbound traffic on port http 8014:
  1. Open Windows Firewall Advance Settings from Administrative Tools
  2. Under Inbound Rules, select Create New Rule
  3. Create the rule for Ports & Protocol
  4. Select TCP port 8014
  5. Allow the traffic for only Domain as it is specific for Internal Network
  6. Finish the wizard
  7. Try to update the policy on one of the clients to test the end results
  8. The client should show up in manager and will start communicating with the manager

• A Proxy may not be allowing to connect to SEPM server on port 8014

Bypass OR create Exclusion on the Proxy Server to allow traffic to the Symantec Endpoint Protection Manager on port 8014

• Custom Management Server List is configured for HTTPS, although the website in IIS is not configured for SSL

• SEP clients that have a management server list configured to use HTTPS communication, without having configured SSL for the website in IIS, will not communicate with the SEP Manager. Either configure an SSL certificate in the IIS website or change the communication setting from HTTPS to HTTP in the Management Server List.