Policies were split-brain. Some groups saw the new 14.3 firewall rules. Others still expected 14.2 exceptions. The network team called at 3 AM: “Why is the print server blocking SMB traffic to the file share?”
The upgrade had changed the way SEPM authenticated to the database. The 14.2 service account had “db_owner” rights. 14.3 required “sysadmin” for the migration step, then dropped back. But the migration script timed out—30 seconds too short—and left the database in a half-migrated state.
But late at night, when the SEPM console is quiet and the logs show nothing but “All systems operational,” Jordan still checks one thing: the “Agents with communication errors” report. symantec endpoint protection upgrade 14.2 to 14.3
He spent three days writing a custom uninstall script for the old 14.2 driver, then a silent install wrapper for 14.3. It worked— once . But in production, with 2,300 endpoints? That knot tightened.
Jordan didn’t sleep that night. He wrote a PowerShell script to pre-check for that specific orphaned process and kill it before the upgrade. He tested it 22 times. It worked. Policies were split-brain
At 11:30 PM, Carl looked at the last machine—a receptionist’s Dell OptiPlex. He ran the script. Green.
At 4:47 AM, the console came back. But the agents—the 600 that had already upgraded to 14.3—were now trying to talk to a 14.2 database. They fell silent. No heartbeat. No telemetry. The network team called at 3 AM: “Why
They were ghosts.