Hey Hey
Looks like I am having some success!
Visu..
Deleted the client and it appeared back within seconds ---- ( just curious, but does everyone's SEPM console view defy all logic, with almost 2000 machines it sorts in some strange order, and you have to look through all pages for your target? The search works, but i prefer to see it straight in the group window)
I couldn't stop the auto protect (its not allowed in the current policy), but I did start an active scan from the SEPM console, and the machine immediately went nuts - So that part worked :-)
I then stopped the client completely, and the SEPM console eventually recognized the machine had gone and the green dot on the SEPM disappeared - So i hope that proved what you were looking for. -- It also keeps the definition up to date on the SEPM, so the client is giving it some information...
I moved the machine to another group and forced an update. Immedaitely the client on the machine showed the correct group. I then ran the "smc -stop" and "smc -start" and saw that the client had once again jumped ship and gone into the group that doesn't exist - So back into the "My Company\Clients"
I then moved the machine back to the normal group and forced an update. Immediately the machine showed the correct group again "My Company\Hatch Clients\Australasia". But after yet another "smc -stop" and start the client started showing the "My Company\Clients" group again with the outdated policy.
I then stopped the services, and deleted ALL the bak files from the Symantec folder, and replaced the 3 files (Sylink.xml, Serdef.dat, Serstate.dat) with those from a working machine.
Now I am able to stop the services and start them, restart the machine and the client reports it is in the correct group! It no longer ends up with the old policy, and I think that this has finally solved my problem.
Oh, and yes we have another 3 replication partners to the SEPM here.
Thanks to everyone that chipped in, especially to you Visu for that eventual victory.
By the way, I did find a way to find the machines that were affected by this... The old policy (The one that no longer exists) had the location name as "default", whereas the new policy is set to show as "On the Network". I ran a report on network threat protection, and most of the machines in that report are showing as "Default" which means they are affected. You see we use a simple program in house called "Spark" that generates a Jabber notice from SEP, and we have a policy in place to ignore this. But the clients running the outdated policy have not got this policy and so are ending up in the report. Now I just have to try to work out a way to fix about 100 machines throughout our organization.