Yup, I'm aware the article applies to the SEPM as well as clients. In fact, I make a special note that there is no differentiation between the two in my very first post!
It's this that is the problem. The testing is based on the assumption that people are running the very latest all the time. As we're all aware, this is rarely ever the case.
While it's acceptable to go through a stepped upgrade for the SEPMs, it is not exactly helpful to request this for thousands of managed client machines. The fact is that it does work, it'd just be appreciated if Symantec supported it.
Also, have you seen the fix list I posted? Presumably, the SEP engineers were not expecting us to still upgrade to RU2 then to RU2MP1 when they put in the below fix. I interpret this fix as "Upgrade your clients directly to SEP12.1RU2MP1 instead, as it is designed to look for the driver from prior versions, and is now fixed".
Like I say, it all appears to be there and working, it'd be nice if it was tested and supported too.
Migration from Symantec Endpoint Protection 11.0.5 or higher to Symantec Endpoint Protection 12.1 RU2 and removing Network Threat Protection causes network instability
Fix ID: 3063813
Symptom: When upgrading from a later version of Symantec Endpoint Protection with the firewall component installed to a Symantec Endpoint Protection 12.1 RU2 install package without the firewall, the network may not load upon reboot.
Solution: Updated the migration mechanism for removing Teefer3 components from prior Symantec Endpoint Protection versions during the firewall uninstall.