I read from you're thread that you've done a bit of searching before you started, so obviously this issue must not be straight forward.
So before suggesting anything, could you post the error you are seeing in the Sylink.log files?
The symptom you described, green light on console, but not on the client, can happen when there is a Certificate Mismatch in the Sylink.xml file. But I'm sure by now you've tried the "replace the sylink file" solution.
Here are a few steps that may narrow down the problem area.
1) Find a client, preferably one that shows a green light on the SEPM console, but not on the client.
2) Delete the client from the SEPM console.
3) On the client, click Update Policy
4) Observer whether the client registers with the SEPM server again.
If the client is able to register with SEPM, but not establish healthy communication, it suggest (does not absolutely prove) there is a certificate issue.
Next, let's make validate for sure it's not a certificate issue.
1) In the SEPM console, select a group that contains a client your troubleshooting.
2) Click on Policies tab -> General Settings -> Security Settings
3) Turn off the last option, Enable secure communication between the management server and clients using digital certificates for authentication.
4) Click OK.
5) Wait a moment to make sure the Server has time to generate the policy (It should be very fast).
6) Click the task option, "Export Communiction Settings"
This exports a Sylink file. Use this Sylink file to replace the one on the client. I'm sure you've tried the SylinkDrop solution before. The difference is this Sylink file will have 'VerifySignatures' flag set to ="0". You can verify this by opening the Sylink file.
If this works, then we know there is a certificate issue. I would assume you have a DB vs. on-disk certificate mismatch, which is very rare. But it should be repairable without dropping a Sylink file onto all the clients.
So once again, be sure to post the errors from your Sylink.log. I would suggest searching for the lines that contain "http://" (or https if you're using SSL). The error codes should be below the connection request.