Hi,
If, during the configuration portion of the SEPM, the "Simple" configuration option is chosen, then the encryption password should be the same as the admin login for the console (see page 66 of the install guide). Please note, however, that resetting the admin login does not reset the encryption password.
If an "Advanced" configuration was performed and a different passphrase was entered, there is currently no way to recover or reset the encryption password. The only resolution, at this time, is to reinstall the management server with a new encryption password (place this password in a very secure place, ie., a safe) and push the new sylink.xml file to all of the agents so that they get the new SEPM GUID. I've included the manual steps for doing this below:
1. Export an agent package after the SEPM has been reinstalled, making sure to NOT create a single .exe. This is important because we want to have access to the new sylink.xml file as a source for bringing the agents back into communication with the SEPM.
2. Copy the sylink.xml file from the newly exported agent package to a network share.
3. Log into an agent host and stop the agent service by typing "smc -stop" at the "run" line.
4. Browse to <install directory>\Symantec\Symantec Endpoint Protection and rename the existing sylink.xml file to "sylink.xml.old"
5. Copy the new sylink.xml file to <install directory>\Symantec\Symantec Endpoint Protection.
6. Start the agent service back up by typing "smc -start" at the "run" line. You should see the agent connect with a green dot in the tray icon.
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009032611453348