Which version of 12.1 are you using, and which version of 11.x?
12.1.1101.401
11.0.7000.975
When you did the manual installation of 11.x, was it while physically present at the server, or over a terminal connection (just curious)?
One of them was through VNC (this one is appearing in SEPM with definitions from 2011), and the other in the console of hyper-v (and in SEPM with definitions of the last 15, but locally on the client in fact with the 19th). But both using a package created by the SEPM (client deployement->option save package when adding client; created the exe and executed it in the client)
One has stayed with the update of 04/18/2011 R18 and other a update from last 15 of November.
If I had to guess, the only reason the second one updates is that it was able to run LiveUpdate and connect to the Symantec LiveUpdate servers.
You haven't made any changes to the LiveUpdate Content policy for the group these clients are in, have you, to exclude content? (Policies > LiveUpdate > LiveUpdate Content tab)
I've enabled the possibility to use the management server and liveupdate (an exception for the Windows 2000 servers, as the other clients don't have this option enabled)
Are your 12.1 clients updating correctly? Is your SEPM fully updated (Admin > Servers > Local Site > under Tasks, click Show LiveUpdate Downloads and look to see what the revision is; I believe that the Virus and Spyware definitions entry are designed to be backwards-compatible with 11.x).
The clients with 12.1 are updated to the last one on the server, that is from today (20-11-2012 r17)
If all looks up to date on the SEPM side, it's either communication problems or possibly definition corruption. Before trying the steps in the above document, it's often just as effective to apply the Intelligent Updater, which can usually handily replace any definition component that might be corrupted. You can download the file from this page--you will want the one that applies to 32-bit systems (should be the first link).
Beyond this, troubleshooting this is probably going to take an examination of sylink debug logging or the LiveUpdate log to determine why the update's failing.
How to check these logs on the clients?