We've all run into this problem at some point - Maybe I have trial licenses I'm trying to remove, or my old licenses aren't letting the new licenses import. How does an administrator solve this problem?
Before we begin, let's complete some pre-work steps:
1. Find our existing, new, and temporary license files/zip files.
2. Notice the dates on each of the file groups to better understand how and when they were deployed.
3. Having access to our legacy and new license files will help us feel more comfortable about modifying our license configuration from 'under the hood'. We can also identify the problem certificates in the SIM (Symantec Installation Manager), and note their dates of expiration. Those are the certificates we want to remove from our environment.
4. Ensure we do NOT have the SIM (Symantec Installation Manager) running on the server.
With our license files identified, let's walk through the stale license removal process:
1. Log into the Altiris Symantec Endpoint Management Server with administrative access.
2. In Server 2008, go to Start, Run. In Server 2012, press the Windows Key + X, and select 'Run'.
3. Type mmc
4. Click <enter>
5. If prompted by UAC, click OK to affirm leveraging administrative actions.
6. Click 'File', select 'Add/Remove Snap-in..'
7. Highlight 'Certificates' and click 'Add' in the middle of the screen.
8. You must select which option you'd like to manage certificates for. Choose 'Computer Account' and click 'Next'.
9. Choose Local Computer (should be selected by default). Click 'Finish'
10. Back at the Add/Remove Snap-ins screen, click 'OK'
11. Expand the Certificates folder by hitting the + link. Choose Altiris Licensing. Click on the Certificates link on the left pane. Your screen should resemble the one below:
12. As you can see, there will likely be a wide range of certificates. Don't be overwhelmed. Focus on the dates of your trial license or old license implementation. Highlight the legacy certificates that are no longer valid.
13. Click on the Action menu at the top of the screen, and choose 'Export'
This will start the Export Wizard. Why are we exporting garbage licenses? Because we're not completely sure if these are the licenses we want to dispose of - so better to be safe than sorry.
14. When the Export Wizard launches, click 'Next'.
15. Leave the default format (Personal Information Exchange / PKCS).
16. Choose a password, and enter it twice.
17. Note the password somewhere for safe-keeping.
18. Click 'Next'
19. Choose a location to store the file. Name it Certback. I recommend saving it to the Desktop for easy reference and removal. Windows will automatically add the .pfx extension to the file for you.
20. Verify the path and click 'Next'.
21. Click 'Finish'
22. Windows will tell you if/when the export was successful. Click 'OK'
23. Verify the file was created on the desktop.
24. With the sticky/old/legacy certificates still highlighted, click the red 'X' in the toolbar, or click the 'Delete' key on your keyboard.
25. Confirm the certificates are no longer in the list. Launch the SIM (Symantec Installation Manager), and add or verify accurate license counts.
Once licenses are properly re-imported or confirmed, delete the exported certificates from your Desktop folder on the server.