Hi
When the Symantec Endpoint Protection Manager (SEPM) counts the number of deployed licenses, it allocates a license to every client that is online, or that is not currently online, but exists as a client in the SEPM database.
The typical configuration of the SEPM is that the SEPM will "remember" what clients have attached to it for up to 60 days after they stop checking in before they are deleted and the license is scavenged and made available for redeployment.
When a newly deployed client first checks in, it will receive its license from the SEPM, and then connect to Symantec servers "in the cloud" to request its Client Authentication Token (CAT). Symantec Endpoint Protection 12.1 associates the CAT with the client ID value (the "Hardware ID") that individually identifies a specific client. If a client receives a new Hardware ID, it will be treated as a new client, and thus must receive a new CAT.
The Symantec cloud-based servers do not currently implement any level of license re-use or scavenging of licenses from decommissioned clients.
This means that although the SEPM may correctly report no "over-deployment" of the license, the cloud-based systems hosted by Symantec will still register an over-deployment, and will not provision the new client with a CAT.
FYR
http://www.symantec.com/docs/TECH184530