Licenses are not getting updated in Symantec Installation Manager

book

Article ID: 157235

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

  • When applying correct licenses to Symantec Installation Manager, gives error "services failed to restart to refresh licenses."
  • Altiris services are restarted but License never gets updated.
  • When executing RemoveLicense.exe, it gives error "can not get the license. System.Exception: Certificate chain is invalid."
  • License are not getting updated even after performing Steps from the article http://www.symantec.com/docs/HOWTO4263
  • Log Viewer also populate with the Exception "InvalidCertificateException: Certificate chain is invalid"

Symantec Installation Manager, error:
"services failed to restart to refresh licenses."

RemoveLicense.exe Error:
can not get the license.
System.Exception: Certificate chain is invalid.
 at RemoveLegacyLicense.LegacyLicenseUtil.Verify(X509Certificate2 certificate)
 at RemoveLegacyLicense.LegacyLicenseUtil.GetLegacyLicenses()
 

Log Veiwer

"InvalidCertificateException: Certificate chain is invalid"
 
 

Cause

Microsoft released a critical update (KB 2661254) on August 14, 2012, that ends support for certificates using the RSA algorithm that has key lengths less than 1024 bits. Shorter keys have been deemed more vulnerable to brute force attacks due to continued advances in computer processing capabilities. After applying Microsoft’s update, all certificates with key lengths less than 1024 bits will be treated as invalid. Any application that calls into the operating system to validate the digital certificates will receive an invalid certificate response whereas previously it would pass the validation.

 

Resolution

Workaround:

  • Two options:
    1. use certutil.exe to set the lower limit of permitted RSA Public Key Lengths from 1024 bits to 512 bits:
      • certutil -setreg chain\minRSAPubKeyBitLength 512
    2. Uninstall Microsoft update (KB 2661254), and Restart the Server because the License will be only seen after restart.
  • and apply the licenses to Symantec Installation Manager.
  • Get new licenses from Symantec License portal.

 

Related KBs:

 

Title: Altiris IT Management Suite or Symantec-based Endpoint Management solutions may be affected - Microsoft Update (KB 2661254)

http://www.symantec.com/docs/TECH194869

 

 

 

Applies To

 

Symantec Management Platform 7.0, 7.1