• When applying correct licenses to Symantec Installation Manager, gives error "services failed to restart to refresh licenses."
• Altiris services are restarted but License never gets updated.
• When executing RemoveLicense.exe, it gives error "can not get the license. System.Exception: Certificate chain is invalid."
• License are not getting updated even after performing Steps from the article: Remove Licenses from the Symantec Management Platform
• Log Viewer also populate with the Exception "InvalidCertificateException: Certificate chain is invalid"

Symantec Installation Manager, error:

"services failed to restart to refresh licenses."

RemoveLicense.exe Error:

can not get the license.
System.Exception: Certificate chain is invalid.
 at RemoveLegacyLicense.LegacyLicenseUtil.Verify(X509Certificate2 certificate)
 at RemoveLegacyLicense.LegacyLicenseUtil.GetLegacyLicenses()
 

Log Viewer Error:

"InvalidCertificateException: Certificate chain is invalid"
 
 

Microsoft released a critical update (KB 2661254) on August 14, 2012, that ends support for certificates using the RSA algorithm that has key lengths less than 1024 bits. Shorter keys have been deemed more vulnerable to brute force attacks due to continued advances in computer processing capabilities. After applying Microsoft’s update, all certificates with key lengths less than 1024 bits will be treated as invalid. Any application that calls into the operating system to validate the digital certificates will receive an invalid certificate response whereas previously it would pass the validation.

Workaround:

• Two options:
  1. use certutil.exe to set the lower limit of permitted RSA Public Key Lengths from 1024 bits to 512 bits:
     • certutil -setreg chain\minRSAPubKeyBitLength 512
  2. Uninstall Microsoft update (KB 2661254), and Restart the Server because the License will be only seen after restart.
• and apply the licenses to Symantec Installation Manager.
• Get new licenses from Symantec License portal.