After enrolling your Endpoint Protection Manager (SEPM) into Endpoint Security (SES) to utilize the additional features of SES, clients show the error "Content out of date and Intensive Protection disabled due to Licensing." in the SES Portal. The correct Symantec Endpoint Security Complete (SESC) license is applied already. 

SEPM enrolled into the SES cloud

SESC license is applied

Due to a certificate update, new enrollments or license updates may trigger clients to run into this issue.

The following error will be seen in the bridged SEPMs semapisrv_log*.log:

ERROR c.s.s.s.c.e.h.GlobalControllerExceptionHandler - EXCEPTION: Policy payload is not signed properly.
com.symantec.sepm.server.module.common.data.configobject.ValidationException: Policy payload is not signed properly.

This issue is currently being investigated and this document will be updated once the issue is resolved.