• Users are unable to remove a vSAN license key from a cluster through the vSphere Client interface.
• When attempting to remove or change the license, the system displays an error indicating the license is in use, even when vSAN services are not enabled on the cluster.
• Additionally, when trying to change the license, only the expired evaluation key may be available as an option.
• Removing from the vCenter Managed Object Browser (MOB) also fails.
• You cannot remove vSAN licenses from vCenter Server using the standard UI removal options, or the "Remove" button is not available in the licensing interface. When you attempt to remove licenses through the Managed Object Browser (MOB), the operation fails with errors such as "invalid input" referencing the entity ID. This occurs most commonly in Enhanced Linked Mode (ELM) environments after decommissioning vSAN clusters or removing vCenter Servers from the linked mode configuration.
• In some cases, evaluation licenses remain visible under vSAN Cluster licensing even after the associated infrastructure has been decommissioned. The licenses appear as orphaned entries that cannot be removed through normal procedures, preventing proper license inventory management and potentially causing compliance concerns.
• This issue affects both standard license entities and cluster-level license asset entities (the licensing footprint that tracks license assignments to clusters). These licensing footprints may persist in the vCenter LDAP database even after the associated cluster objects have been properly removed during decommissioning procedures.
  
  

Additional customer descriptions include:

• vSAN has been decommissioned and yet the vCenter is still showing it on the client which is causing usage issues.

• VMware vCenter Server 6.7 and later
• VMware vSAN license assigned to a cluster
• Clusters with or without vSAN services enabled
• Environments where vSAN was installed but later decomissioned
• Enhanced Linked Mode domains that used to include vCenter instances with vSAN enabled, but which have since been disconnected or decommissioned

This issue occurs due to a known limitation in the vSphere licensing management interface. When a vSAN license is applied to a cluster, it can create an entry in the LDAP directory service (vmdir) that cannot be removed through the standard vSphere Client interface, even if vSAN is not in use on that cluster.

The license information is stored in the VMware Directory Service (vmdir) database, and in some cases, the UI-based license management tools are unable to properly release or change the license assignment due to internal referential constraints.

During vSAN cluster decommissioning or Enhanced Linked Mode configuration changes, cluster-level license asset entities persist in the vCenter LDAP database after their associated cluster objects have been removed. These licensing footprint records maintain the asset-to-license relationship data in the LDAP licensing service, but become orphaned when the cluster they reference no longer exists. Standard license removal operations fail because the system cannot process removal requests for asset entities that reference non-existent cluster objects, resulting in invalid input errors when attempting MOB-based removal or missing UI removal options.

Note: Please use this procedure only if the license will not remove via the normal vCenter user interface, nor by the vCenter MOB.


To resolve this issue, you need to manually remove the license entry from the LDAP directory using the ldapdelete command-line utility on the vCenter Server:

1. First, identify the license key that needs to be removed through the vSphere Client:

   1. In the vSphere Client, navigate to Administration > Licensing > Assets

   2. Locate the cluster with the problematic vSAN license

   3. Note the license key and license ID (if visible) that needs to be removed

2. Create a powered-off snapshot of the vCenter Server VM before proceeding. If you have linked vCenters, create snapshots of them as well.

3. Connect to the vCenter Server VM using SSH and log in as the root user.

4. Use the ldapdelete command to remove the license entry:

   /opt/likewise/bin/ldapdelete -h localhost -D "cn=Administrator,cn=Users,dc=vsphere,dc=local" -W "cn=LicenseEntity_UUID,cn=LicenseService,cn=services,dc=vsphere,dc=local" -v
   

   Note: Replace "UUID" with the actual license ID of the vSAN license. Do not remove the character string "LicenseEntity_". Also, The domain components (dc=vsphere,dc=local) might be different in your environment, so make sure to use the correct domain components as used in your Administrator account login (i.e., [email protected]).

   Example: 

   /opt/likewise/bin/ldapdelete -h localhost -D "cn=Administrator,cn=Users,dc=mycompany,dc=local" -W "cn=LicenseEntity_abcdefg12345,cn=LicenseService,cn=services,dc=mycompany,dc=local" -v
   

    

5. When prompted, enter the [email protected] password.

6. Log out of the vSphere Client and log back in to see the changes reflected in the licensing section.

7. If you have linked vCenters, you only need to run the command on one vCenter. The changes will replicate to other linked vCenters within 2-3 minutes.
   
   

If the above steps are unsuccessful due to, for example, the cluster or license information being unavailable in the vSphere Client, the following method can be used to find the necessary information manually from an ldif export:

Prerequisites:

1. Create simultaneous offline (powered off) snapshots of all vCenter Servers in your Enhanced Linked Mode environment.
2. Verify you have administrator access to the vCenter Server.

Steps:

1. Log in to the vCenter Server Appliance shell as root.
2. Generate an LDAP export to identify the problematic entity:
   

   /opt/likewise/bin/ldapsearch -b "dc=vsphere,dc=local" -s sub -D "cn=Administrator,cn=Users,dc=vsphere,dc=local" -W > /tmp/$(hostname)_"`date +"%d-%m-%Y"`".ldif
   

3. Search the .ldif file for licensing-related entries using identifiers from your error message (such as entity IDs, license keys, or cluster names).
4. Identify the full Distinguished Name (DN) of the problematic entity. Common patterns include:
   - Asset entities: cn=AssetEntity_<identifier>,cn=LicenseService,cn=services,dc=vsphere,dc=local
   - License entities: cn=<license-key>,cn=LicenseService,cn=services,dc=vsphere,dc=local
   - Other licensing objects under the LicenseService branch
5. Remove the identified entity using ldapdelete with the exact DN found in step 4:
   

   /opt/likewise/bin/ldapdelete -h localhost -D "cn=Administrator,cn=Users,dc=vsphere,dc=local" -W "<full-DN-from-step-4>" -v
   

6. If the command fails, try moving the -W parameter to the end:
   

   /opt/likewise/bin/ldapdelete -h localhost -D "cn=Administrator,cn=Users,dc=vsphere,dc=local" "<full-DN-from-step-4>" -v -W

7. Verify the entity has been removed by checking the vSphere Client licensing interface.
8. If successful, remove the snapshots created in the prerequisites.

• If you need to roll back after running the command, revert to the snapshots created in step 2. If you have linked vCenters, you must revert all of them, not just the one where you ran the command.
• This procedure is generally safe to perform, but snapshots provide a necessary safety measure in case of unexpected issues.
• After removing the license, you can either leave the cluster without a vSAN license or assign a different license through the vSphere Client.