Prevent Upgrade Failure: Remove Symantec CA Configurations Before Upgrading to SOTI MobiControl v2026.1.0
Summary
Related SOTI ONE Platform Products
Environment
SOTI MobiControl 2026.1.0.
Description
With the release of SOTI MobiControl v2026.1.0, support for Symantec Certificate Authority (CA) has been officially removed. To enforce this deprecation, the SOTI MobiControl installer validates each upgrade environment for the presence of Symantec CA configurations.
During the upgrade:
-
If Symantec CA references are detected, the installer will block the upgrade and display a pop-up message:
This validation ensures customers remove all Symantec CA dependencies before upgrading to v2026.1.0 or later.
Who May Be Impacted:
- Users currently using Symantec CA within SOTI MobiControl.
- Users with legacy profiles, enrollment policies, or global settings that still reference Symantec CA.
- Environments where Symantec CA was previously configured but never fully removed.
Solution: Required Pre-Upgrade Actions:
To proceed with the upgrade successfully, the user must remove all Symantec CA references from their SOTI MobiControl environment.
Follow the steps below to identify and clean up any remaining Symantec CA usage.
Step 1: Identify Symantec CA References
1. Navigate to the following path on your SOTI MobiControl server machine:
C:\ProgramData\SOTI\MobiControl\Installer\Log\Installation.log
2. Open the log file stored in this location.
3. Search the log file for "Symantec" entries.
4. Copy the list of locations where Symantec CA is still in use. These references could appear in:
- Profiles
- Enrollment Policies
- Certificate Authorities (CAs) in Global Settings
Step 2: Remove Symantec CA from Profiles
1. Open the SOTI MobiControl Console and navigate to Profiles.
2. For each profile that references Symantec CA, edit the profile.
3. Remove or replace the Symantec CA configuration with an alternate supported CA.
Note: If a WIFI payload exists, make sure to update the payload after updating the Certificate Payload, as the WIFI payload will default to a blank payload if it was using the previously removed certificate CA
4. Save and assign the updated profile.
5. Repeat for all profiles until no references to Symantec CA remain.
Step 3: Remove Symantec CA from Enrollment Policies
1. Navigate to Enrollment Policies in the SOTI MobiControl Console.
2. Open each policy that contains a Symantec CA reference.
3. Remove the Symantec CA configuration and reconfigure the policy with a supported CA.
4. Save and publish the updated enrollment policy.
5. Verify that the enrollment policy no longer depends on Symantec CA.
Step 4: Remove Symantec CA from Global Settings
1. Navigate to Global Settings → Certificate Authorities.
2. Locate the Symantec CA entry in the list.
3. Select the Symantec CA and delete it.
4. Confirm the deletion to ensure the Symantec CA is fully removed from your environment.
Step 5: Validate Cleanup
1. Perform the upgrade again to confirm that no Symantec CA references remain.
2. Ensure all profiles, enrollment policies, and CA entries are updated and saved.
3. Once no Symantec CA references are detected, proceed with the upgrade to v2026.1.0.
Next Steps:
- If the installer still detects Symantec CA during the upgrade process, repeat the cleanup steps above.
- Ensure you have fully migrated to a supported Certificate Authority before attempting the upgrade again.
Was this helpful?
Thanks for your feedback