Problem
Contact your software vendor for the most current version of their vendor daemon. The rules about FLEXlm version compatibility are summarized as: Version of lmutil/LMTOOLS must be = Version of lmgrd, which must be = Version of vendor daemon, which must be = Version of FLEXlm-licensed application, which must be = Version of license file.
What ports do you open when the License Key Server (LKS) is behind a firewalll or a NAT (Network Address Translator) server?
Symptom
The LKS is running correctly and the License Key Administrator displays licenses when started within a local network where the LKS is running.
When starting License Key Administrator outside the local network, it displays an error:
- No license features were found on server <server>. FLEXlm Error -96, Server node is down or not responding.
However, the ping and telnet tools return correct results when running them on a machine outside the local network:
% ping <license-server>
% telnet <license-server> 27000
When running the AppScan Enterprise Configuration Wizard behind the firewall, it displays the following error:
- The following license server had a validation error:
Server 'server_name', Port '27000' - Unable to validate server.
Verify the server information is correct and check that the
Rational License Server is running at that location.
This error shows often when you have the License Key Server installed in the local network where AppScan Enterprise Server is connected, and then you add a new Dynamic Analysis Scanner on a machine behind a firewall.
Cause
By default, the LKS manager (lmgrd) operates on port 27000. However, this is only one of the ports used by the license server. The LKS uses another port for the (ibmratl) vendor daemon, which needs to be open as well.
The vendor daemon (ibmratl) should get assigned a port in the 27001-27009 range; however, in some situations, it gets assigned a different number, for example 643.
Diagnosing The Problem
Run telnet from the machine behind the firewall to connect to the license vendor ports (ibmratl):
telnet <license-server> <port>
or run the portqry utility to see if you can connect to the vendor port:
portqry -n <license-server> -e <port>
where <port> is the specific port number for the 'ibmratl' or 'lmgrd' process
Resolving The Problem
To allow the traffic through the (network or Windows) firewall, the ports for the following servers:
- lmgrd (License server manager) and
- ibmratl (vendor daemon)
needs to be open to allow an inbound and outbound traffic (bidirectional, two-way communication).
- The port number for the lmgrd server is set to a static number 27000 by default.
- The ibmratl server by default should get a port number assigned from the 27001-27009 range, however in some specific cases it may be assigned from a different range. Then the best way is to set it to a static number, for example 27001, as described below.
Change port numbers using License Key Server GUI
If you have License Key Server version 8.1.4 or newer, you can change port numbers as follows:
- On the machine where the License Key Server is installed, start License Key Administrator with 'Run as Administrator'.
- Open the Settings > Server Ports... dialog.
- Set Port for 'lmgrd' to 27000
and Port for 'ibmratl' daemon to 27001 - Click OK
- Then open two bidirectional ports on the firewall (Windows or network):
- port 27000 for the lmgrd process
- port 27001 for the ibmratl daemon process
Change port numbers manually
- With an editor (e.g. notepad) open the LKS file that contains the SERVER and VENDOR line (rational_server_perm.dat or rational_server_temp.dat) and add port=27001 to the VENDOR line so the SERVER and VENDOR lines look like this:
SERVER <hostname> <hostid/disc_serial_num> 27000
VENDOR ibmratl port=27001
You will find the rational_server_perm.dat or rational_server_temp.dat files in the LKS installation folder (by default: C:Program Files (x86)IBMRationalRLKScommon).
You will need to have administrator permissions to save the file. - After the change to the rational_server files, restart the Windows service FLEXlm License Manager to get the changes into the License Server.
- Then open two bidirectional ports on the firewall (Windows or network):
- port 27000 for the license manager process
- port 27001 for the ibmratl daemon process
Note: VENDOR and DAEMON means the same to the LKS. Then this line:
VENDOR ibmratl port=27001
is equivalent to:
DAEMON ibmratl port=27001
Note: When running License Key Server version 8.0 or earlier, you need to specify the port number for the rational vendor as well:
VENDOR rational port=27002
In version 8.1.2 or later, the rational vendor is obsolete.
Note: If your license server is on a Linux or Unix platform, locate the *.dat license file and use a text editor to modify the daemon lines to look as folows:
SERVER <hostname> <hostid> 27000
DAEMON ibmratl /usr/local/flexlm/sun4_solaris2/ibmratl port=27001
DAEMON rational /usr/local/flexlm/sun4_solaris2/rational port=27002
Related information
Ports used by AppScan EnterprisePorts used by AppScan Source
Ports used by AppScan Standard
Product | Component | Platform | Version | Edition |
---|---|---|---|---|
IBM Security AppScan Source | Licensing | |||
IBM Security AppScan Standard | Licensing |