FlexNet Embedded Knowledge Base

This article documents the FlexNet Embedded release highlights introduced each year, starting from 2020 R3 (2020.07) to present: Release Description 2024.04: CLS + LLS Cloud Licensing Service + Local License Server When a partial request is not successful due to insufficient feature counts on the server, the response now includes the status “FEATURE_COUNT_INSUFFICIENT”. A new default cipher suite called SECURE_COMPATIBLE was introduced, which does not contain two ciphers which are now considered vulnerable. 2024.03: CLS + LLS Cloud Licensing Service + Local License Server When a client holds licenses for multiple features with differing expiration dates, the server now immediately releases the licenses when a feature’s expiration date is reached, instead of holding all licenses until the feature with the longest expiration date expires. Enhancement for user-based licensing: If licensing.allowDuplicateClients=true, instead of ignoring capability requests for metered features, the license server now serves metered features as per conventional capability request logic. Producers can now have their organization’s logo displayed in the FlexNet License Server Manager user interface. Early Notification: 32-bit local license server will be deprecated in a future release. 2024.02: CLS + LLS Cloud Licensing Service + Local License Server Removed check for java.exe in flexnet.ls  Resolved issue: local license server can now detect FLEXID9 and FLEXID10 dongle IDs Updated third-party components to address potential security issues Resolved issue in FlexNet License Server Manager, which now accepts a count of 0 for returning licenses Uploading a response file in FlexNet License Server  Manager no longer results in incorrect feature counts 2024.01: CLS + LLS Cloud Licensing Service + Local License Server Client hostids of type USER are now case insensitive. If the borrow interval for a feature is set to 0 in the license model, it is now correctly considered as  unlimited.  2023.11: CLS + LLS Cloud Licensing Service + Local License Server Output for the /hostid endpoint for the local license server now includes attribute information such as Physical, Builtin, and Removable, which can help license administrators identify and select the appropriate hostid for scenarios where they want to manually specify a hostid. Dongle libraries required for flexid9 and flexid10 hostids are no longer statically linked in the local license server. Resolved error with failover server. 2023.10: CLS + LLS Cloud Licensing Service + Local License Server Resolved issue that occurred when the preview response included the requestAll option Linux install script now creates flexnetsas directory under /var/tmp LLS no longer creates lock files in /tmp directory (Linux only) License Server Producer Guide now correctly lists flxBinary.jar (required to run the command-line tool backofficeofflinesynctool) as redistributable 2023.09: CLS + LLS + Client Kits Cloud Licensing Service + Local License Server New Help button in FlexNet License Server Manager to open documentation from within the application Resolved synchronization issue with failover server Client Kits Dongle libraries for flexid9 hostids no longer statically linked 2023.09 .NET Core client kit is now .NET Standard 2.0 compliant  FlexNet Embedded Client kits now offer support for the following platforms: Windows Server 2022 macOS 12 and 13 Nutanix AHV EverRun Resolved .Net Core 2.0 assembly issue Linking against virtualization detection add-on or VM UUI contrib no longer fails Incorrect system time no longer causing internal error  2023.08: CLS + LLS Cloud Licensing Service + Local License Server The new user role ROLE_OFFLINE enables producers to grant rights for handling offline endpoint activities to users who should not have full administrative privileges. Resolved pagination issue in License Server REST API for /users endpoint Offline request file no longer corrupted when empty JSON body is sent Resolved an issue with flexnetlsadmin.sh 2023.07: CLS + LLS Cloud Licensing Service + Local License Server Changes to feature overrides for a product can now be reflected on the relevant instance of the FlexNet Cloud Licensing Service. On Windows, producers can now customize the display name and description of the FlexNet Embedded local license server service.  An issue was resolved where a paginated REST query for usage records caused an exception if more than one page was available. 2023.06: CLS + LLS Cloud Licensing Service + Local License Server The new FlexNet License Server Manager enables license administrators to manage the FlexNet Embedded local license server and its license distribution using a browser-based interface. This new administration tool replaces the previous License Server Manager, which was deprecated in the 2022.11 release. 2023.05: CLS + LLS Cloud Licensing Service + Local License Server Introduced user-based licensing for producers who want to license software applications or services based on the number of users that can access or use them. Producers who use FlexNet Embedded in combination with FlexNet Operations as their back office can now limit or prohibit binding-break repairs on the local license server. Resolved issue around badly formatted hostids. 2023.03.01: LLS Local License Server Resolved issue with service shutdown mechanism 2023.03: CLS + LLS Cloud Licensing Service + Local License Server License server administrators can now use regular expressions when creating rules of access for license pools (previously referred to as “partitions”). Resolved time zone conversion issue for /features endpoint Posting model definition using flexnetlsadmin no longer fails Local License Server The performance of the local license server has been increased, which results in faster processing of capability requests. 2023.02: CLS + LLS Licensing Server The open source component Spring Boot has been updated to version 2.7.7.  The LatencyUtils package has been removed from the Micrometer component. Sending a capability request after mapping add-ons or features no longer results in a 503 error. 2023.01: CLS + LLS Licensing Server The response to the /access_request and /signed_access_request endpoints of the Cloud Monetization API (CMAPI) now includes the value of the Notice field.  In the license server REST API, a new query parameter includeUsageExpiry can return the date and time when a feature expires on the client.  The naming pattern for the access log file has changed. Using the max keyword in a partition which contains features of the same name but of different versions no longer results in unpredictable behavior. 2022.12: CLS + LLS Licensing Server If several features are available for checkout that only differ in their expiry date, the license server now serves the feature with the shortest expiry which also satisfies the borrow period. The install-systemd.sh install script can now be used to install a server certificate. The License Server Producer Guide includes a new appendix “Workflow Example for Producer-Defined Binding”, with step-by-step instructions to help producers set up binding on a local license server. Updated open-source components: commons-text Jackson databind logback Spring Boot Updated Swagger documentation 2022.11: CLS + LLS Licensing Server New keyword for feature partitions: Producers and license administrators can use the max keyword to limit the number of feature counts that a single user or device can consume. The API documentation for the local license server is now generated using SpringDoc (OpenAPI 3). 2022.10: CLS + LLS Licensing Server Calling the /partitions endpoint using GET now also returns partitions that contain no feature counts. A new property server.hostType.order enables producers to specify the order in which the local license server picks the hostid type. Client information returned by the flexnetlsadmin command -licenses -verbose is no longer truncated. 2022.09: CLS + LLS + Client Kits Licensing Server Preview requests no longer include orphans Resolved an issue where unsynced usages were deleted during synchronization LLS Linux install now honors an externally-specified JAVA_HOME or JRE_HOME variable Self-contained server is no longer supported and will no longer be shipped with the license server Client Kits Resolved an issue affecting secure anchoring on certain platforms Resolved an issue with calls to retrieve last server update time 2022.08: CLS + LLS Licensing Server The Cloud Monetization API (CMAPI) responses for the /access_request and /signed_access_request endpoints can now include the renewInterval field. Updated open-source component Spring Boot A new -restore-service-database command restores trusted storage at the service mode installation location (Linux). Resolved an issue with incorrect feature counts which could occur after a license server update. 2022.07: CLS + LLS Licensing Server Model definitions can now include partitions that have a feature count of 0. This enables producers to upload a model definition that functions as a template, which can be updated with feature counts at a later date. A new -restore-service-database command restores trusted storage at the service mode installation location (Windows only). 2022.06: CLS + LLS Cloud Licensing Service Cloud Monetization API enhancement: Capability requests sent to the /access_request or /signed_access_request endpoint support passing multiple values per key. This enables producers who use feature partitions to allocate licenses to users who belong to multiple groups. Updated open-source components Spring Boot and Liquibase Resolved issue with flexnetlsadmin’s -licenses command Resolved issue with /clients REST endpoint, which now correctly returns all current clients after synchronizing licensing information with the back office Local License Server Updated open-source components Liquibase and jackson-databind 2022.05: LLS Licensing Server Cloud Monetization API enhancement: Capability requests sent to the /access_request or /signed_access_request endpoint support passing multiple values per key. This enables producers who use feature partitions to allocate licenses to users who belong to multiple groups. Updated open-source component Spring Boot Resolved issue with flexnetlsadmin’s -licenses command Resolved issue with /clients REST endpoint, which now correctly returns all current clients after synchronizing licensing information with the back office 2022.04: CLS + LLS Licensing Server Support for Windows 11 2022.03: CLS + LLS Licensing Server Resolved an issue with preview requests using the RequestAll flag. The issue occurred when the license server was provisioned with multiple line items that had different expiry dates, where one of the line items had expired. Minimized blackout time during synchronization with back office Improved error message wording when --service-shutdown option is used for a license server running in a console window 2022.02: CLS + LLS + Client Kits Licensing Server Logging in the license server is now done with Logback, not log4j Added a new configuration property for cipher choice mechanism Resolved flexnetlsadmin communication issue with local license server when a .local URL is used Counts are now updated correctly when a client sends parallel requests to a Cloud Licensing Service instance Client Kits FlexNet Embedded Client kits now offer support for Microsoft Windows 11 platform Java XT TRA: Log4j 1 no longer bundled with tra-run.jar and tra-gen.jar .Net XT SDKs: Optimized GetFeatureCollection call to enable more efficient handling of capability responses containing large quantities of features C XT SDK: Optimized virtualization detection (Linux only) Identity update utility now includes container_id in types list Updated third-party components (OpenSSL, LibCurl) 2022.01: CLS + LLS Licensing Server FlexNet License Server Manager now available in the Product and License Center as a separate package Enhanced logic of distributing used feature counts in feature partitions Customers can now pass vendor dictionary values using the /preview_request API Resolved issue where used counts were not updated correctly if a client tried to renew licenses when the corresponding feature is part of a reactivated line item “rate-limit” setting no longer causes flexnetlsadmin command -licenses -verbose to fail Resolved issue where local license server could crash on installation 2021.12: CLS + LLS Licensing Server Allowed size of model definition for partitions has been increased to 900KB Increased performance of POST requests on /rules endpoint New /features/summaries endpoint returns a summary of available features, grouped by feature name Remodeled logic for returning used license counts to resolve issue of incorrectly calculated counts Resolved issue where preview requests and capability requests for features with overdraft counts were not working as expected Resolved issue with flexnetlsadmin’s -licenses option for uncapped metered features Resolved issue affecting the sorting of checkout filter features 2021.11: CLS + LLS Licensing Server A new directive “vendor string matches” enables license administrators to allocate feature counts to partitions based on variables specified in the vendor string. After use, feature counts are returned to their original partition. The /clients API no longer returns inconsistent results when queried with and without the hostid parameter 2021.10: CLS + LLS Licensing Server User-based reservations are now working as expected 2021.09: LLS + Client Kits Licensing Server New support for Ubuntu 20.04 LTS Reservations are no longer automatically converted to partitions, resolving a compatibility issue where the conversion of reservations into rules could lead to incorrect license counts in the resulting partitions References to Jackson-databind 2.2.3 have been removed from OfflineSync tools Resolved issue where licenses could be available for checkout from a cloned local license server Capability response utility capresponseutil now supports the optional parameter enterpriseId Client Kits References to Jackson-databind 2.2.3 have been removed from OfflineSync tools Resolved false-positive tamper detection issue 2021.07: CLS + LLS Licensing Server Producers can now disable the creation of access logs by setting server.accessLogPattern=none in producer-settings.xml. The wording of log entries for rejected capability requests has been improved. Entries now indicate when a request has been denied due to a feature partitions rule rejection. The response to a call of the /health endpoint now includes a new trustStatus property, which indicates whether a trust break has occurred. Resolved an issue where license counts in partitions were not correctly re-allocated after an updated model definition was uploaded to the license server. 2021.06: CLS + LLS Licensing Server New licensing.defaultTimeZone setting to configure the timezone the server uses to determine feature expiry date, start date, and issue dates Resolved license count handling when the reservation group or partition is deleted while the count is in use Resolved license count handling when reservation groups are deleted and recreated with different feature counts Fixed license leakage issue when feature counts change while features are checked out 2021.05: CLS + LLS + Client Kits Licensing Server Fixed OptimisticLockRefreshException error when adding a new reservation entry Failover synchronization issues have been resolved Increase in failover database size issue is fixed Third-party software modules have been upgraded Client Kits New support for macOS ARM Resolved calendar issues for Java XT kits C-XT kit no longer crashes if year exceeds 3001 on Windows platform Vulnerability CWE-327 addressed 2021.04: CLS + LLS Licensing Server Conditional operator support added to Feature Partitioning rules Resolved issue preventing reserved counts from being automatically renewed Fixed license count issue caused by reservations groups repeatedly being deleted/created Changed mechanism for local license server-FlexNet Operations HTTPS communciation 2021.03: CLS + LLS Licensing Server New streaming interface /clients and /features endpoints to query large client tables, hence improving the performance Resolved VMUUID detection issue on Google Compute Cloud (Windows only) for LLS The REST API /clients endpoint now returns the served clients when the borrow interval was set to 0s on both CLS and LLS Resolved time zone conversion issue for feature expiry on both CLS and LLS The issue with borrow granularity unit is now fixed 2021.02: CLS + LLS Licensing Server Support for JSON-format Logging on the Local License Server (LLS) Integration of LLS Logging with External Systems like Graylog, Elastic Stack Fixed the synchronization issue in failover scenario Improved performance for querying /clients endpoint for both LLS and CLS Fixed the trailing slash in JAVA_HOME system environment variable in LLS Correct version of OpenSSL reported in the LLS A number of third-party software modules used in the FlexNet License Server Manager have been upgraded. 2021.01: CLS + LLS Licensing Server New activeOnly query parameter has been introduced for /features endpoint for both CLS and LLS Return of counts for multiple activation IDs with identical expiry date issue has been fixed on CLS Resolved client expiry issues on CLS Support for PKCS #12 keystores in LLS Resolved VM_UUID detection issue on Google Compute Cloud for LLS Resolved MAC address issue related to hostid case sensitivity. 2020 R3 SP3 (2020.12): CLS + LLS + Client Kits Licensing Server License activation using REST API and .NET on both LLS and CLS Usage reports could show duplicate rows with a feature count value of zero for every checked in feature is fixed on CLS Enhanced the model definition upload using the /rules API for long list of hostids—containing 10,000 hostids on both LLS and CLS Used feature counts correctly returned to license pool after effective borrow interval expired Updated open source third party components and dependencies have been removed Resolved flexnetlsadmin to CLS communication issue Fixed the issue that caused error while running local license server(LLS) in console mode Client Kits Improved Cloud Platform detection which fixes the that occasionally detect and return an incorrect hostid value for VM_UUID Resolved VM_UUID detection issue on Google Compute Cloud Releasing of system resource 2020 R3 SP2 (2020.10): CLS + LLS + Client Kits Licensing Server Springfox-Swagger has been upgraded to version 2.9.2 in both LLS and CLS. This upgrade addresses potential security issues. Spring Boot has been upgraded to version 2.1.2 in both LLS and CLS to address potential security issues. Enhanced Logging Functionality on the Local License Server. A new logging style configuration parameter has been introduced for the LLS, to configure timestamp behaviour. Resolved below FlexNet License Server Administrator Issues “-reset” command resets the security.enabled policy back to its original default value set by the producer. “-licenses” command now returns correct feature count “-licenses -verbose” command now returns correct value for available counts A number of third-party software modules used in the FlexNet License Server Manager have been upgraded Client Kits Fix for potential memory leak (Linux XT only) 2020 R3 SP1 Hotfix (2020.07.1): CLS only Licensing Server Feature counts are now consumed from correct activation id. For metered features, counts could be consumed from an incorrect activation ID. This issue was due to a change in the sequence of returning used counts. Resolved Client Expiry Timer issue Fixed incorrect expiry date 2020 R3 (2020.07): CLS + LLS + Client Kits Licensing Server Feature Partitions The maxCount field now indicates how many counts of a feature are available, regardless of how many counts have been requested. The active hostid set using FlexNet License Server Manager or using the REST APIs now persists in the database. It is no longer necessary to reset it after a server reboot Improved FlexNet License Server Administrator Output Resolved REST API pagination issue CLS performance improvement Resolved server borrow interval issue Updated open source component Jackson Databind in FlexNet License Server Manager In the FlexNet License Server Manager user interface added new Start Date column and New Device Alias column Client Kits Identical Correlation ID generation issue has been addressed (C XT SDKs only) Resolved issue related to connecting to server via proxy (C XT SDKs on macOS only). Resolved issues with redirected URLs (.NET XT SDKs only). Amazon AWS EC2 detection no longer causes XT client crashes (XT SDKs only)

The new FlexNet License Server Manager enables license administrators to manage the FlexNet Embedded local license server and its license distribution using a browser-based interface. This new administration tool replaces the previous License Server Manager, which was deprecated in the 2022.11 release. This tool is provided as a separate package, called: FlexnetLicenseServerManager-<version>.zip The package is a Docker container which holds the image: revenera/flsm:<version> Producers can download the FlexNet License Server Manager, along with the FlexNet Embedded Local License Server, from the Flexera/Revenera Product and License Center. Producers can then make the FlexNet License Server Manager available to their customers. End users can download the latest version of FlexNet License Server Manager here: FlexNet License Server Manager NOTE: Only the latest version of the FlexNet License Server Manager will be available for download. For prior versions, you must contact your software producer. If you require any assistance with the FlexNet License Server Manager, you must contact your software producer. Revenera does not provide end user support for this utility.  To view documentation for FlexNet License Server Manager, see the FlexNet License Server Manager Guide on docs.revenera.com.  

Symptoms: While calling LicensingFactory.GetLicensing() method gives SessionException  which looks like below. Tamper detected: IHRfX3VUNUZNOHVGaHRIdUFqNHQzUHcxd3FmY2xFOCAgZmFsc2UgeyBbInRfXzRFd3drclhVY2JHS1d1Rm9MQXN0MkZCSUY1USJdID0gdHJ1ZSxbInZpc3VhbF9zdHVkaW8iXSA9IHRydWUsWyJ0X19hbXpxOUJvdzIxTmxIRXNKUnZZTkpMVXk1SXMiXSA9IDFoOGUzRVVISXNnaE51dW StackTrace: FlxDotNetClient.SvcSessionException: MID=0, SID=0, EID=6: Tamper detected: IHRfX3VUNUZNOHVGaHRIdUFqNHQzUHcxd3FmY2xFOCAgZmFsc2UgeyBbInRfXzRFd3drclhVY2JHS1d1Rm9MQXN0MkZCSUY1USJdID0gdHJ1ZSxbInZpc3VhbF9zdHVkaW8iXSA9IHRydWUsWyJ0X19hbXpxOUJvdzIxTmxIRXNKUnZZTkpMVXk1SXMiXSA9IDFoOGUzRVVISXNnaE51dWZZaUY1aDJGdXM4LH0g ---> FlxClientCommon.SessionException: MID=0, SID=0, EID=6: Tamper detected: IHRfX3VUNUZNOHVGaHRIdUFqNHQzUHcxd3FmY2xFOCAgZmFsc2UgeyBbInRfXzRFd3drclhVY2JHS1d1Rm9MQXN0MkZCSUY1USJdID0gdHJ1ZSxbInZpc3VhbF9zdHVkaW8iXSA9IHRydWUsWyJ0X19hbXpxOUJvdzIxTmxIRXNKUnZZTkpMVXk1SXMiXSA9IDFoOGUzRVVISXNnaE51dWZZaUY1aDJGdXM4LH0g at Z.c42b7e595b624b067271ba80492e113a7.c78c4293b94c9379b23066a8444b66e56(UInt16& c1e7cda42c1344f35746723eda06c39c9, Byte[] c306c26e632118e6bc1a0485b6d29b40c) --- End of inner exception stack trace --- at Z.c42b7e595b624b067271ba80492e113a7.c78c4293b94c9379b23066a8444b66e56(UInt16& c1e7cda42c1344f35746723eda06c39c9, Byte[] c306c26e632118e6bc1a0485b6d29b40c) at FlxLicensingClient.Error.Initialize() at (cf5874f1fbfa57a7f6f6a3aad40bc9270 ) at FlxDotNetClient.LicensingFactory.GetLicensing(ILicensingOptions licensingOptions) Diagnosis: It has been found that this error occurs mostly in the cases where client machine is missing certificates or its trusted root certificate chain is broken and hence signature of FlxCore.dll/FlxCore64.dll doesn't gets verified. This can be checked by running Microsoft's tool signtool with the "verify /pa" option from command prompt (For example: signtool verify /pa FlxCore64.dll). Running this should produce system error.   Solution: 1. Try running windows update or apply the pending windows patches and reboot the system. This should rebuild the certificate chain of system. 2. Verify again the certificate chain by running signtool verify /pa FlxCore64.dll and this should pass. 3. If still you are getting Tamper detected: FlxDotNetClient.SvcSessionException: MID=0, SID=0, EID=6 error, then it may need further debugging, so please reach out to support.   Additional Information: In Certain machines it is found that, the FlxCore64.dll code signing certificate is not being trusted or added automatically to Machine trusted certificate store causing the error. In such cases, you can right click the dll  go to properties Digital Signatures and export the certs in Base 64 encoded X.509 (CER) format and then install to the local machine store to resolve the issue.

Question How to change the flexnetlsw.wrapper.log location of LLS which currently defaults to the location <LLS_INSTALLATION_DIRECTORY>\server\logs? Answer Wrapper logs come from default tomcat of LLS which is in embedded mode and there isn't a direct way to change it as the logfile is under the control of flexnetls.bat (flexnetlsw.exe). However one can  workaround this by modifying the logpath i.e  "<logpath>%BASE%\logs</logpath> " present in flexnetlsw.xml file located in the server directory. The server install process generates this flexnetlsw.xml file. So, while doing the above change make sure you do not change anything else in this file. CAUTION: 1)After doing uninstall/reinstall, you need to make sure that the changes are made again as reinstallation may reset this config file. 2) If you remove the line <logpath>%BASE%\logs</logpath>, the log flexnetlsw.wrapper.log, will stop writing.

Introduction This article covers the steps to change the Local License Server (LLS) default windows "Service name" and  "Display name" partially without impacting other functionalities of LLS.  Using these steps customer can change the service name of LLS as per their company policy. The default LLS "Service name" is "FNLS-<publisher_name>" and default "Display name" is "FlexNet License Server - <publisher_name>.  This article is applicable to LLS versions earlier than 2023.07. Instructions To rename the LLS Windows Service name and Display name, the two files pre-install.vbs and flexnetls.bat present in server folder  of LLS package needs to be modified as mentioned in following steps before doing installation: Open the file pre-install.vbs  and update the  value of "idNode.text" as desired Service name and nameNode.text value as desired Service Display name. In this use case  default Service name will be modified to "ReveneraTest-<publisher_name>" and Display Name to "Test LicenseServer Modified_DispName - <publisher_name>"  by updating values of idNode.text and nameNode.text respectively as shown in below screenshot. Open the file flexnetls.bat and update the value of tag "SET SERVICE_NAME=" to the same name which was set in Step 1 for iNode.text. For example, see below screenshot.   After performing above two steps, now one can use flexnetls.bat to install the LLS service with modified Service name and Display name and then can verify the changes from Windows services. More Information The <publisher_name> gets replaced with the publisher value present in producer-settings.xml using substitution variables and it is not recommended to  modify the publisher name as impacts are unknown. This is not documented officially in LLS help guide as of 2023.06 release as this name change is not tested end to end at our end. And if customer choses to modify the service, an end to end test is needed at customer end with the their own use cases. For service name change later to 2023.07 release of LLS please see LLS help guide section "Editing the Local License Server Service Name and Description (Windows Only)"

Question:  What is the error  "Host's UUID does not match expected UUID for that host ID" means  while trying to activate Licenses  from FlexNet Operations  and in what scenario this error will be reported. Answer:  This is an investigation of possible scenarios that could result in the error that is being seen where the UUID of the server is not matching the record within FNOC. A customer is reporting that they see more and more of this issue, the server sends a request to the back office but gets a response that, when processed, results in an error that the UUID does not match. This would indicate that the record that FNO has for the server, where the UUID is contained, is somehow different from the UUID contained in the server DB. Generally, the flow is, the server sends a request to FNO and if the request does not contain a UUID then FNO will create one and send it back in the response. The server will process this into the TS and it will be used in subsequent requests to the back office. If the request already contains a UUID but there is no record of the Hostid in FNO then the record for the Hostid will be created with the UUID in the request, rather than a new one generated. Why is the UUID of the server changing? To answer this we need to look at possible scenarios and see how this could possibly happen: The server is using both a UAT and Production back office. It is possible that the server has activated a license from a UAT FNO during some testing period. In this case, a UUID will be generated in the DB of the UAT FNO and returned back to the TS of the license server. If the server TS is then removed and the server now talks to the production FNO, this will also generate a UUID that will be returned back to the TS of the license server. If the license server then talks to UAT again, we will get the issue. This scenario does not seem likely for a production system, i.e. the likelihood of a customer machine talking to both UAT and Production Back offices. The server has been cloned. Another possibility is that the customer is cloning the host of the server in such a way that there are 2 license servers running that have the same hostid and both are talking to FNO. It is possible that the first instance of the server has a UUID that FNO currently has in its DB. The server is then obsoleted in FNO removing that record and a new server is started on a clone of that first host. This will then get a new UUID. If the first server comes along with its original UUID, then we will get the error. The hostid changes on the server. There are occasions where the hostid of the server will change. This is due to which network card is actually being used by the server. For example, if the server is a laptop that is docked in a docking station and is using the docking station MAC address, then the MAC address could possibly change when the laptop is undocked, i.e. it will use the inbuilt WiFi card for the MAC address. In this instance, the capability request being sent to the server will contain a UUID that does not match the hostid that is stored in the FNO DB. The mitigation to this is to set the ACTIVE_HOSTID value in the startup script so that it points at the network adapter that is always there, the WiFi adapter for example. Please note, these are the scenarios that we are aware of, there may be other scenarios that are not as apparent. How to resolve the issue? For the first 2 scenarios listed the simplest way to resolve is to clear the server TS and allow the server to perform a capability request/response with the Back Office. This should cause the correct UUID to be assigned to the server TS. Please note, in scenario 2 the clone detected flag will most likely also be displayed due to the time stamps on the cap requests/responses. For the 3rd scenario, the mitigation is, as already mentioned, to set the ACTIVE_HOSTID so that it is always using the same hostid.

Question When we do system restart to load license module, following error occurs: Licensing exception: Internal error: Error in FNE protocol: PosixMutexImpl::PosixMutexImpl: Could not verify lockfile directory access rights: No such file or directory.   What is causing this error and how to avoid it? Answer The error "Could not verify lockfile directory access rights" indicates that your application do not have read/write access to /tmp directory to read the mutex of FNE application. Under the temp directory you will see files starting from "fne.*". These files are needed by FNE application to run. If you think your application have read/write permission under /tmp then its possible that due to some other reason those files are somehow not being loaded. So to fix the issue, please delete those mutex files and restart the application. Doing so will create new mutex files.

Summary A vulnerability identified as CVE-2021-44228 has been reported in the Apache Log4j library. This vulnerability may allow for remote code execution in susceptible products. Problem Description Upon analysis, CVE-2021-44228 has been determined to impact the optional FlexNet License Server Manager (FLSM) component packaged with the FlexNet Embedded local license server. Resolution Revenera has provided a FlexNet Embedded 2021.12 local license server that does not contain the FlexNet License Server Manager component. This updated package is available for download on the Product and License Center. A separate FlexNet License Server Manager (FLSM) package that does not use the vulnerable Log4j component is available for download from the Product and License Center. The package files are: For Windows For Linux flexnet-flsm-windows-2021.12.2.zip flexnet-flsm-linux-2021.12.2.tar.gz Workaround We advise customers to temporarily cease using the FlexNet License Server Manager until the new package is available. However, customers who wish to continue using the FlexNet License Server Manager may mitigate risk by including Dlog4j2.formatMsgNoLookups=true to JAVA_OPTS environment variable in Tomcat CATALINA_HOME/bin  directory: Operating System Directions Windows Edit setenv.bat and append "-Dlog4j2.formatMsgNoLookups=true" if exists. If it doesn't exist, create new file and add set JAVA_OPTS="-Dlog4j2.formatMsgNoLookups=true" Linux Edit setenv.sh in CATALINA_HOME/bin and append "-Dlog4j2.formatMsgNoLookups=true" if exists If this doesn't exist, create a new file and add export JAVA_OPTS="-Dlog4j2.formatMsgNoLookups=true" Additional Information CVE Definition: https://nvd.nist.gov/vuln/detail/CVE-2021-44228 Expanded CVE Definition: https://www.cve.org/CVERecord?id=CVE-2021-44228 Apache Security Site for CVE severity, score, and vector string: https://logging.apache.org/log4j/2.x/security.html

When running one of FNE XT Kits on an older unpatched version of Windows we have seen several incidents where our tamper detection mechanism is triggered, resulting in the inability to run the software. For example, running the capability request example from the 2022.02 release of 64bt C XT kit on a Windows 7 64bit machine that is currently not connected to the network results in the following error: C:\Users\testuser\Documents\flexnet_client-xt-c-x64_windows-2022.02.0\build\capabilityrequest\x64\Debug>capabilityrequest.exe -server http://192.168.0.149:7070/fne/bin/capability ERROR: creating licensing object: Internal error:   1201:516, MID=0, SID=0, EID=6,   Tamper detected: IHRfX1RJcEFSM3ZiV0VsRVNWcENlUmVzNWxEQVAySSAgZmFsc2UgeyBbInZpc 3VhbF9zdHVkaW8iXSA9IHRydWUsWyJ0X19vQTFTWWhQdjE1MDN5Z0FNb0FFd3JjVEozRSJdID0gdHJ1Z SxbInRfX1JtenBFWVlUZ3pDMjNMdElMTHEzeHZ1QSJdID0geEhhQXRJemtWbTBZcTRCRUdJZ2hqb1NRR UksfSA=  

Question: What are all the possibilities of getting "Virtual clients are not supported" while activating a license on a Virtual machine? Answer:  There can be many reasons for activation failure with this error however always good to check the following points for possible solutions 1. First check the license model policy under the Virtualization policy setting for Allowing activation on a Virtual machine set No then update to Yes. By default Yes,  2. Make sure VM Detection enabled in the client kit, for example from the demo .NET kit 3. Also check system -> configure -> Embedded Devices -> under "Capability Request handling" -> Prohibit Virtual Hosts should not be selected. 

Question: While trying to start LLS services windows reported the error "Error 1067: The process terminated unexpectedly". What does this error mean and how to fix it? Answer: The  error 1067 is windows error and  occurs mainly due to faulty windows services, or corrupted settings of that particular service.  There can be many possible reason of service corruption, and the solution may vary based on the cause, but its always good to check the following points for possible solution: 1. Check the Windows environment variables  are in line with what is needed for LLS and properly set. For example in the following scenario the given error was reported. At LLS JVM default -Xms and -Xmx value is 2GB set and these values can be found in flexnetlsw.xml file present under server directory of LLS. It was found that in the LLS machine there was a system environment variable  _JAVA_OPTIONS: -Xmx1g was set which was overriding the -Xmx value set at flexnetlsw.xml. Since the override value 1gb is less than -Xms value of LLS, the LLS was not starting and reporting the error. For JVM  Xmx value should not be less than Xms value. 2.  Check the windows event logs for more information on the probable cause of the error. 3.  Rebuild the services Delete the existing LLS service from windows registry after taking its backup from the location "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services".                  NOTE: Backup is nothing but export of the service. Reboot the machine  Export the service from a machine where the services are working fine, and then import it in non working machine.    

Symptoms:  Setting up a FlexNet Embedded local license server seems to be broadcasting, UDP messages on port 1947 Diagnosis: HASP APIs, which were embedded as a third-party vendor in the FlexNet Embedded local license server, are broadcasting UDP messages on port 1947. Solution: Workaround for Windows platform: As a user with Administrator permissions, execute the attached BroadcastSearch.bat script on the machine that is running your FlexNet Embedded local license server. On this same machine, copy the vendor-ID-named file, hasp_61320.ini (created by the BroadcastSearch.bat script), to the system Network Service directory for Sentinel LDK. Use these steps:        a. Copy the file from this location: C:\Users\xxxUser\AppData\Local\SafeNet Sentinel\Sentinel LDK\hasp_61320.ini        b. Paste it in this location: C:\Windows\ServiceProfiles\NetworkService\AppData\Local\SafeNet Sentinel\Sentinel LDK Note: The file required for this solution is hasp_61320.ini, not hasplm.ini.  The content of hasp_61320.ini should include broadcastsearch = 0. Restart the FlexNet Embedded Local License Server Workaround for Linux platform: As a user with root/sudo privileges, execute the attached BroadcastSearch.sh script.  Copy the vendor-ID-named file, hasp_61320.ini (created by the BroadcastSearch.bat script) to the following directory: /home/flexnetls/.hasplm/ Restart the FlexNet Embedded Local License Server, which is invoked by user "flexnetls". This solution has helped stop unnecessary broadcasting while still enabling product licensing.  

Question:  While trying to load licenses or response.bin file into LLS, error "LFS Feature mixes concurrent and metered models" was reported  in LLS logs as shown in following screenshot. What does this error mean? Answer:  The given error message is seen when we try to load a feature say (F1), which is linked to both concurrent and metered license model. LLS doesn’t allow/support this type of operation.  For better understanding, use below steps to replicate the behavior: Create a Product(P1) with feature (F1), version 1.0 and link it to a concurrent (which is not metered) license model. Create another Product(P2) with same feature (F1), version 1.0 and link it to a metered license model. Create an entitlement line item with product (P1) and another line item with product(P2). Now map the above two line items to LLS Device in FlexNet Operations. Download the license bin file from the FNO and now try to load them at LLS to see the error.

Symptoms: Running LLS admin utility flexnetlsadmin.bat, the LLS gives on screen error "glsErr.serverNotFound" as shown in below screenshot although LLS is up and running fine and have valid licenses in it's TS. Diagnosis: It's observed that in few cases or in few machines when a user executes the flexnetlasadmin utility as shown in above screenshot, LLS reports below detailed error logs in flexnetls.log 17:39:08,393 ERROR - Unknown server instance : health 17:39:08,406 INFO - handleResourceNotFoundException Unable to process request:Server instance not found: health 17:39:22,876 INFO - Unknown server instance (cached as bad) : health 17:39:22,876 INFO - handleResourceNotFoundException Unable to process request:Server instance not found: health The above errors were reported because LLS was trying to access the LLS instance ID, which was not available or was not correct. It was found that in those problematic machines, FLEXNETLS_BASEURL was configured wrongly in the system environment variables. Solution: Fix the system environment variable for FLEXNETLS_BASEURL and the correct format should be like below. FLEXNETLS_BASEURL=http://localhost:7070/api/1.0/instances/~

Symptoms: When installing the LLS as a service using the 'Network Service' account. It's  been observed that some flavors of Windows do not have the privilege to write into  windows event log and produces errors. Diagnosis: Its necessary to run LLS with elevated permissions so that it has the access to windows registry and events, but some organization doesn't have this policy which makes LLS to run into these errors and eventually stop running. 2018-10-22 10:20:09,670 INFO - Starting C:\Program Files\Java\jdk1.8.0_281\jre\bin\java.exe -Xms1g -Xmx1g -XX:MetaspaceSize=256m -XX:+UseG1GC -XX:NewRatio=3 -XX:MaxGCPauseMillis=75 -XX:G1HeapWastePercent=10 -XX:InitiatingHeapOccupancyPercent=75 -XX:+CMSScavengeBeforeRemark -XX:+ScavengeBeforeFullGC -jar flexnetls.jar -service -producer-settings producer-settings.xml -port 7070 2018-10-22 10:20:10,655 INFO - Started 2978 2018-10-22 10:21:13,930 ERROR - Failed to log event in Windows Event Log. Reason: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. To create the source, you need permission to read all event logs to make sure that the new source name is unique. Inaccessible logs: Security. at System.Diagnostics.EventLog.FindSourceRegistration(String source, String machineName, Boolean readOnly, Boolean wantToCreate) at System.Diagnostics.EventLog.SourceExists(String source, String machineName, Boolean wantToCreate) at System.Diagnostics.EventLogInternal.VerifyAndCreateSource(String sourceName, String currentMachineName) at System.Diagnostics.EventLogInternal.WriteEntry(String message, EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData) at System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType type) at winsw.WrapperService.LogEvent(String message, EventLogEntryType type   Solution:  You can try to follow below work-around: Open the Windows Registry Editor Navigate/expand to the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security Right click on this entry and select Permissions Add the Network Service user Give it Read permission If above doesn't help, run the LLS with elevated permissions and adjust the group policies in place for the Network User.

Symptoms: While checking out licenses from CLS the error "Features are not available due to a rule rejection" is observed. Diagnosis: This error is possibly due to the mismatch on the parameter on which the request sent to the CLS to checkout licenses than the already available rules/model/feature selectors at CLS. This means if the request doesn't contain the feature selectors that is already available at CLS, then you may receive this error. One can verify the current existing rules against a CLS instance by sending the GET calls against /rules endpoint. For example: https://flexXXXX.compliance.flexnetoperations/api/1.0/instances/<CLS_ID>/rules Solution: One need to update the rules first on CLS, on which the license checkout is expected. The rule update can be done by sending a model update POST call against /rule endpoint. Following is a sample request body which defines rules to checkout licenses only on specific hosts.     model "test" { on hostid("Test1223+","gkasgfkA2124") { use "default" accept } on any() { deny } } For more information on /rules POST call, see the LicenseServer Producer Guide.   NOTE:  Feature Selectors and feature partition should not be used at the same time, as it may produce unexpected errors. This is noted in the License server producer guide under the section "Limitations of Partitions".    

Problem:  When using OpenJDK version 11.0.11_9, already we have set the JAVA_HOME and JRE_HOME in the system Environment variables and tried to install a local license server on a client's machine but received this error: "Publisher must be set" how to resolve this error?.  Solution:  As per the document License Server Administration Guide  The point we should read carefully would be "Ensure that this path does not include a trailing character, such as a slash or space" even though the environment variable is set already.  For example JAVA_HOME=C:\Java\jdk11.0.11_9\ Then remove the trailing character slash and set JAVA_HOME=C:\Java\jdk11.0.11_9 and Set %JAVA_HOME%\bin in the path variable as well, then this will fix the error. 

This article is an extension of the Log4j security advisory and serves to consolidate impact and mitigation details of related Log4j vulnerabilities with regards to FlexNet Embedded.  FlexNet Embedded Product Assessment: Component CVE Potential Exposure Fixed Version Mitigation Resources FlexNet Embedded License Server Manager CVE-2021-44228 Yes (2020.10 or later) 2021.12.2 KB article   CVE-2021-45046 Yes (2020.10 or later) 2021.12.2 KB article   CVE-2021-45105 Yes (2020.10 or later) 2021.12.2 KB article   CVE-2021-44832 No N/A N/A   CVE-2021-4104 No N/A N/A   CVE-2019-17571 No N/A N/A   CVE-2022-23302 No N/A N/A   CVE-2022-23305  No N/A N/A   CVE-2022-23307  No N/A N/A   CVE-2020-9493 No N/A N/A   CVE-2020-9488 No N/A N/A FlexNet Embedded License Server CVE-2021-44228 No N/A N/A   CVE-2021-45046 No N/A N/A   CVE-2021-45105 No N/A N/A   CVE-2021-4104 Yes  N/A KB article   CVE-2019-17571 No N/A KB article   CVE-2022-23302  Yes  N/A KB article   CVE-2022-23305  Yes  N/A KB article   CVE-2022-23307 No N/A N/A   CVE-2020-9493 No N/A N/A   CVE-2020-9488 Yes  N/A KB article FlexNet Embedded SDK CVE-2021-44228 No N/A N/A   CVE-2021-45046 No N/A N/A   CVE-2021-45105 No N/A N/A   CVE-2021-4104 No N/A N/A   CVE-2019-17571 No N/A N/A   CVE-2022-23302 No N/A N/A   CVE-2022-23305 No N/A N/A   CVE-2022-23307 No N/A N/A   CVE-2020-9493 No N/A N/A   CVE-2020-9488 No N/A N/A  

Summary: A vulnerability identified as CVE-2021-4104 has been reported in the Apache Log4j library. Related vulnerabilities have also been identified as CVE-2022-23302, CVE-2022-23305, and CVE-2020-9488. This article addresses all three vulnerabilities.  Description: The Apache Log4j vulnerability referenced by the CVE identifier CVE-2021-4104 does not affect the License Server in its default behavior. This issue only affects if the license server logging is integrated with external systems using Log4J Socket Appender.  This integration is described in the License Server Producer Guide (Appendix E) and the License Server Administration Guide (Appendix D), under the section "Integration of License Server Logging With External Systems."  NOTE: The license server is not configured to use this class as default, hence the license server is not affected by the vulnerabilities by default. Similarly, CVE-2022-23302, CVE-2022-23305, and CVE-2020-9488 do not affect the License Server in its default configuration. Resolution: Refrain from using Log4J Socket Appender as an external logging mechanism. Additional Information: CVE Definition: https://nvd.nist.gov/vuln/detail/CVE-2021-4104 Expanded CVE Definition: https://www.cve.org/CVERecord?id=CVE-2021-4104 CVE Definition: https://nvd.nist.gov/vuln/detail/CVE-2022-23302 Expanded CVE Definition: https://www.cve.org/CVERecord?id=CVE-2022-23302 CVE Definition: https://nvd.nist.gov/vuln/detail/CVE-2022-23305 Expanded CVE Definition: https://www.cve.org/CVERecord?id=CVE-2022-23305 CVE Definition: https://nvd.nist.gov/vuln/detail/CVE-2020-9488 Expanded CVE Definition: https://www.cve.org/CVERecord?id=CVE-2020-9488

Summary Process for adding a new platform to FlexNet Embedded by applying new Publisher/Platform keys to the "Publisher Identity Utility". Synopsis If a customer is sent new license (platform) keys from Revenera and the only purpose for them is to add additional platforms to FlexNet Embedded (FNE), you do not need to create a new identity. Instead, you only need to update the existing identity. With older versions of FNO, this could be done directly via the UI. Newer versions of FlexNet Operations don't allow you to change vendor keys with existing identities directly. I.e., once you've created them, the vendor key fields are read only in the UI. So instead you need to export the identity, then modify it via the Publisher Identity Utility (pubidutil) from your toolkit (in the bin/tools directory). To do this, open the downloaded identity with pubidutil and then change the vendor keys (and ONLY the vendor keys). And then click "Finish" to save it. Note, this allows you to include the new platforms without changing the internal seed values, so your older clients compiled with the original identity will still work with the licenses generated using the updated identity (which just added more platforms) as well as licenses generated with the pre-upgraded identity. After it's saved, import the updated identity back to FlexNet Operations and you should be good to go. If you've inadvertently deleted your existing identity (and don't have a backup), you can create the identity again via the BackOfficeIdentity (which is where the internal seeds were originally generated). If you lost the BackOfficeIdentity, you're out of luck (unless you happen to have a backup of your database or some other means to get a copy of the original BackOfficeIdentity before you upgrade the identity to add new platforms with updated vendor keys). Discussion Following is the detailed set of instructions on updating an existing Identity with updated Publisher Keys : 1. In the Producer Portal select Administer / Identities, then select the identity that you have already created to View the Identity. 2. At the bottom of the View Identity page select "Binary File" to download and save the current Back Office Identity locally. The file name is IdentityBackOffice.bin. Make a local backup copy as you can always revert back if necessary. 3. Run the pubidutil tool located in the /bin/tools directory of any of the FNE SDKs. If you don't have this readily available, you can download the tool from the Product and License Center via FlexNet Licensing/FlexNet Embedded/FlexNet Embedded Licenses & Tools: 4. Select Browse under Back-Office Identity and browse to the IdenityBackOffice.bin saved in Step 2. 5. This will populate the UI with your existing keys & Identity Information (example shown below): 6. Update the Publisher Keys with the new keys you receive from Revenera. You can click "Check Keys" to make sure they were input correctly. It should respond with Expiration: Permanent. 7. Click Finish. Your IdentityBackOffice.bin has now been updated, you now need to upload this modified Identity in FlexNet Operations. 8. From the Producer Portal View Identity Screen select Edit this Identity. You should see the Update Identity menu shown below: 9. Select Choose File and browse to the location of the modified IdentityBackOffice.bin, followed by Save. You will receive a warning, select "I am sure" to complete. When you make an update to add additional platform support in this manner you will NOT affect any existing devices and requests from devices with the previous version of the identity will also work. 10. You can now download the client identities for use on platforms that were not previously enabled.