Flexera Software Community Knowledge Base

cancel
Showing results for 
Search instead for 
Did you mean: 
Knowledge Base Categories
Question: Why do EndUser/Portal User roles have Producer Portal permissions?   Answer:  End User permissions are dependent on Producer Portal permission.  Having Producer Portal permissions does not mean users (Customer Users) can access the Producer Portal.  Users with a Portal User role are limited to accessing the End User Portal.  Only Users with a Producer role may access the Producer Portal. For example for View Accounts to work for a Portal User the role needs the regular (Producer Portal) View Accounts permission and the End User Portal View Accounts permission.  
View full article
Question:  How does it work?   Answer: Flexera's Download Manager does not use either ActiveX control or Flash.   The Download Manger checks the Origin HTTP header and validates the security of the download URLs using JSON Web Token Authentication.  Flexera's Download Manager only works with FlexNet Operations. The Download Manager pre-allocates a temporary download file in the installed users Downloads folder. When the file is fully downloaded the temporary file is renamed and may be accessed by the user.    
View full article
When opening a case for FlexNet Operations Cloud, please provide the below information where possible.  Providing this information with your case will help shorten the time to a solution or answer. - URL of your tenant (for example:  https://flex1102-fno.flexnetoperations.com/flexnet/operations/) -  Environment (UAT or Production) -  Description of the problem or question.  What are you trying to accomplish?  What is your desired result? -  Steps to reproduce the problem.  Please provide specific examples. -  Any error messages.  If there are errors, screenshots that include the page URL are very helpful -  Web Service requests, please an example of the XML of the request and response received and the user  that submits the requests -  Reporter, please copy the report into the Shared folder and provide the name of the report
View full article
Summary Network Block or IP whitelist for FlexNet Operations Cloud Synopsis When configuring network security (firewall/proxy) rules customers may want to whitelist the IP addresses needed to connect to FlexNet Operations Cloud. Discussion We recommend whitelisting network blocks instead of individual IP addresses as our IP addresses can potentially change. The network blocks to whitelist are as follows. IPv4 Production/UAT:  64.14.29.0/24 Disaster Recovery:  64.27.162.0/24 IPv6 Production/UAT:  2620:122:f001:1163::/64 Disaster Recovery:  2620:122:f001:1163::1/128 These network blocks are not in use today, but could be used in the future... Production/UAT 162.244.220.0/24 Disaster Recovery 162.244.222.0/24
View full article
Question: Has older HASP (HASP4) dongle support removed from latest version of FNP toolkits? Answer: Starting 11.14.0 we have to enable support for the HASP4 dongles in the daemon configuration file ls_vendor.c (unsigned int ls_flexid9_hasp4_support = 1;) .  After doing that and ensuring that we build the toolkit with additional argument as DONGLE=1, with a clean build, we should be able to start the vendor daemon. 
View full article
Question: Over the years, our customers have had  issues with LSB-loader as described in FNP release documentations. Moreover,  on some recent Linux updates, such as SUSE Enterprise Linux 12, the LSB component is not offered as part of the supported distribution. Components in FlexNet Publisher, such as lmgrd, require the LSB-loader. If this is not present, lmgrd will fail to run with a 'file not found' error (FNP-11338, FNP- 11353) Answer: Starting FNP-11.14 tookit, The   install_fnp.sh   will now issue a warning if it detects LSB is not installed on the host: $ sudo ./install_fnp.sh ... Checking LSB compatibility... *** WARNING: 64-bit LSB packages not installed LSB compatibility checks complete ... FNP utilities will continue to give the   File not found   error. Supplying the   --nolsb   flag to the command will cause fake symlinks to be created to mimic the missing LSB installation: $ sudo ./install_fnp.sh --nolsb ... Checking LSB compatibility... *** WARNING: 64-bit LSB packages not installed Fix attempted by creating symlink for /lib64/ld-lsb-x86-64.so.3 LSB compatibility checks complete ... After which FNP utilities should run ok.
View full article
Summary A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe 11.16.2. Please see the Symptoms section for more details. If you do not distribute lmadmin to your customers, there is no further action on your part. If you do, you must distribute to those same customers the security update mentioned in the Resolution section of this article. This security vulnerability has been assigned the CVE ID number of CVE-2019-8960 . Symptoms The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination. Resolution The FlexNet Publisher 2019 R3 SP1 (11.16.5.1) addresses the security vulnerability and is available from Flexera’s Product and License Center.   We advise all FlexNet Publisher customers update lmadmin.exe to FlexNet Publisher 11.16.5.1.    
View full article
We have an expert team of professionals available to answer questions and to assist you with technical issues with Flexera products. To contact Flexera Support for technical issues, use our case portal by navigating to the top menu and click Get Support -> Open New Case. NOTE: The online case portal requires the user to be logged into the community and their community login to be associated with an account that has active maintenance. If you do not see this option, please use our phone support. You can contact Support by phone using the toll and toll-free options below. Toll-free numbers only work  within the countries they are listed under. North America* +1 630-332-2513 (toll) +1 877-279-2853 (toll-free in North America) Europe* +44 1925 944367 (toll) +44 800 047 8642 (toll-free in Europe) India* +61 1800 560 603 (toll) 000 800 040 2367 (toll-free in India) Japan +81 3-4540-5335 (select option 2) *Select Option 1 for Product Support or Option 2 for FlexNet Operations Cloud Business Critical Emergencies
View full article
Summary A Denial of Service vulnerability related to stack exhaustion has been identified in FlexNet Publisher lmadmin.exe 11.16.2. Please see the Symptoms section for more details. If you do not distribute lmadmin to your customers, there is no further action on your part. If you do, you must distribute to those same customers the security update mentioned in the Resolution section of this article. This security vulnerability has been assigned the CVE ID number of CVE-2019-8961 . Symptoms Because the message reading function calls itself recursively given a certain condition in the received message, an unauthenticated remote attacker can repeatedly send messages of that type to cause a stack exhaustion condition. Resolution The FlexNet Publisher 2019 R3 SP1 (11.16.5.1) addresses the security vulnerability and is available from Flexera’s Product and License Center.   We advise all FlexNet Publisher customers update lmadmin.exe to FlexNet Publisher 11.16.5.1.    
View full article
This article provides a Hotfix for InstallAnywhere 2018 SP1.
View full article
Question: ■ what is the hasp_rt.exe ? what is it for ? ■ and when exactly is it required ? ■ WHAT IS THE POINT OF HAVING HASP_RT.EXE ? our tests over a year shows that the dongle works without hasp_rt.exe. Can we skip it, if yes what are the consequences? Answer: 1) what is the hasp_rt.exe ? what is it for ? hasp_rt.exe is the External License Manager for the LDK 7.x or newer protected applications. It is mainly used to handle accessing of local Driverless keys (HL or SL). It will also be able to close any active sessions in case of an application crash. ■and when exactly is it required ? hasp_rt.exe is not technically required, as you could use either the Admin License Manager (hasplms.exe, included with drivers), or the Integrated License Manager (included internally inside of the LDK protected application). ■WHAT IS THE POINT OF HAVING HASP_RT.EXE ? our tests over a year shows that the dongle works without hasp_rt.exe. Can we skip it, if yes what are the consequences? Most times this file is needed if your Enveloped application may crash at exiting of the application. If your protected application is able to work fine without using this hasp_rt.exe, then that is fine too. Consequences for not including that hasp_rt.exe are mainly that you are limited to using either the Admin License Manager or the Internal License Manager. https://sentineltechsupport.gemalto.com/2013/10/ldk-7-0-integrated-license-manager/
View full article
Summary ISEXP: fatal error -7219: Failed to verify digital signature of <> Error -2147467259: Automation error Symptoms This build error usually occurs due to expired, corrupt or missing root certificates on your machine. ISDEV: fatal error -7210: Failed to verify digital signature ISDEV : fatal error -7219: Failed to verify digital signature of C:\Program Files\InstallShield\VERSION\System\IsUiServices.dll Cause The Build Machine Does Not Have Latest currently used root Certificates This is related to the operating system and is generally seen if building on an offline machine or a machine missing the latest root certificate update. Resolution Ensure your Windows Trusted root certificates are up to date: https://support.microsoft.com/en-gb/kb/293781 If your certificate has expired or become corrupted, verify if this is the case by right clicking on C:\Program Files (x86)\InstallShield\VERSION\System\ISUIServices.dll to view the properties - if there is a Warning triangle this needs to be updated replaced. The current certificate is VeriSign Class 3 Public Primary Certification Authority -G5 The certificate is no longer publicly downloadable from VeriSign Website, this particular site no longer exists, since they were aquired by Symantec. Workaround In order to obtain an updated certificate for this Goto https://www.websecurity.digicert.com/theme/roots Locate Root 3 Name: VeriSign Class 3 Public PCA - Generation 5 (G5) Serial Number: 18 da d1 9e 26 7d e8 bb 4a 21 58 cd cc 6b 3b 4a Operational Period: Tue, November 08, 2006 to Wed, July 16, 2036 Certificate SHA1 Fingerprint: 4e b6 d5 78 49 9b 1c cf 5f 58 1e ad 56 be 3d 9b 67 44 a5 e5 Change the extension to cer, double click on the file to open the certificate, and click the install button. You should install this certificate to the Trusted Root Certificate Authorities Store. Symantec SHA256 TimeStamping Signer Certificate - G1 Download and install the certificate at the below link: https://symantec.tbs-certificats.com/vsign-universal-root.cer Double click on the file to open the certificate and click the install button. You should install this certificate to the Trusted Root Certificate Authorities Store. Additional Information Symantec - Licensing and Use of Root Certificates https://www.symantec.com/page.jsp?id=roots See also: Windows 8 and Windows Server 2012: How to Open the Certificates Console http://social.technet.microsoft.com/wiki/contents/articles/11497.how-to-open-the-certificates-console-in-windows-8-and-windows-server-2012.aspx Related KB Articles Error -7210</>
View full article
Summary InstallShield digital signing feature uses a timestamp server from Symantec which is being decommissioned (more details here) and migrated to Digicert. Signing with new Digicert URL causes a breakage in Digital Signing Symptoms When signing an installer with SHA-256 digest, using the new Digicert server (http://timestamp.digicert.com), the resulting installer is signed by SHA-256 digest, but the counter signatures are signed with SHA1 due to an incorrect order in which InstallShield calls the signing APIs Affected InstallShield Versions InstallShield 2015 InstallShield 2016 InstallShield 2018 InstallShield 2019 All minor releases of the above releases included Resolution The issue is resolved in a hotfix that can be downloaded from this link. Please note that the hotfix is applicable on the latest service packs of above affected versions. After applying the hotfix, please update Settings.xml file in <InstallShield_InstallPath>/Support/0409 with new URLs Before: <DigitalSignature Timestamp="http://timestamp.verisign.com/scripts/timstamp.dll"/><DigitalSignature TimestampRFC3161="http://sha256timestamp.ws.symantec.com/sha256/timestamp"/> After: <DigitalSignature Timestamp="http://timestamp.digicert.com"/><DigitalSignature TimestampRFC3161="http://timestamp.digicert.com"/> Note: For Japanese, Settings.xml can be found at “<InstallShield_InstallPath>/Support/0411” Additional Information If there are any additional issues, please contact our  Technical Support team
View full article
Symptoms: InstallAnywhere digital signing feature uses a timestamp URL from Symantec which is being decommissioned (more details here) and migrated to Digicert. Signing with new Digicert URL causes a breakage in Digital Signing Diagnosis: When signing an installer with SHA-256 digest, using the new Digicert server (http://timestamp.digicert.com), the resulting installer is signed by SHA-256 digest, but the counter signatures are signed with SHA1 due to an incorrect order in which InstallAnywhere calls the signing APIs Affected InstallAnywhere Versions InstallAnywhere 2015 InstallAnywhere 2017 InstallAnywhere 2018 InstallAnywhere 2020 All minor releases of the above releases included Resolution The issue is resolved in a hotfix that can be downloaded from here. Please note that the hotfix is applicable on the latest service packs of above affected versions. Download and extract the contents of the file. Copy x86/IAWinDigiSign.exe to <IA_Install_Location>/resource/nativetools/windows Copy x64/IAWinDigiSign.exe to <IA_Install_Location>/resource/nativetools/windows64 After replacing the above files, in your InstallAnywhere project, navigate to Project à Platforms à Windows à Digital Signing and update the Timestamp server field to http://timestamp.digicert.com Additional Information If there are any additional issues, please contact our  Technical Support team  
View full article
Advanced UI and Suite/Advanced UI installations are bootstrap applications that package together installations and  InstallShield  prerequisites as a single installation while providing a unified, fully customizable user interface. They use a setup launcher ( Setup.exe ) to conditionally launch packages on target systems as needed. You can add msi/ism/pre-requisite as package to your main Suite application. Say the added msi has minor upgrade to get installed. Wondering why it is not working by default, here is the solution: Add the required msi package to your package with the required settings On clicking Package, you would be able to see a list of package settings There will be an option called Minor Upgrade Handling  which will be set to None by default You can set the same to Automatic if you want minor updates to happen if configured It can also be set to Ask the User if you want user to select this handling.
View full article
Summary When attempting to uninstall or install the InstallAnywhere product, a message displays that says, "This is an incomplete installation of InstallAnywhere [EditionNumber] Evaluation." Synopsis When attempting to uninstall or install the InstallAnywhere product, a message displays that says, "This is an incomplete installation of InstallAnywhere [InstallAnywhereVersion] Evaluation." Ex: "This is an incomplete installation of InstallAnywhere 2014 SP1 Evaluation" Ex: "This is an incomplete installation of InstallAnywhere 2017 Evaluation." Note: This same error message may also appear when building a project from the command-line.   Discussion To resolve the issue please view the following steps:   On a Windows machine, follow these steps: 1. In Windows Explorer, navigate to the following path: %USERPROFILE%\InstallAnywhere Note: The InstallAnywhere directory is a hidden directory. Make sure to enable hidden folders.   2. Locate and delete the appropriate version number folder that corresponds with your installed copy of InstallAnywhere:   For InstallAnywhere 2020 Delete the 200 directory For InstallAnywhere 2018 Delete the 190 directory For InstallAnywhere 2017 Delete the 180 directory For InstallAnywhere 2015 Delete the 170 directory For InstallAnywhere 2014 SP1 Delete the 165 directory For InstallAnywhere 2014 Delete the 160 directory For InstallAnywhere 2013 Delete the 150 directory For InstallAnywhere 2012 Delete the 140 directory For InstallAnywhere 2011 SP3 Delete the 125 directory For InstallAnywhere 2011, 2011 SP1, 2011 SP2 Delete the 120 directory For InstallAnywhere 2010 Service Pack 1 (SP1) Delete the 115 directory For InstallAnywhere 2010 Delete the 110 directory For InstallAnywhere 2009, 2009 SP1, and 2009 SP2 Delete the 100 directory For InstallAnywhere 2008 Value Pack 1 (VP1) Delete the 95 directory For InstallAnywhere 2008 Delete the 90 directory For InstallAnywhere 8.0 Delete the 80 directory Note: The folder will be re-created when the product is launched again. 3. Re-launch the InstallAnywhere product and re-register the product.   ------------------------------------------------------------------------------------------------------------------------------------------------------ On macOS/OS X, Linux-based, or Unix-based machines follow these steps:     1. From the command-line, change directories to the hidden .InstallAnywhere directory in the user's home directory (for the user that registered InstallAnywhere).   Note: The InstallAnywhere directory is a hidden directory. Make sure to enable hidden folders.   2. Locate and delete the appropriate version number folder that corresponds with your installed copy of InstallAnywhere:   For InstallAnywhere 2020 Delete the 200 directory For InstallAnywhere 2018 Delete the 190 directory For InstallAnywhere 2017 Delete the 180 directory For InstallAnywhere 2015 Delete the 170 directory For InstallAnywhere 2014 SP1 Delete the 165 directory For InstallAnywhere 2014 Delete the 160 directory For InstallAnywhere 2013 Delete the 150 directory For InstallAnywhere 2012 Delete the 140 directory For InstallAnywhere 2011 SP3 Delete the 125 directory For InstallAnywhere 2011, 2011 SP1, 2011 SP2 Delete the 120 directory For InstallAnywhere 2010 Service Pack 1 (SP1) Delete the 115 directory For InstallAnywhere 2010 Delete the 110 directory For InstallAnywhere 2009, 2009 SP1, and 2009 SP2 Delete the 100 directory For InstallAnywhere 2008 Value Pack 1 (VP1) Delete the 95 directory For InstallAnywhere 2008 Delete the 90 directory For InstallAnywhere 8.0 Delete the 80 directory   Note: The folder will be re-created when the product is launched again.   3. Re-launch the InstallAnywhere product and re-register the product.   Additional Information For information on registering the InstallAnywhere product, please view the related knowledge base articles: Licensing Overview for InstallAnywhere 2011 and Later How to Register InstallAnywhere (Versions 8.0 - 2010) If further assistance is needed, please contact Flexera Software Technical Support .
View full article
Description When  logging into Flexnet Connect On-Premise you may see the error in the attachment.  There is an problem with the version of Java that FNC installer is using, as this has outdated protocol support and seems to be causing the issue.   Resolution What you'll need to do is the following: 1. Download and install the latest Java SDK* from Oracle based on the FNC architecture you've installed, i.e. x86 or x64.  2. On your FNC machine, stop the 'FNC Connect 15:00' service. 3. In your FNC installation directory, rename '_jvm' folder. 4. Create a new '_jvm' folder. 5. Open up the Java SDK and copy the contents from 'C:\Program Files\Java\jdk1.8.0_231' folder into the '_jvm' folder. 6. Start the 'FNC Connect 15:00' service again. 7. Now update the instance ID in the FNC admin portal under the 'License Rights' page. You should now be prompted with the following: Available Features: Enterprise Update Management** Instrumentation Management** *Note: The latest Java SDK that was tested with at the time this KB was created is 'Java SE Development Kit 8u231'. **Features available are dependent on what you purchased. If you don't see any features, this just means you've purchased no additional FNC features.   
View full article
Symptoms: Vulnerabilities CVE-2016-9843, CVE-2016-9842, CVE-2016-9841, CVE-2016-9840 are generically flagged against version 1.2.8 and less of zlib. Although there is no specific tagging of zlib version 1.2.3, InstallShield has proactively upgraded the version of zlib used from 1.2.3 to 1.2.11 to avoid generic vulnerability flagging. Diagnosis: A few binary scans show vulnerabilities associated with a different version of zlib (Ex 1.2.2 or 1.2.8) against compressed bootstrappers(setup.exe) built out of InstallShield 2018 R2. The results are confusing since the vulnerabilities are not for version 1.2.3 and yet appear in security scans causing customers to be concerned. Solution: This issue is being tracked under issue # IOJ-1900586 . Engineering has released a hotfix that avoids generic vulnerability flagging by upgrading the version of Zlib to 1.2.11 which has no known vulnerabilities at the time of writing this article. Additional Information: Below is the download link for the zlib Patch of InstallShield 2018 R2: https://flexerasoftware.flexnetoperations.com/control/inst/AnonymousDownload?dkey=14557347
View full article
Symptoms: It has been noticed that till FNP-11.16.4, the lmadmin installation on Windows Server 2019 (and Windows Server 2016) fails with an error as  ""Installer User Interface Mode Not Supported"". Diagnosis: We have been able to root cause this reported ambiguity with Java installation and the culprit is the Java version in installation. The issue can only be seen with latest version of Java (i.e. Java 8_u221) and above. Solution: (OR WORKAROUND) Downgraded the java version to a lower version (v8_202,/v8_211). This issue is alreadt reported to FNP engineering and most probably will be fixed in FNP-11.16.5 (not a commitment, so kindly check the release notes about that). https://www.oracle.com/technetwork/java/javase/downloads/java-archive-javase8-2177648.html
View full article
Summary This article provides information on how to prevent the Software Manager Update utility from automatically searching for product updates. Instead, you'll be able to manually launch the utility to check for updates at your discretion Synopsis This article provides information on how to prevent the Software Manager Update utility from automatically searching for product updates. Instead, you'll be able to manually launch the utility to check for updates at your discretion. Discussion 1. Click Start -> All Programs and then click Software Manager or Software Updates. 2. Click the Settings option. 3. Click one of the existing product hyperlinks from the list displayed. 4. Select the option "Manually". 5. Click the Apply to all products button. 6. Close the window.
View full article