Follow

Ports and Firewalls - v2015 and v2016

Windows 7, Windows 8 and Windows 10 enable the Windows firewall by default. If the Intergraph license server is hosted on a system with Windows 7, Windows 8 or Windows 10, or a system with a restrictive commercial firewall, the client systems may no longer be able to connect to the license server. Although disabling the firewall will restore the license server, it is not necessary to disable the entire firewall and leave your server vulnerable. Instead, you may open the TCP/IP ports needed by the Intergraph license server and add the license server programs to the firewall exceptions list.

The Intergraph license server consists of two components; the license broker (lmgrd) and the vendor daemon (INGRTS). The client workstation sends a license request to the license broker, which queries the vendor daemon whether or not there is a valid license. The vendor daemon checks the license validity based on its own algorithm, and then sends the return back to the license broker, which lets license broker communicate with the client.

By default, the license broker uses TCP port 27000. If port 27000 is used by another program, the license broker will use another port available from range 27001-27009. Usually TCP port 27000 is open on most firewalls, but ports 27001-27009 are often blocked.

The vendor daemon also uses one random TCP port (e.g., port 1205) to communicate with the license broker, so that both the license broker and the vendor daemon have a distinct TCP port. The TCP port used by the vendor daemon can change every time the license server is restarted, and some firewalls block the ports which the vendor daemon uses.

In order to unblock the communication between the client, license broker, and vendor daemon, you must add the license broker, the vendor daemon, and their TCP ports to the Windows firewall exceptions list.

Intergraph License Administration

Select the appropriate TCP port for use by the license broker and vendor daemon

  • The license broker uses TCP port 27000 by default. This is the best choice for any system which uses a single license server.
  • The vendor daemon picks the first available port, but the choice may be different every time the license server is restarted.
  • One way to find a TCP port available for use is to start the license manager process and examine the license server log file:
    • For Windows 10 / 8: C:\Users\Public\Intergraph\Licenses\IntergraphLicensingService.log
  • This log file will show which ports were assigned at startup. For instance, in the following log snippet, you can see that the license broker TCP port is 27001, and the vendor daemon TCP port is 1205. (The number 2688 is a process identifier, and is not relevant to this procedure.)

16:43:24 (lmgrd) License file(s): C:\Users\Public\Intergraph\Licenses\LocalServerLicense.elf
16:43:24 (lmgrd) lmgrd tcp-port 27001
16:43:24 (lmgrd) Starting vendor daemons ...
16:43:24 (lmgrd) Started INGRTS(pid 2688)
...
11:12:16 (lmgrd) INGRTS using TCP-port 1205

Configure the ERDAS license file to always use your selected ports.

  • You can control the port number used by the ERDAS-Net license server by editing the first two lines of the floating license file at [ProgramFiles]\ERDAS\Shared\licensing\licenses\floating-license\ LocalServerLicense.elf. Note: Treat [ProgramFiles] as [C:\Program Files(x86)] on 64-bit Windows, [C:\Program Files] on 32-bit Windows.
  • You may only modify the first two lines of the file. Do not edit the main encrypted body (from the word INCREMENT onward) of the license file or you will invalidate the license. For example:

SERVER this_host erdasnet=3ad21234 27001
VENDOR INGRTS port=1205
USE_SERVER
INCREMENT…>

  • Adding 27001 after the “this_host erdasnet=3ad21234” on the SERVER line will make sure that the license broker always uses port 27001. This can be helpful when you are running multiple license servers on the same machine, by ensuring that each software vendor’s license broker gets the same port every time the machine starts up.
  • NOTE: You can also change the service port in the admin tool by clickin gon Server > Configure License Service Port.
  • Adding port=1205 on the VENDOR line ensures that the vendor daemon always uses port 1205.

Setup the Windows firewall by adding the license broker, vendor daemon, and their TCP/IP ports to exceptions list.

Windows 7/2008 Firewall - for v11.11.1 of the license tools.

  1. Go to the Windows Control Panel, and double click on “Windows Firewall”.
  2. Click on the link named “Advanced Settings” on the left of the Windows Firewall page, this will open a new dialog called  “Windows Firewall with Advanced Security”.
  3. Add “lmgrd.exe” to program inbound rules:
    1. Right Click on “Inbound Rules” from the “Windows Firewall with Advanced Security” dialog, choose “New Rule...”, this will start “New Inbound Rule Wizard”.
    2. From “Rule Type” step page, click on “Program”, and click “Next”.
    3. From “Program” step page, Choose “This program path:”, Then click "Browse” button, which opens a file chooser. Go to “ProgramFiles\Intergraph\Licensing\11.11.1\Program” and select “lmgrd.exe” from the list and then click “Open”. Click “Next”.
    4. From “Action” step page, choose “Allow the connection”, and click “Next”.
    5. From “Profile” step page, choose all three options (e.g., “Domain”, “Private”, and “Public”), and click “Next”.
    6. From “Name” step page, type a name for this new rule, for example “lmgrd”. Click “Finish”. Note: Treat ProgramFiles as C:\Program Files(x86) on 64-bit Windows, C:\Program Files on 32-bit Windows.
  4. Add “INGRTS.exe” to program inbound rules:
    1. Right Click on “Inbound Rules” from the “Windows Firewall with Advanced Security” dialog, choose “New Rule...”, this will start “New Inbound Rule Wizard”.
    2. From “Rule Type” step page, click on “Program”, and click “Next”.
    3. From “Program” step page, Choose “This program path:”, Then click "Browse” button, which opens a file chooser. Go to “ProgramFiles\Intergraph\Licensing\11.11.1\Program” and select “INGRTS.exe” from the list and then click “Open”. Click “Next”.
    4. From “Action” step page, choose “Allow the connection”, and click “Next”.
    5. From “Profile” step page, choose all three options (e.g., “Domain”, “Private”, and “Public”), and click “Next”.
    6. From “Name” step page, type a name for this new rule, for example “lmgrd”. Click “Finish”.
  5. Add port to port inbound rules:
    1. Right Click on “Inbound Rules” from the “Windows Firewall with Advanced Security” dialog, choose “New Rule...”, this will start “New Inbound Rule Wizard”.
    2. From “Rule Type” step page, click on “Port”, and click “Next”.
    3. From “Protocol and Ports” step page, Choose “TCP”, then choose “Specific local ports:”. Enter the port number you wish to exempting used for the lmgrd (e.g., 27001).  Click “Next”.
    4. From “Action” step page, choose “Allow the connection”, and click “Next”.
    5. From “Profile” step page, choose all three options (e.g., “Domain”, “Private”, and “Public”), and click “Next”.
    6. From “Name” step page, type a name for this new rule, for example “lmgrd tcp port”. Click “Finish”.
  6. Add port to port inbound rules:
    1. Right Click on “Inbound Rules” from the “Windows Firewall with Advanced Security” dialog, choose “New Rule...”, this will start “New Inbound Rule Wizard”.
    2. From “Rule Type” step page, click on “Port”, and click “Next”.
    3. From “Protocol and Ports” step page, Choose “TCP”, then choose “Specific local ports:”. Enter the port number you wish to exempting used for the INGRTS (e.g., 1205).  Click “Next”.
    4. From “Action” step page, choose “Allow the connection”, and click “Next”.
    5. From “Profile” step page, choose all three options (e.g., “Domain”, “Private”, and “Public”), and click “Next”.
    6. From “Name” step page, type a name for this new rule, for example “erdas tcp port”. Click “Finish”.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk