Sentinel products are currently owned by SafeNet: http://c3.safenet-inc.com
This is the Sentinel license server. It runs as a service as the System user.
Because one Sentinel server can host any number of licenses (barring version incompatibilities or other mysterious dependencies), I have tried to use shared servers for Sentinel instances, when it worked.
Log files are usually redirected to
I attempted to craft a generic solution for Sentinel to do log rotation and archival:
itwindist\licensing\scripts\SentinelLM\archive_sentinel_logs.pl, which is an attempt to do something similar to what the FLEXlm archival tool does. However, because there's no way to programmatically detect which features “belong” to the same application, this solution requires a config file to group licenses together.
The process runs nightly as a scheduled task. You can create the task with:
This is NOT as reliable as the FLEXlm script. You'll probably want to check the task and the wrapper script after they're generated.
You can generate a skeleton/template config file with
archive_sentinel_logs.pl --sentinel F:\Sentinel --create-config
When you edit the config, you'll be able to create a “group” (corresponding to an application) and any number of “features” inside that group. When the archival script runs, it attempts to sort all transactions into groups and send those groups to licmon.
I've had mixed results with this approach. Some licenses/clients have version requirements that make them incompatible with other products. Some vendors want you to install a front end for Sentinel. Sometimes, these front ends provide no additional functionality. Other times, they do their own mysterious stuff which makes having them a requirement. The biggest problem I've encountered is generating a host ID (a piece of data the licenses are locked to) in the form that the software vendor wants. Some vendors want an ID that's based on custom criteria and there's no other way to get it than to install their junk on the machine.
In the future, it would probably be easiest to have each Sentinel instance on its own machine running whatever goofy software the vendor supplies.
The company that owns Sentinel refuses to provide me with any information whatsoever (without paying, at least) because I might start pirating software. The license server software appears to be configured primarily through environment variables
|LSDEFAULTDIR||Location of ||
|LSERVOPTS||command-line options used by |
This doesn't appear to work on newer versions of the software. Command-line parameters to the service may now be stored in the registry at
|LSHOST||(semicolon-delimited list of) hostname(s) of license server (used by clients to specify the license server)|
|LSFORCEHOST||(semicolon-delimited list of) hostname(s) of license server (used by clients to specify the license server) |
overrides LSHOST (anything in LSHOST will be ignored if LSFORCEHOST is set.)
The host ID may be obtained from any number of sources. A particular application's requirements are stored in the
# Echo ID input # Can be hex or binary # # To set a particular locking criterion - Defined in lserv.h #define VLS_LOCK_ID_PROM 0x001 #define VLS_LOCK_IP_ADDR 0x002 #define VLS_LOCK_DISK_ID 0x004 #define VLS_LOCK_HOSTNAME 0x008 #define VLS_LOCK_ETHERNET 0x010 #define VLS_LOCK_NW_IPX 0x020 #define VLS_LOCK_NW_SERIAL 0x040 #define VLS_LOCK_PORTABLE_SERV 0x080 #define VLS_LOCK_CUSTOM 0x100 #define VLS_LOCK_CPU 0x200 # # Some Examples # All criteria 0x3FF or 1111111111 # IP Address only 000000010 or 0x2 0x010 0x004
From “Sentinel RMS - Virtualization FAQ_v3.doc”:
a) Disk ID:
Till RMS 8.0, the Disk ID is not the actual Volume Serial Number of the Hard Disk (physical or virtual), but is calculated the first time “echoid.exe” or “Wechoid.exe” is run on that machine based on some random value. Thus, only way of duplicating Disk ID is by making copies of virtual machines after running the echoID once on the virtual machine.
In RMS 8.1, the Disk ID depends only on the Volume Serial Number. Hence, the virtual machine can be replicated any time.
Sentinel-enabled applications use (at least) two different environment variables to find the license server.
LSHOST is the one you should use unless necessity requires otherwise. Its value is a semicolon-delimited list of hostnames (Sentinel uses the same known port by default, UDP 5093) to query for valid licensed features. You can include as many hostnames as are necessary.
LSFORCEHOST is an override for
LSHOST, and if it is set, anything in
LSHOST will be ignored. Only what's in
LSFORCEHOST will be used.
Do not use
LSFORCEHOST as a system-wide environment variable unless you actually need to do so (which should be an exceedingly uncommon circumstance). Use
LSHOST. If an application croaks when accessing the other license servers in the
LSHOST list (because of differing versions or other uncontrollable incompatibilities), either rearrange the order of the LSHOST entries (it queries them in order—I think) or write a wrapper for the offended application that sets
LSHOST to the one license server it needs to query that then starts the application.
Sample Configuration File An example configuration file is shown below: # This file remaps the keyword "LONG" to "lng" for all readable # licenses for feature DOTS (any version). # It also provides alert actions for all features licensed # by the license server. # Note that the alert actions that apply to all non-DOTS # features do NOT apply to DOTS since DOTS has its own section. [DOTS *] # For DOTS, we generate only the denied alert LONG=lng # Remap statement denied = Script OFF Email ON EMAIL = jsmith@Engr1 [* *] # For non-DOTS apps, we generate most of the alerts softlimit = SCRIPT OFF EMAIL ON # Alert action statement hardlimit = SCRIPT On EMAIL On denied = Script on Email ON # This better not happen apptimeout = script on Email off expired = SCRIPT on email on EMAIL = mark@jupiter SCRIPT = /usr/local/etc/lsalertscr One section of the file can specify only a single alert script and a single email address. For all alerts enabled in one section, the same alert script will be invoked.
Beware of [un]installing any license server software for programs that use Sentinel. The location of the license/config files may change. It may also uninstall/replace the Sentinel LM Windows service.
If that happens, you can recreate the service using the
lservnt.exe service executable:
============================================= Sentinel LM 188.8.131.52 Copyright (C) 2004 SafeNet, Inc. ============================================= Starting in command line mode -H|-h (help) -X remove (remove service) -X install (install service) -X start (start service) -X stop (stop service) -X status (get server status) -X commline (start service on command line) NOTE: If you use '-X commline', this must be first on the command line
The documentation of newer versions of Sentinel RMS (8.2.2, at least) claim support for tracing. Use
-tr <bitmask> on the command line (of the service, I suppose). You can trace license keys (0x1), functions (0x2), and errors (0x4).
The documentation for Sentinel RMS claims support for encrypting/protecting the usage log. It also says that application vendors can override your settings.
lsusage.exe is the tool needed to access the protected logs.
This utility will properly parse and display information about the licenses in
lservrc. Frequently, the license files don't contain any or enough comments to tell you things like license expiration date, count, etc. Lsdecode will give you (I think) all the information in the license file. All the Sentinel utilities can be found in the install directory. I've made a copy of some of them in
Here's an example:
NCBBXJPYFMB42GPW5BZLVQ8HN3N8HSXYGKODBE7FLKYLCIDBUDIJUPGLPD5M35XO2ISXRXR4XUG337Z# "MSMEDSFULL" version "10.4", no expiration date, additive
lsdecode says this about it:
License code: "NCBBXJPYFMB42GPW5BZLVQ8HN3N8HSXYGKODBE7FLKYLCIDBUDIJUPGLPD5M35XO2ISXRXR4XUG337Z# "MSMEDSFULL" version "10.4", no expiration date, additive" License type : Normal Network Feature name : "MSMEDSFULL" Feature version : "10.4" Max concurrent users : 50 Soft limit on users : Unlimited. License start date : Morning of Jan 18, 2007 Expiration date : License has no expiration. Server locking code : Primary = "2A480" Lock code depends on : Sentinel Computer ID Additive/exclusive : Additive license (number of tokens will be added). Sharing criterion : Client host name based sharing. Held licenses : Held licenses disabled. Token lifetime (heartbeat) : 600 secs (10 min(s)) Action on clock tamper : No action. Log encryption level : 1 Commuter license allowed : YES
You can enable logging for SentinelLM by configuring the LSERVOPTS environment variable. You can change the directory where it looks for the config files by setting the LSDEFAULTDIR variable.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment] "LSDEFAULTDIR"="E:\\SentinelLM\\config" "LSERVOPTS"="-com 50 -l E:\\SentinelLM\\logs\\usage.log -f E:\\SentinelLM\\logs\\error.log"
C:\Program Files\SURFWARE\Network Server\Server\WinNT\lservrc