User Tools

Site Tools



Sentinel products are currently owned by SafeNet:

Sentinel LM

This is the Sentinel license server. It runs as a service as the System user.

Related software

Typical Configuration

Because one Sentinel server can host any number of licenses (barring version incompatibilities or other mysterious dependencies), I have tried to use shared servers for Sentinel instances, when it worked.

Root DirF:\Sentinel
lservrc F:\Sentinel\config\lservrc

Log files are usually redirected to F:\admin\logs.

Log Archival

I attempted to craft a generic solution for Sentinel to do log rotation and archival: itwindist\licensing\scripts\SentinelLM\, which is an attempt to do something similar to what the FLEXlm archival tool does. However, because there's no way to programmatically detect which features “belong” to the same application, this solution requires a config file to group licenses together.

Scheduled Task

The process runs nightly as a scheduled task. You can create the task with: --task

This is NOT as reliable as the FLEXlm script. You'll probably want to check the task and the wrapper script after they're generated.

Config File

You can generate a skeleton/template config file with --sentinel F:\Sentinel --create-config

When you edit the config, you'll be able to create a “group” (corresponding to an application) and any number of “features” inside that group. When the archival script runs, it attempts to sort all transactions into groups and send those groups to licmon.


I've had mixed results with this approach. Some licenses/clients have version requirements that make them incompatible with other products. Some vendors want you to install a front end for Sentinel. Sometimes, these front ends provide no additional functionality. Other times, they do their own mysterious stuff which makes having them a requirement. The biggest problem I've encountered is generating a host ID (a piece of data the licenses are locked to) in the form that the software vendor wants. Some vendors want an ID that's based on custom criteria and there's no other way to get it than to install their junk on the machine.

In the future, it would probably be easiest to have each Sentinel instance on its own machine running whatever goofy software the vendor supplies.

The company that owns Sentinel refuses to provide me with any information whatsoever (without paying, at least) because I might start pirating software. The license server software appears to be configured primarily through environment variables

Expected Value
LSDEFAULTDIR Location of lservrc license configuration file E:\SentinelLM\config
LSERVOPTS command-line options used by lservnt.exe (service executable)
This doesn't appear to work on newer versions of the software. Command-line parameters to the service may now be stored in the registry at HKLM\Software\Rainbow Technologies\SentinelLM\CurrentVersion\\CommandlineOpts
-com 50 -z 2m -l E:\SentinelLM\logs\usage.log -f E:\SentinelLM\logs\error.log
LSHOST (semicolon-delimited list of) hostname(s) of license server (used by clients to specify the license server)
LSFORCEHOST (semicolon-delimited list of) hostname(s) of license server (used by clients to specify the license server)
overrides LSHOST (anything in LSHOST will be ignored if LSFORCEHOST is set.)

Default Configurations
License File E:\SentinelLM\config\lservrc (normal licenses)
E:\SentinelLM\config\ulservrc (upgrade licenses)
Usage Log E:\SentinelLM\logs\usage.log
Error Log E:\SentinelLM\logs\error.log

Server Details
Listens On UDP 5093
license5 Executable E:\SentinelLM\cmgl\Secure\Win32\lservnt.exe
license3 Executable C:\Program Files\Rainbow Technologies\SentinelLM Server\English\lservnt.exe
licshared01 Executable C:\Program Files\SURFWARE\Network Server\Server\WinNT\lservnt.exe
Version 7.1.1
slm-01 Executable C:\Sentinel\RMS\win_nt\lservnt.exe
Version 8.2.2
Documentation \\\C$\Sentinel\RMS\index.html

Products Licensed

Host ID

The host ID may be obtained from any number of sources. A particular application's requirements are stored in the echoid.dat file.

# Echo ID input
# Can be hex or binary
# To set a particular locking criterion - Defined in lserv.h
#define VLS_LOCK_ID_PROM        0x001
#define VLS_LOCK_IP_ADDR        0x002
#define VLS_LOCK_DISK_ID        0x004
#define VLS_LOCK_HOSTNAME       0x008
#define VLS_LOCK_ETHERNET       0x010
#define VLS_LOCK_NW_IPX         0x020
#define VLS_LOCK_NW_SERIAL      0x040
#define VLS_LOCK_CUSTOM         0x100
#define VLS_LOCK_CPU            0x200
# Some Examples
# All criteria 0x3FF or 1111111111
# IP Address only 000000010 or 0x2


From “Sentinel RMS - Virtualization FAQ_v3.doc”:

a) Disk ID:

Till RMS 8.0, the Disk ID is not the actual Volume Serial Number of the Hard Disk (physical or virtual), but is calculated the first time “echoid.exe” or “Wechoid.exe” is run on that machine based on some random value. Thus, only way of duplicating Disk ID is by making copies of virtual machines after running the echoID once on the virtual machine.

In RMS 8.1, the Disk ID depends only on the Volume Serial Number. Hence, the virtual machine can be replicated any time.


Sentinel-enabled applications use (at least) two different environment variables to find the license server.


LSHOST is the one you should use unless necessity requires otherwise. Its value is a semicolon-delimited list of hostnames (Sentinel uses the same known port by default, UDP 5093) to query for valid licensed features. You can include as many hostnames as are necessary.


LSFORCEHOST is an override for LSHOST, and if it is set, anything in LSHOST will be ignored. Only what's in LSFORCEHOST will be used.

Do not use LSFORCEHOST as a system-wide environment variable unless you actually need to do so (which should be an exceedingly uncommon circumstance). Use LSHOST. If an application croaks when accessing the other license servers in the LSHOST list (because of differing versions or other uncontrollable incompatibilities), either rearrange the order of the LSHOST entries (it queries them in order—I think) or write a wrapper for the offended application that sets LSFORCEHOST or LSHOST to the one license server it needs to query that then starts the application.


Sample Configuration File
An example configuration file is shown below:
# This file remaps the keyword "LONG" to "lng" for all readable
# licenses for feature DOTS (any version).
# It also provides alert actions for all features licensed
# by the license server.
# Note that the alert actions that apply to all non-DOTS
# features do NOT apply to DOTS since DOTS has its own section.
[DOTS *] # For DOTS, we generate only the denied alert
LONG=lng                           # Remap statement
denied = Script OFF  Email ON
EMAIL = jsmith@Engr1
[* *] # For non-DOTS apps, we generate most of the alerts
softlimit = SCRIPT OFF EMAIL ON   # Alert action statement
hardlimit = SCRIPT On  EMAIL On
denied = Script on  Email ON       # This better not happen
apptimeout = script on  Email off
expired = SCRIPT on  email on
EMAIL = mark@jupiter
SCRIPT = /usr/local/etc/lsalertscr
One section of the file can specify only a single alert script and a single email address. For all alerts enabled in one section, the same alert script will be invoked.


Beware of [un]installing any license server software for programs that use Sentinel. The location of the license/config files may change. It may also uninstall/replace the Sentinel LM Windows service. If that happens, you can recreate the service using the lservnt.exe service executable:


                        Sentinel LM
             Copyright (C) 2004 SafeNet, Inc.


Starting in command line mode
-H|-h          (help)
-X remove      (remove service)
-X install     (install service)
-X start       (start service)
-X stop        (stop service)
-X status      (get server status)
-X commline    (start service on command line)

NOTE: If you use '-X commline', this must be first on the command line


The documentation of newer versions of Sentinel RMS (8.2.2, at least) claim support for tracing. Use -tr <bitmask> on the command line (of the service, I suppose). You can trace license keys (0x1), functions (0x2), and errors (0x4).

Encrypted Log Files

The documentation for Sentinel RMS claims support for encrypting/protecting the usage log. It also says that application vendors can override your settings. lsusage.exe is the tool needed to access the protected logs.

Parsing the License File


This utility will properly parse and display information about the licenses in lservrc. Frequently, the license files don't contain any or enough comments to tell you things like license expiration date, count, etc. Lsdecode will give you (I think) all the information in the license file. All the Sentinel utilities can be found in the install directory. I've made a copy of some of them in E:\SentinelLM\bin.

Here's an example:


lsdecode says this about it:

License code: "NCBBXJPYFMB42GPW5BZLVQ8HN3N8HSXYGKODBE7FLKYLCIDBUDIJUPGLPD5M35XO2ISXRXR4XUG337Z# "MSMEDSFULL" version "10.4", no expiration date, additive"

 License type                 : Normal Network 
 Feature name                 : "MSMEDSFULL" 
 Feature version              : "10.4"

 Max concurrent users         : 50
 Soft limit on users          : Unlimited.
 License start date           : Morning of Jan 18, 2007
 Expiration date              : License has no expiration.
 Server locking code          : Primary   = "2A480"
 Lock code depends on         : Sentinel Computer ID
 Additive/exclusive           : Additive license (number of tokens will be added).
 Sharing criterion            : Client host name based sharing.
 Held licenses                : Held licenses disabled.
 Token lifetime (heartbeat)   : 600 secs (10 min(s))
 Action on clock tamper       : No action.
 Log encryption level         : 1

 Commuter license allowed     : YES

Server Setup Notes


You can enable logging for SentinelLM by configuring the LSERVOPTS environment variable. You can change the directory where it looks for the config files by setting the LSDEFAULTDIR variable.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"LSERVOPTS"="-com 50 -l E:\\SentinelLM\\logs\\usage.log -f E:\\SentinelLM\\logs\\error.log"

Sentinel Protection Server

Sentinel RMS Development Kit License Manager

Old Documentation

SentinelLM license manager

Uses a software-enforced or hardlock-enforced license file.
Install the license server on license3 for software-enforced license file for SAP2000:
  • From the SAP 2000 version 9 CD, launch License Manager\Server\Setup\setup.exe
  • Install SentinelLM license server
    • Default install location: C:\Program Files\Rainbow Technologies\SentinelLM Server
    • Launch the following to add or remove the SentinelLM service (which is installed by default)
    • C:\Program Files\Rainbow Technologies\SentinelLM Server\English\loadls.exe
  • Generate license server codes for requesting a license
    • Install the standalone version of SAP 2000 version 9 on another system
    • Copy echoid.exe from the standalone product install directory to license server.
      • C:\Program Files\Computers and Structures\SAP2000 9\echoid.exe
      • C:\Program Files\Computers and Structures\SAP2000 9\wechoid.exe
      • C:\Program Files\Computers and Structures\SAP2000 9\lsapiw32.dll
    • Launch wechoid.exe and select the requested devices to lock license file to.
    • Licence code for license3 locked to disk volume ID: 4-2C20D
  • Reconfigure the service to restart the service if it fails one, two, or more times.
Install the license server on license4 for USB and parallel port hardlock license management:
  • Download and install the latest USB and parallel port drivers. Do not install the management web server. Current drivers appear to be available from the in the Sentinel Protection Installer download. The current version is 7.1.0.
  • Install a FlexLM license manager for ArcGIS. Install SentinelLM for AspenTech (InstallingAspenTechLicense).
  • If diagnostics are required for the USB or parallel port hardlock device, download and install the SuperPro Medic.
  • Merge license files to a file named “lservrc” and put it in the following directory:
  • C:\Program Files\Rainbow Technologies\SentinelLM Server\English
  • Restart the SentinelLM service to make sure that it loads the new “lservrc” license file.
Install the license server on license5 for USB hardlock license management:
  • Download and install the latest USB drivers. Do not install the management web server. Current drivers appear to be available from the in the Sentinel Protection Installer download. The current version is 7.3.0.
  • If diagnostics are required for the USB or parallel port hardlock device, download and install the !SuperPro Medic.
  • Merge license files to a file named “lservrc”.
  • Then copy it to the following directory:
  • C:\Program Files\Common Files\SafeNet Sentinel\Sentinel LM Server\WinNT
  • Restart the Sentinel LM service to make sure that it loads the new “lservrc” license file.
  • Reconfigure the service to restart the service if it fails one, two, or more times.
Sentinel LM 8.0 Server
  • Try to find downloads for the SentinelLM product.
  • Download and install the latest USB and parallel port drivers. Do not install the management web server. The web server is listed as “Sentinel Protection Server”. Current drivers appear to be available from the in the Sentinel Protection Installer download. The current version is 7.1.1.
Install the license server on licshared01 for USB and parallel port hardlock license management:
  • Licshared01 Sentinel LM path: C:\Program Files\SURFWARE\Network Server\Server\WinNT\lservrc
change/applications/licensing/sentinellm.txt · Last modified: 2015/04/17 17:15 by thartman