Sentinel products are currently owned by SafeNet: http://c3.safenet-inc.com
This is the Sentinel license server. It runs as a service as the System user.
The license server software appears to be configured primarily through environment variables
|LSDEFAULTDIR||Location of ||
|LSERVOPTS||command-line options used by |
This doesn't appear to work on newer versions of the software. Command-line parameters to the service may now be stored in the registry at
|LSHOST||(semicolon-delimited list of) hostname(s) of license server (used by clients to specify the license server)|
|LSFORCEHOST||(semicolon-delimited list of) hostname(s) of license server (used by clients to specify the license server) |
overrides LSHOST (anything in LSHOST will be ignored if LSFORCEHOST is set.)
The host ID may be obtained from any number of sources. A particular application's requirements are stored in the
# Echo ID input # Can be hex or binary # # To set a particular locking criterion - Defined in lserv.h #define VLS_LOCK_ID_PROM 0x001 #define VLS_LOCK_IP_ADDR 0x002 #define VLS_LOCK_DISK_ID 0x004 #define VLS_LOCK_HOSTNAME 0x008 #define VLS_LOCK_ETHERNET 0x010 #define VLS_LOCK_NW_IPX 0x020 #define VLS_LOCK_NW_SERIAL 0x040 #define VLS_LOCK_PORTABLE_SERV 0x080 #define VLS_LOCK_CUSTOM 0x100 #define VLS_LOCK_CPU 0x200 # # Some Examples # All criteria 0x3FF or 1111111111 # IP Address only 000000010 or 0x2 0x010 0x004
Sentinel-enabled applications use (at least) two different environment variables to find the license server.
LSHOST is the one you should use unless necessity requires otherwise. Its value is a semicolon-delimited list of hostnames (Sentinel uses the same known port by default, UDP 5093) to query for valid licensed features. You can include as many hostnames as are necessary.
LSFORCEHOST is an override for
LSHOST, and if it is set, anything in
LSHOST will be ignored. Only what's in
LSFORCEHOST will be used.
Do not use
LSFORCEHOST as a system-wide environment variable unless you actually need to do so (which should be an exceedingly uncommon circumstance). Use
LSHOST. If an application croaks when accessing the other license servers in the
LSHOST list (because of differing versions or other uncontrollable incompatibilities), either rearrange the order of the LSHOST entries (it queries them in order—I think) or write a wrapper for the offended application that sets
LSHOST to the one license server it needs to query that then starts the application.
Sample Configuration File An example configuration file is shown below: # This file remaps the keyword "LONG" to "lng" for all readable # licenses for feature DOTS (any version). # It also provides alert actions for all features licensed # by the license server. # Note that the alert actions that apply to all non-DOTS # features do NOT apply to DOTS since DOTS has its own section. [DOTS *] # For DOTS, we generate only the denied alert LONG=lng # Remap statement denied = Script OFF Email ON EMAIL = jsmith@Engr1 [* *] # For non-DOTS apps, we generate most of the alerts softlimit = SCRIPT OFF EMAIL ON # Alert action statement hardlimit = SCRIPT On EMAIL On denied = Script on Email ON # This better not happen apptimeout = script on Email off expired = SCRIPT on email on EMAIL = mark@jupiter SCRIPT = /usr/local/etc/lsalertscr One section of the file can specify only a single alert script and a single email address. For all alerts enabled in one section, the same alert script will be invoked.
Beware of [un]installing any license server software for programs that use Sentinel. The location of the license/config files may change. It may also uninstall/replace the Sentinel LM Windows service.
If that happens, you can recreate the service using the
lservnt.exe service executable:
============================================= Sentinel LM 188.8.131.52 Copyright (C) 2004 SafeNet, Inc. ============================================= Starting in command line mode -H|-h (help) -X remove (remove service) -X install (install service) -X start (start service) -X stop (stop service) -X status (get server status) -X commline (start service on command line) NOTE: If you use '-X commline', this must be first on the command line
The documentation of newer versions of Sentinel RMS (8.2.2, at least) claim support for tracing. Use
-tr <bitmask> on the command line (of the service, I suppose). You can trace license keys (0x1), functions (0x2), and errors (0x4).
The documentation for Sentinel RMS claims support for encrypting/protecting the usage log. It also says that application vendors can override your settings.
lsusage.exe is the tool needed to access the protected logs.
This utility will properly parse and display information about the licenses in
lservrc. Frequently, the license files don't contain any or enough comments to tell you things like license expiration date, count, etc. Lsdecode will give you (I think) all the information in the license file. All the Sentinel utilities can be found in the install directory. I've made a copy of some of them in
Here's an example:
NCBBXJPYFMB42GPW5BZLVQ8HN3N8HSXYGKODBE7FLKYLCIDBUDIJUPGLPD5M35XO2ISXRXR4XUG337Z# "MSMEDSFULL" version "10.4", no expiration date, additive
lsdecode says this about it:
License code: "NCBBXJPYFMB42GPW5BZLVQ8HN3N8HSXYGKODBE7FLKYLCIDBUDIJUPGLPD5M35XO2ISXRXR4XUG337Z# "MSMEDSFULL" version "10.4", no expiration date, additive" License type : Normal Network Feature name : "MSMEDSFULL" Feature version : "10.4" Max concurrent users : 50 Soft limit on users : Unlimited. License start date : Morning of Jan 18, 2007 Expiration date : License has no expiration. Server locking code : Primary = "2A480" Lock code depends on : Sentinel Computer ID Additive/exclusive : Additive license (number of tokens will be added). Sharing criterion : Client host name based sharing. Held licenses : Held licenses disabled. Token lifetime (heartbeat) : 600 secs (10 min(s)) Action on clock tamper : No action. Log encryption level : 1 Commuter license allowed : YES
You can enable logging for SentinelLM by configuring the LSERVOPTS environment variable. You can change the directory where it looks for the config files by setting the LSDEFAULTDIR variable.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment] "LSDEFAULTDIR"="E:\\SentinelLM\\config" "LSERVOPTS"="-com 50 -l E:\\SentinelLM\\logs\\usage.log -f E:\\SentinelLM\\logs\\error.log"
C:\Program Files\SURFWARE\Network Server\Server\WinNT\lservrc