Many of today's networks use a firewall for enhanced security from outside threats. Because the license manager uses the TCP/IP protocols, implementing such a firewall can pose problems between the license manager server and the clients connecting to it.
The problem is caused by the firewall often closing or blocking access to the ports the license manager uses to communicate. By default, the lmgrd daemon is set to TCP port 27000. The ARCGIS daemon, on the second line of the file, is not confined to a particular port range. It is dynamic, meaning that it can listen on any available TCP port. The License manager does not communicate over UDP.
To secure the license management environment and allow you to implement a firewall, you can lock the ARCGIS daemon to a specific port. You can also change the lmgrd daemon from the default 27000 to another port between 27000 and 27009. This range was pre-specified for license manager use because of the low traffic in that range.
This topic does not explain the procedures required to open your hosts firewall. Please refer to your firewall and operating system help documentation on opening ports.
Procedure for locking License Manager to specific ports
The steps provided require that you briefly stop the license manager. During this time, connections to the license manager may be lost.
- Click Start > Programs > ArcGIS > License Server Administrator.
- Click Start/Stop License Server in the table of contents and click Stop.
- Open Windows Explorer and navigate to your license manager installation location (C:\Program Files\ArcGIS\LicenseManager\bin by default for ArcGIS License Manager 2021.0 installations), in which you will see a service.txt file.
The file should look similar to this:
SERVER this_host ANY 27000 VENDOR ARCGIS USE_SERVER FEATURE ACT ARCGIS 1 permanent 1 vendor_info=7KNJDRHFHBK4CFDMJ214 SIGN="052E ABFC 32DD \ 2473 DEFD E276 4BF3 E0DB 87EB 2203 5A30 C014 19A1 C35E 2154 \ 08B1 9460 A2B9 6701 DC4D CAF2 E2FE 1347 0E36 90FA 4F3B E864 \ BEC8 D3A2 A615"
At the end of the SERVER line, you can choose to specify a port number for the lmgrd daemon, immediately after ANY (separated with a space).
On the VENDOR line, add PORT=####, where #### is a specific port number designated by you, to lock the vendor daemon to that specific port (for example, 5152). After making the changes, your service.txt file should look something like this:
SERVER this_host ANY 27004 VENDOR ARCGIS PORT=5152 USE_SERVER FEATURE ACT ARCGIS 1 permanent 1 vendor_info=7KNJDRHFHBK4CFDMJ214 SIGN="052E ABFC 32DD \ 2473 DEFD E276 4BF3 E0DB 87EB 2203 5A30 C014 19A1 C35E 2154 \ 08B1 9460 A2B9 6701 DC4D CAF2 E2FE 1347 0E36 90FA 4F3B E864 \ BEC8 D3A2 A615"
- Save the .txt file.
- From License Server Administrator, click Start.
The vendor daemon is now static, locked to the port specified.
- These ports can now be saved as exceptions in the firewall to allow communication between the license server and the client.