Community

Cannot connect to license manager across all ports - problem with blocked inbound packets

1408
2
03-04-2021 11:04 AM
Strahanjen
by
Occasional Contributor II
‎03-04-2021 11:04 AM

We're running License Manager 2020.0 on Windows Server 2016. Our firewall that has recently been reconfigured to allow traffic on ports 27000-27009. Previously, only port 27000 was open. 

We started seeing many 5152 Events (The Windows Filtering Platform blocked a packet), which makes sense given that our original license manager configuration was locked to port 27000. The firewall rule triggering the 5152 events is the "Port Scanning Prevention Filter" which usually means that there are no listeners. As we understand it, inbound traffic on ports 27001 to 27009 triggered these events because the license manager was not configured to listen on these ports.

What we're perplexed about is, we changed our service.txt so that the first two lines look like the following, and we're still seeing blocked packets on inbound ports 27001 to 27009 after restarting the server. I wonder if anyone can help us to understand what else we might need to change in order to have the license manager listen on all ports and avoid the problem with inbound packets being blocked? 
 
SERVER this_host ANY
VENDOR ARCGIS
FEATURE ACT ARCGIS 1 permanent 1 7ED49106D630

 

0 Kudos
2 Replies
JayantaPoddar
by MVP Esteemed Contributor
MVP Esteemed Contributor
‎03-04-2021 11:24 AM

Is there any other vendor's Flexnet enabled license server installed in the same machine?

"When operating ArcGIS License Manager on the same host server as another vendor's Flexnet enabled license server, each LMGRD daemon should be locked to a different port in the 27000-27009 range to avoid conflicts in serving licenses."

Try Locking License Manager to a specific port in the range 27001-27009 (I am excluding the default port 27000 just to be safe). Steps are available in the above link.

_______________________________________________________________________________________

If that doesn't work out, you may want to have a look at Port Scanning Prevention Filter behavior in Windows  for a workaround.



Think Location
0 Kudos
Todd_Metzler
by
Occasional Contributor III
‎03-04-2021 11:31 AM

Hello,

My environment:  LM 2020.0 x2.  Primary and failover on two 2x WinServer 2012R2.

I've both inbound and outbound firewall rules for port range 27000 - 27009.  Traffic allowed.

NOTE:  I use 27004 but you can choose some other port within the allowable range to suite your use case.  Try something like this in your service.txt.

SERVER this_host ANY 27004
VENDOR ARCGIS PORT=27000
USE_SERVER
FEATURE ACT ARCGIS 1 permanent 1...

  In this config your users are connecting to port 27004 while the vendor daemon is using port 27000.

Todd

0 Kudos