We do not support running third party vendor daemons on the Citrix License Server, or the Citrix vendor daemon on third party license servers.
We recommend that you run the latest version of the License Server. We do not provide hotfixes for License Server components and don’t support older License Servers with newer products. The latest version of the License Server often contains resolutions to issues appearing in earlier versions. When you upgrade or install new Citrix products, upgrade the licensing components as well. New License Servers are backward compatible and support older products and license files. However, new products often require the newest License Server to check out licenses correctly. You can find the latest version from the
Citrix Downloads
site.
To see the new features in this release, go to
What’s new
.
We don’t support installing the License Server from a UNC path (
\\\server\share
). Install the License Server from a local copy.
Step 1 Review your prerequisites
Ensure you review the
system requirements
before you install and configure your License Server.
Step 2 License your product
Licensing your product includes the following steps:
Ensure that you have the latest License Server version.
Verify the system requirements.
Install licensing.
Obtain license files from
My Account
or if you have a license code, use the Citrix Licensing Manager.
Install your Citrix product (or, if already installed, restart the Citrix products for the new licenses to be recognized).
Configure product-side licensing communication settings that were not set during the product installation, if applicable. This configuration includes setting the correct product-edition in the product. For more information, see
Licensing elements
and
Services
.
Ensure that the product-side edition setting correctly matches the licenses you have purchased. For example, if you purchased Premium edition licenses, ensure that the edition setting in the product indicates Premium and not Advanced.
The License Server does not require domain membership. You can install the License Server in a workgroup and still perform all licensing functions on behalf of Citrix products. To manage Citrix Licensing Manager users having Active Directory users or groups, the users must be part of a domain. Otherwise, use local Windows users and groups.
Step 3 Check your security and firewall
Security considerations
We recommend that you upgrade the License Server to the latest version when you upgrade or install new Citrix products. The new License Servers are backward compatible and support older products and license files. Each time a new License Server is released, it might contain better security features than in previous versions. We also recommend the following security considerations when you configure your environment.
Configure the License Server environment so that only authorized administrators on a trusted network can access the Citrix Licensing Manager. You achieve this outcome by using an appropriately configured network or host-based firewall.
When using the Citrix Licensing Manager, avoid visiting untrusted websites or clicking untrusted URLs.
Important:
Citrix License Server uses Microsoft Active Directory for authentication. Citrix strongly recommends that you implement good security practices in Microsoft Active Directory (like account lockout and password management) to securely deploy Citrix License Server. For more information, see the
Account lockout threshold
and
Password must meet complexity requirements
articles.
Firewall considerations
Determine if you require a firewall between the License Server and any product servers before installing licensing. Firewall considerations can impact where you install the License Server.
If you have hardware firewalls in your environment, you must create the necessary rules manually.
If there is a firewall between your product and the License Server, configure port numbers. This configuration process entails:
Determining which port numbers to change
. You can change port numbers during the installation process or afterward.
Opening up the firewall ports
. Open any ports on the firewall that you changed so that traffic can flow. Current releases configure the built-in firewall automatically.
Changing the product-side settings
. Configure your Citrix product to use the same port numbers as in the Citrix Licensing Manager. If you do not change the port number referenced in the product, the product cannot contact the License Server. You can change the product-side settings during and after installation of the product. See your product documentation for information about these settings.
For more information about allowing telemetry data upload, see
Reporting options
.
Step 4 Install licensing components, server, and certificate
Note:
During installation, localized characters in the installation path can cause the installation to fail. Accept the default installation path or type only ASCII alphabetic letter characters for the installation directory.
You can install licensing components on a separate, dedicated server or on a server they share with another application. Alternatively, you can use a web or application server. However, the locations mentioned later in this article are less resource intensive. If you are running fewer than 50 servers or 10,000 licenses, you can install the License Server on the same server as your product. To determine if relocation of the License Server to another system is necessary, monitor CPU and memory load (
lmgrd.exe
and
CITRIX.exe
).
Important:
Use the
CitrixLicensing.exe
file for all future installations, except for Active Directory deployments. In that case, use the .msi. Ensure that both
.exe
and
.msi
files are present for the installation.
Install the License Server and console using the graphical interface
Download the License Server from
Citrix downloads
and start the License Server installer,
CitrixLicensing.exe
, as an administrator or a member of the administrators group.
Follow the installer on the GUI to accept the destination folder.
Licensing components are installed in
C:\Program Files\Citrix\Licensing
on a 32-bit computer and
C:\Program Files (x86)\Citrix\Licensing
on a 64-bit computer.
On the
Configure
page, accept, or change the default port numbers used by licensing components. Choose whether to allow the installer to configure the Windows Firewall exception. If needed, you can change the port numbers after the installation. If you choose to finish the installation without configuring the License Server, restart the
CitrixLicensing.exe
installer. You can also use the License Server Configuration tool to configure the settings after the installation.
Open the configuration tool from:
C:\Program Files\Citrix\Licensing\LS\resource\Licensing.Configuration.Tool.exe
.
License Server port number is 27000
Vendor daemon port number is 7279
Citrix Web Services for Licensing port number is 8083
The License Server adds the default administrator for the Citrix Licensing Manager based on how you are logged on. If you are in a domain, the License Server adds the installing user (domain\user) as a default License Server or a Citrix Licensing Manager administrator. If you are a local Windows user, the License Server adds the installing user (computer\user) as a default administrator account. The BUILTIN\administrator group, which allows any administrator to manage licensing, is added by default. You can remove BUILTIN\administrators to restrict licensing to specified users.
Choose to start the Citrix Licensing Manager and whether to join the Citrix Customer Experience Improvement Program.
Install licensing using the Windows command line
Important:
The Citrix Service Provider program requires Customer Experience Improvement Program (CEIP) and Call Home. If you are a Citrix Service Provider, you cannot disable CEIP or Call Home. Citrix collects basic licensing data as necessary for its legitimate interests, including license compliance. For more information, see
Citrix Licensing Compliance
.
When using the
CitrixLicensing.exe
command to install licensing, set properties by adding
Property=value
on the command line anywhere except between an option and its argument.
Ensure that you run the command line with administrator privileges. To start the command prompt with elevated privileges, choose
Start
, right-click
Command Prompt
, and choose
Run as administrator
.
The following sample command line installs licensing in silent mode. Add the properties you want to set.
Type the command in one line without returns. The following example is in multiple lines because of space limitations.
/quiet
specifies a silent (quiet) installation.
/l
specifies the log file location
INSTALLDIR
is the location where the License Server executable is stored. Optional parameter. The default is
c:\program files\citrix\licensing
or
c:\program files (x86)\citrix\licensing
.
WSLPORT
is the port number used for Citrix Web Services for Licensing. Optional parameter. The default is 8083.
LSPORT
is the port number used for the License Server. Optional parameter. The default is 27000.
VDPORT
is the port number used for the vendor daemon. Optional parameter. The default is 7279.
CEIPOPTIN
specifies whether, or how, to opt in to the Citrix Customer Experience Improvement Program (CEIP) or Call Home. Optional parameter. The default is
NONE
.
DIAGNOSTIC
- Call Home
Unidentified
- CEIP
Using the command line to install licensing for an Active Directory deployment
When using the msiexec command to install licensing, set properties by adding Property=”value” on the command line anywhere except between an option and its argument. Clustering is not supported in the .msi.
Note:
Ensure that you run the command line with administrator privileges. To start the command prompt with elevated privileges, choose
Start
, right-click
Command Prompt
, and choose
Run as administrator
.
The following sample command line installs licensing in silent mode and creates a log file to capture any information about this operation. Add the properties you want to set after the switches.
Type the command in one line without returns. The following example is in multiple lines because of space limitations.
/l*v is the location of the setup log. Optional parameter.
/qn specifies a silent (quiet) installation.
INSTALLDIR is the location where the License Server executable is stored. Optional parameter. The default is
c:\program files\citrix\licensing
or
c:\program files (x86)\citrix\licensing
.
LICSERVERPORT is the port number used for the License Server. Optional parameter. The default is 27000.
VENDORDAEMONPORT is the port number used for the vendor daemon. Optional parameter. The default is 7279.
WEBSERVICESLICENSINGPORT is the port number used for the Citrix Web Services for Licensing. Optional parameter. The default is 8083.
CEIPOPTIN specifies whether, or how, to opt in to the Citrix Customer Experience Improvement Program (CEIP) or Call Home. Optional parameter. The default is
NONE
.
DIAGNOSTIC - Call Home
Unidentified - CEIP
Using the command line to enable or disable the License Management Service
The License Management Service operates automatically within the License Server and allows for electronic reporting of basic licensing data. You can opt for manual reporting after installation by disabling License Management Service. For information on manual reporting, see
Reporting options
.
-enable
enables electronic reporting of basic licensing data. The first upload to Citrix occurs seven days after you install the License Server.
-disable
disables electronic license reporting of basic licensing data. If you disable electronic license reporting, you agree to manual reporting.
-query
displays the current configuration.
Manually install a certificate used by the Citrix Licensing Manager and Web Services for Licensing
Note:
Use this procedure if you don’t want to use the self-signed certificate that is generated during installation.
To install a certificate, there are three steps:
Obtain a .pfx file, which contains the certificate and private key. You can use one of two methods to obtain the .pfx file.
Extract the certificate and private key from the .pfx file.
Install the certificate and private key on to the License Server.
How to obtain the .pfx file using a domain certificate - Method 1
Log on to a server in the domain, open the
MMC
, and follow these steps:
Create a directory
c:\ls_cert
to hold the exported .pfx file.
Add the Certificate snap-in by selecting
File > Add/Remove Snap-in > Certificates > Computer account > Local computer
.
In the left pane under
Certificates
, right-click
Personal
and choose
All Tasks > Request New Certificate
, and then
Next
.
In the
Certificate Enrollment Policy
wizard, choose
Active Directory Enrollment Policy
, and then
Next
. Select the check box next to
Computer
, and select
Details
to the right.
Select
Properties
and on the
General
tab, type a friendly name and description.
On the
Subject
tab, under
Subject Type
, choose
Common name
from the
Type
menu. Type a friendly name in the text box, choose
Add
, and then
Apply
.
On the
Extensions
tab, choose
Key usage
from the menu. Add
Digital signature and Key encipherment
to the
Selected
options box.
On the
Extended Key Usage
menu, add
Server Authentication
and
Client Authentication
to the
Selected
options box.
On the
Private Key
tab and under the Key options menu, ensure that the Key size is 4096. Select the
Key Exportable
check box, and then
Apply
.
On the
Certification Authority
tab, ensure that the CA check box is selected, and then
OK > Enroll > Finish
.
In the
Certificates
console, select
Personal > Certificates
, choose the certificate you built. Select
All Tasks > Export > Next
, and select the
Yes, Export the Private Key
radio button, and then
Next
.
Under
Personal Information Exchange - PKCS #12(.PFX)
, select the check box to include all certificates, choose
Next
, create a password, and choose
Next
.
Click
Browse
, navigate to
C:\ls_cert
and type
server.PFX
, and then follow the wizard to finish.
How to obtain the .pfx file sending a request to a certificate authority (CA) – Method 2
These steps might vary based on your Certificate Authority.
Log on to the License Server, open the MMC, and follow these steps:
Add the Certificate snap-in by selecting
File > Add/Remove Snap-in > Certificates > Computer account > Local computer
.
In the left pane under
Certificates
, right-click
Personal
and choose
All Tasks > Advance Operations > Create Custom Request
, and then
Next
.
In the
Certificate Enrollment Policy
wizard, choose
Proceed without enrollment policy
under
Custom Request
, and then
Next
.
On the
Custom request
screen, choose
(No template) CNG key
from the menu and
PKCS#10
for the Request format, and then
Next
.
On the
Certificate Information
screen, choose
Details
and then
Properties
.
On the
General
tab, type a friendly name and description.
On the
Subject
tab, under Subject name, choose Common name, and type a value in the text box.
On the
Extensions
tab, choose
Key usage
from the menu, add
Digital signature
and
Key encipherment
.
On the
Extensions
tab, choose
Extended Key usage
from the menu, add
Server Authentication
and
Client Authentication
.
On the
Private Key
tab, under
Cryptographic Service Provider
, choose
RSA, Microsoft Software Key Storage Provider
(the default). From the
Key
options menu, ensure that the key size is 4096, select the
Key Exportable
check box, and then
Apply
.
Save the file to a
.req
file, submit the
.req
file to a Certificate Authority (CA), and save the
.cer
file.
In the
MMC
, under
Certificates
, right-click Personal and choose
All Tasks > Import
. In the Import wizard, select the .cer file.
Create a directory
c:\ls_cert
to hold the exported .pfx file.
In the
Certificates
console, choose
Personal > Certificates
, and choose the certificate you imported. Select
All Tasks > Export > Next
, and select the
Yes, Export the Private Key
radio button and
Next
.
Under
Personal Information Exchange - PKCS #12(.PFX)
, select the check box to include all certificates, choose
Next
, create a password, and then choose
Next
.
Choose
Browse
, navigate to
C:\ls_cert
and type
server.PFX
, and then follow the wizard to finish.
How to extract the certificate and private key
This step requires OpenSSL or another tool that allows you to extract the certificate and private key from a .pfx file. The version of OpenSSL shipped with the License Server does not support extracting certificates and private keys. For information about downloading OpenSSL, go to
www.openssl.org
. Citrix recommends installing OpenSSL on a separate workstation to perform these steps:
Navigate to the
<openssl directory>\bin
folder.
Run
openssl pkcs12 -in C:\ls_cert\server.pfx -out server.crt -nokeys
Note:
The License Server uses only the .crt certificate format.
Type the password created during the export process (password).
Run
openssl pkcs12 -in C:\ls_cert\server.pfx -out server.key -nocerts -nodes
Type the password created during the export process (password).
How to install the
.crt
and
.key
files on the License Server
Windows - Web Services for Licensing:
Stop the Citrix Web Services for Licensing service.
Copy the server.crt and server.key created earlier in this procedure to
c:\program files (x86)\citrix\licensing\WebServicesForLicensing\Apache\conf\
.
Start the Citrix Web Services for Licensing service.
Windows - License Administration Console:
Note:
License Administration Console was removed from Windows License Server v11.16.6.0 build 31000 and onwards. For more information, see
What’s new
.
License Server VPX still uses the License Administration Console.
Stop the Citrix licensing service.
Copy the server.crt and server.key created earlier in this procedure to
c:\Program Files (x86)\Citrix\Licensing\LS\conf
.
Start the Citrix licensing service.
Step 5 Configure a proxy server
You can use a proxy with the Citrix Licensing Manager, CEIP, and Call Home. When you configure a proxy server, requests to download licenses and upload telemetry data are sent through a proxy server. If the automatic upload of data fails, check the firewall setting or configure a proxy. For more information, see
Citrix Licensing Telemetry
documentation.
Citrix Licensing components requiring outward bound web communications can inherit network proxy settings using Windows automatic proxy detection. We do not support authenticated proxies. For more information about Windows automatic proxy detection, see
WinHTTP AutoProxy Functions
.
How to configure a proxy server manually
Edit the SimpleLicenseServiceConfig.xml file, which is in the
<Citrix Licensing>\WebServicesForLicensing
directory.
Add a line of xml to the file in the format
<Proxy>proxy server name:port number</Proxy>
The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.
DIESER DIENST KANN ÜBERSETZUNGEN ENTHALTEN, DIE VON GOOGLE BEREITGESTELLT WERDEN. GOOGLE LEHNT JEDE AUSDRÜCKLICHE ODER STILLSCHWEIGENDE GEWÄHRLEISTUNG IN BEZUG AUF DIE ÜBERSETZUNGEN AB, EINSCHLIESSLICH JEGLICHER GEWÄHRLEISTUNG DER GENAUIGKEIT, ZUVERLÄSSIGKEIT UND JEGLICHER STILLSCHWEIGENDEN GEWÄHRLEISTUNG DER MARKTGÄNGIGKEIT, DER EIGNUNG FÜR EINEN BESTIMMTEN ZWECK UND DER NICHTVERLETZUNG VON RECHTEN DRITTER.
CE SERVICE PEUT CONTENIR DES TRADUCTIONS FOURNIES PAR GOOGLE. GOOGLE EXCLUT TOUTE GARANTIE RELATIVE AUX TRADUCTIONS, EXPRESSE OU IMPLICITE, Y COMPRIS TOUTE GARANTIE D'EXACTITUDE, DE FIABILITÉ ET TOUTE GARANTIE IMPLICITE DE QUALITÉ MARCHANDE, D'ADÉQUATION À UN USAGE PARTICULIER ET D'ABSENCE DE CONTREFAÇON.
ESTE SERVICIO PUEDE CONTENER TRADUCCIONES CON TECNOLOGÍA DE GOOGLE. GOOGLE RENUNCIA A TODAS LAS GARANTÍAS RELACIONADAS CON LAS TRADUCCIONES, TANTO IMPLÍCITAS COMO EXPLÍCITAS, INCLUIDAS LAS GARANTÍAS DE EXACTITUD, FIABILIDAD Y OTRAS GARANTÍAS IMPLÍCITAS DE COMERCIABILIDAD, IDONEIDAD PARA UN FIN EN PARTICULAR Y AUSENCIA DE INFRACCIÓN DE DERECHOS.
本服务可能包含由 Google 提供技术支持的翻译。Google 对这些翻译内容不做任何明示或暗示的保证,包括对准确性、可靠性的任何保证以及对适销性、特定用途的适用性和非侵权性的任何暗示保证。
このサービスには、Google が提供する翻訳が含まれている可能性があります。Google は翻訳について、明示的か黙示的かを問わず、精度と信頼性に関するあらゆる保証、および商品性、特定目的への適合性、第三者の権利を侵害しないことに関するあらゆる黙示的保証を含め、一切保証しません。
ESTE SERVIÇO PODE CONTER TRADUÇÕES FORNECIDAS PELO GOOGLE. O GOOGLE SE EXIME DE TODAS AS GARANTIAS RELACIONADAS COM AS TRADUÇÕES, EXPRESSAS OU IMPLÍCITAS, INCLUINDO QUALQUER GARANTIA DE PRECISÃO, CONFIABILIDADE E QUALQUER GARANTIA IMPLÍCITA DE COMERCIALIZAÇÃO, ADEQUAÇÃO A UM PROPÓSITO ESPECÍFICO E NÃO INFRAÇÃO.
The development, release and timing of any features or functionality
described in the Preview documentation remains at our sole discretion and are subject to
change without notice or consultation.
The documentation is for informational purposes only and is not a
commitment, promise or legal obligation to deliver any material, code or functionality
and should not be relied upon in making
Citrix
product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.
