Fixing Firewall Problems

If the SIMetrix-SIMPLIS network license manager does not start correctly or does start correctly but does not check out licenses, then the most likely cause is that a firewall is blocking communication to it.

This page helps resolve these problems. The content of this page is targeted at Windows user s but much is relevant to Linux as well.

The Problem

  1. Installation using lminstall gives error message:

    SIMetrix-SIMPLIS License Manager is now installed but an attempt to check out a test license failed. The most likely reason is that it has been blocked by a firewall.
  2. When you try to run SIMetrix or SIMetrix/SIMPLIS on the local machine or/and on an end user's machine you get a license check out error. Typically this would be one of the following

    License server machine is down or not responding
    ...
    FLEXnet Licensing error:-96,nnn

    OR

    The license server manager (lmgrd) has not been started yet,
    the wrong port@host or license file is being used, or the
    port or hostname in the license file has been changed
    ...
    FLEXnet Licensing error:-15,nnn

    Be aware that the above errors are not exclusively caused by firewall problems. They can also be caused by precisely the reasons given by the error messages. That is the server machine is down or the license manager has not been started.

The Cause

These problems are nearly always caused by a firewall. Firewalls block communication in selective ways in order to protect you from malicious traffic. Unfortunately a firewall will also block legitimate applications unless instructed not to.

To Fix

Broadly there are three ways to fix this problem. Click on the links below for more information:

  1. Turn the firewall off altogether
  2. Configure the firewall to allow the license manager processes unrestricted network access
  3. Open the specific TCP ports that the license manager uses

For maximum security some firewalls may allow you to combine 2 and 3 above.

Testing Result of Fix

The best way to test the result of any changes is to install SIMetrix and run it. Be aware that your firewall may require that SIMetrix itself is unblocked for network access. If so you should unblock Sim.exe.

Procedures

Turning off the firewall altogether

With some systems, a firewall may have been enabled by default but isn't actually necessary. A common network configuration is to use employ a firewall at the Internet gateway but to allow free network traffic inside the local area network. In such systems, simply switching off the firewall will be an easy, effective and safe solution. If relevant, you should consult your network administrator before doing this.

Configure the firewall to allow the license manager processes unrestricted network access

Many firewalls allow you to unblock specific processes. If your firewall allows this (and we believe that most do) then we recommend this approach as it does not require any change in the license manager's configuration. You should unblock these processes:

lmgrd.exe

NEWTECH.exe

pdt.exe

(pdt.exe is used only for SIMPLIS licenses).

Some firewalls provide some flexibility in the extent of the unblock. For example it may allow you to specify that the process be restricted to communication within the local area network. If so, you may find it necessary to allow full access (i.e. including the wider Internet) in order to get it to work even on the local machine. If this is the case, see the section below The Loopback IP Address

Open the specific TCP ports that the license manager uses

With this approach you open specific TCP ports. This is a more complex procedure than unblocking processes as it is necessary to configure both the firewall and the license manager. The license manager requires configuring because in its default setup, it uses default TCP ports that change when restarted. It is necessary therefore to tell the license manager to use fixed ports. These ports can then be opened in the firewall.

The procedure is as follows:

  1. Locate the license file. This is always located in the folder where the license manager was installed. If you used lminstall to install it, this defaults to "C:\Program Files\SIMetrix-SIMPLIS LM" on an English language machine. Note that the install program (lminstall) copies the license file to this location and does not use your original copy.
  2. Open the license file using a text editor such as notepad. (Do not use a word processor unless you are experienced in using word processors to edit text files)
  3. Look for the line starting "SERVER", e.g.:

    SERVER this_host 123456789012

    now add a port number to the end. E.g.:

    SERVER this_host 123456789012 27000
  4. Look for the "VENDOR NEWTECH" line. Now add adifferent port number to this line. E.g.:

    VENDOR NEWTECH PORT=27005
  5. If you have a SIMPLIS license you will also see a "VENDOR pdt" line. Perform a similar modification, e.g:

    VENDOR pdt PORT=27006
  6. Save the file and exit
  7. Open the two or three ports you specified in the license file in your firewall. These are 27000, 27005 and 27006 in the above example.
  8. Now shut down and restart the license server. In windows control panel open "Administrative Tools" then "Services". Locate the service called "SIMetrix-SIMPLIS License Manager". Right click then select popup menu "Restart".

 

The Loopback IP Address

We know at least one firewall that, in its default configuration, does not include the IP address 127.0.0.1 as part of the local area network. This IP address is known as the loopback address or localhost and is used for local IP communication - that is not only is it within the local area network but is in fact within the local machine. The license manager uses this IP address for local inter-process communication and if this is blocked it won't start correctly.

If you find that you need to give the license manager processes access to the wider Internet even for use on the local machine, then it is likely that it is blocking the loopback address. We strongly recommend that you configure your firewall to classify 127.0.0.1 as a local IP address as opening the license manager processes to the wider Internet represents a security risk.