Managing the Licensing LAN server setup

Search
Enterprise

Enterprise

Admin Console

Applies to enterprise.

Feature Restricted Licensing LAN activation is a licensing method from Adobe for enterprises who maintain secure networks which are not connected to the Internet. If you have not already set up a Feature Restricted Licensing LAN server (also referred to as LAN server), you should first follow the procedures described here. The following sections provide details on how to manage and troubleshoot issues on your LAN server.

Download Server Configuration Tool

The LAN server management commands and procedures described in the following sections require you to use the Server Configuration Tool. If you have not already done so, you will need to download this tool from the Adobe Admin Console.

  1. On the Admin Console, navigate to Packages > Tools.

  2. Download the Server Configuration Tool based on your operating system.

    Download Server Configuration tool

  3. Transfer the downloaded Server Configuration Tool (.zip) to your LAN server machine.

  4. Extract the contents of the zip file on the LAN server machine.

To execute the commands detailed below, navigate to the folder extracted from the Server Configuration Tool (zip file) using the Linux terminal or the Windows PowerShell.

Start server

If the server is stopped and you need to start it up again, type the following command and press Enter:

  • Windows PowerShell:
    .\scripts\adobe-lan-server.ps1 start
  • Linux terminal:
    ./scripts/adobe-lan-server.sh start

Stop server

If, for example, you require to back up your server's database or are having issues with the server, you can stop it using the following command:

  • Windows PowerShell:
    .\scripts\adobe-lan-server.ps1 stop
  • Linux terminal:
    ./scripts/adobe-lan-server.sh stop

Start server (as a Windows service)

If the Windows service is stopped and you need to start it up again, navigate to the \scripts folder and enter the following:

  • Windows PowerShell:
    .\adobeLanService.ps1 -Start

Stop Windows service

If, you require to back up your server's database or are having issues with the server, you can stop the Windows service, by navigating to the \scripts folder and using the following command:

  • Windows PowerShell:
    .\adobeLanService.ps1 -Stop
Note

When you stop the server:

  • All related services are stopped.
  • A backup of the server's internal database is made in the following location:
    <current_working_directory>/backup/backup.zip.

Restart server

Use the following commands to restart the server:

  • Windows PowerShell:
    .\scripts\adobe-lan-server.ps1 restart
  • Linux terminal:
    ./scripts/adobe-lan-server.sh restart
Note

If it is currently stopped, the Restart command starts the server.

When you restart the server, a backup of the server's internal database is made in the following location:

<current_working_directory>/backup/backup.zip.

Remove Windows service

Navigate to the \scripts folder and run the following command to remove the Windows service from the Windows Services console:

  • Windows PowerShell:
    .\adobeLanService.ps1 -Remove

Check server status

Use the following commands to check the status of LAN server instance:

  • Windows PowerShell:
    .\scripts\adobe-lan-server.ps1 status
  • Linux terminal:
    ./scripts/adobe-lan-server.sh status

Backup database (embedded only)

By default, when you stop the server, an application consistent database backup is performed. This backup is stored in the following folder: <current_working_directory>/backup/backup.zip.

You can, however, manually back up the server database using the following commands:

  • Windows PowerShell:
    .\scripts\adobe-lan-server.ps1 backup -f <zip_file_name>
  • Linux terminal:
    ./scripts/adobe-lan-server.sh backup -f <zip_file_name>
Note

The above command creates a file copy of the embedded database with the name given and archives the database in a zip file.

Restore database (embedded only)

If you face issues while running the LAN server, you can troubleshoot the server by restoring the internal database from a previous backup.

  • Windows PowerShell:
    .\scripts\adobe-lan-server.ps1 restore -f <previously backed up zip_file_name>
  • Linux terminal:
    ./scripts/adobe-lan-server.sh restore -f <previously backed up zip_file_name>
Note

If the server is currently running, the Restore command stops the server. You will need to Start the server again.

Besides the commands that you use to manage the LAN server, you can also:

Manage notifications

The LAN server that you set up can be configured to send emails about server updates. Follow the steps below to manage the server (SMTP) and email settings.

  1. On the LAN server, go to https://localhost:8463.

  2. Go to the Email Settings tab and specify the required SMTP settings:

    Email settings - LAN server

  3. Go to the Notification Settings tab and specify primary and secondary email addresses that will receive email notifications:

    Specify email addresses

Reauthorize server

The activation period of a LAN server instance is for a maximum of 365 days from the date you create the ATO but less than or equal to the end date of the contract that your enterprise has made with Adobe.

After the activation of a LAN server instance expires, you are required to reauthorize the server to serve licenses to end-user machines deployed with LAN activation packages.

  1. On the LAN server, go to https://localhost:8463 and navigate to the Server Setup tab.

  2. Click Generate Authorization File.

    LAN server setup tab

    The Authorization file is downloaded to your local disk.

  3. On the Admin Console, navigate to Packages > Servers.

    Server list

    Note the Authorized Until date for each server. You will need to reauthorize an instance on or before it's Authorized Until date.

  4. Click Reauthorize for the server instances that are expiring or have already expired.

  5. Upload the new Authorization file that was generated in Step 2, above and click Done

    Upload auth file

    The ATO file is downloaded to your local disk.

  6. On the LAN server, go to https://localhost:8463 and navigate to the Server Setup tab.

  7. Upload the ATO file that was downloaded at the end of Step 5, above.

    Upload ATO file

  8. On the Confirm Entitlements dialog, review your entitlements associated to the server and click Confirm.

The Authorized Until date for the server instanced that you reauthorized is now updated to show a date 365 days from the day you reauthorize the instances.

Edit LAN server details

After setting up a LAN server instance, you can edit server details such as the DNS address or port number.

  1. In the Admin Console, navigate to Packages > Servers.

    Server list

  2. Click the line item for the server and, in the right pane, click Edit.

  3. On the Configure screen, edit any of the following fields:

    • DNS address and port location of the LAN server.
    • Set LAN timeout to specify how long the client can run without contacting the LAN server.
    • Select Soft quota to allow the activation of additional licenses even when it exceeds your purchased allotment.
    • Select Hard quota (ETLA only) to ensure that additional licenses cannot be activated when the licenses exceed your purchase allotment.
    Note

    Make sure the server location that you specify is reachable by clients. Else, the license activation on client machines will fail.

  4. Add your organization's name and click Next.

    Your users will see this as the organization's name in their messages.

  5. Select the products to host on the current server and click Next.

    The end-user entitlements are based on the products that you select.

    Select entitlements

  6. In the Finalize screen, specify a name for the server, review the server details, and click Create Server.

    Create server

    Once server creation is complete, the ATO file is download to your machine.

  7. On the LAN server, go to https://localhost:8463 and navigate to the Server Setup tab.

  8. Upload the ATO file that was downloaded in Step 6, above.

    Upload ATO file

    On the Confirm Entitlements dialog, review your entitlements associated to the server and click Confirm.

If you edit a LAN server, you will need to create LAN activation packages and then redeploy these to your end-user machines.

To redeploy the LAN activation packages use one of the following methods:

Support for server to connect to external database

As part of the external database connection, ensure the following configurations are setup.

Note

If not done correctly, connection to the database may fail which would result in the server not starting.

Create database and schemas

Prior to running the setup script or the AdobeFRLLanService script, create the database and schema (for Microsoft SQL Server only). Also, ensure that you specify the same values while entering the details for the database name and database schema in the setup script.

Create a new database user

It is recommended that you create a new database user for the newly created database and schemas. Also, ensure that all the required permissions, especially CRUD operation permissions, for the new database and schema are granted to this new database user. Limit the access permissions for the new user to this new database alone. The new user credentials are to be provided during the server setup

Enabling Remote connection on the database server

If the database server is hosted on a machine different to the machine where the LAN server is hosted, then the remote connections must be enabled on the server. Also, the database user must be provided permissions to connect / contact the database remotely.

Unblocking the database port for remote connection

Occasionally, the firewall may block external communications to any TCP port on the machine where the database server is hosted. To resolve this:

Windows: Ensure that an inbound rule is created for the TCP port where the database server is running.

CentOS: Use the iptables command to unblock the TCP port.

SSL communications with the database server

In the setup script, if you require to connect to the database server using SSL, ensure that SSL is enabled on the database server.

Update SSL certificate

If the SSL certificate that you're using on your LAN server has expired, follow these steps to update the certificate:

  1. Stop the LAN server using either of the following commands:

    • Windows PowerShell:
      .\scripts\adobe-lan-server.ps1 stop
    • Linux terminal:
      ./scripts/adobe-lan-server.sh stop

  2. If you're using a Windows server, stop the Windows service using the following command:

    .\adobeLanService.ps1 -Stop

  3. Keep the following handy:

    The previously used name, alias, password, and keystore file.

    The new namealiaspassword, and keystore file.

  4. Change the alias using the following command:

    keytool -changealias -alias <Previous alias> -destalias <New alias> -keypass <Keystore password> -keystore <Previous Keystore name> -storetype <PKCS12|JKS>  -v

  5. Change the password using the following command:

    keytool -storepasswd -new -keystore <Keystore name> -storepass <Keystore password> -storetype <PKCS12|JKS>  -v

    After you run the above command, you'll be prompted to specify a new Keystore password.

  6. To retain its backup, rename the previous Keystore file.

    For example, change the name to  <keystore>.old.

  7. Start the LAN server with either of the following commands:

    • Windows PowerShell:
      .\scripts\adobe-lan-server.ps1 start
    • Linux terminal:
      ./scripts/adobe-lan-server.sh start

  8. If you're using a Windows server, start the Windows service using the following command:

    .\adobeLanService.ps1 -Start

  9. Go to https://localhost:8463 to validate that the server is up and running, using the new Keystore file.

Troubleshoot the LAN server

We recommend that you restart the LAN server periodically. This ensures that a most current backup of the server database is maintained. Also, in between stop and restart cycles, you can also periodically back up the database manually.

To resolve the following error you need to restore the database to the previously backed up version:

- org.h2.jdbc.JdbcSQLException: Encryption error in file null
- org.springframework.jdbc.support.MetaDataAccessException: Could not get Connection for extracting meta-data;
nested exception is org.springframework.jdbc.CannotGetJdbcConnectionException: Failed to obtain JDBC Connection;
nested exception is org.h2.jdbc.JdbcSQLException: Encryption error in file null [90049-197]

To restore the database:

  1. Stop the server:

    • Windows PowerShell:
      .\scripts\adobe-lan-server.ps1 stop
    • Linux terminal:
      ./scripts/adobe-lan-server.sh stop

  2. Restore the server database to the previously backed up version:

    • Windows PowerShell:
      .\scripts\adobe-lan-server.ps1 restore -f <previously backed up zip_file_name>
    • Linux terminal:
      ./scripts/adobe-lan-server.sh restore -f <previously backed up zip_file_name>

  3. Start the server:

    • Windows PowerShell:
      .\scripts\adobe-lan-server.ps1 start
    • Linux terminal:
      ./scripts/adobe-lan-server.sh start

If licenses on end-user machines are not being activated:

  • Ensure that end-user machines are able to connect to the LAN server machine.
  • Go to the Adobe Admin Console and check the LAN server DNS address and port number and ensure that these match the machine that you are using for the LAN server. See the Edit LAN server details section above, to verify, and if required edit, the server details.
  • If end-user machines are able to connect to the server, but are unable to activate their licenses, check if the server is using self-signed SSL Certificates. If the server is using self-signed SSL Certificates (not recommended):
    1. Close any Adobe applications running on the end-user machine.
    2. Install the self-signed Certificate on the end-user machine.
    3. Restart the applications after installing the self-signed Certificate.

End users see the following error when they launch an application that is installed via a LAN activation package.

Error launching app on Windows 7, 64-bit

The error occurs if the LAN activation package is installed on a Windows 7, 64-bit machine and if the LAN server is set up with a self-signed SSL certificate.

The reason why this issue occurs, is that the client machine is unable to connect to the LAN server that you set up.

Resolution:

To resolve this issue, you need to specify the LAN server DNS name in the SAN (Subject Alternative Name) when you are setting up the self-signed certificate on the client machine.

The following is an example of the command line to generate a self-signed certificate:

C:\keytool.exe" -genkeypair -alias adminService -keyalg RSA -keysize 4096 -sigalg SHA512withRSA -ext SAN=dns:10.42.66.139,ip:127.0.0.1,ip:::1 -keystore adminService.jks -validity 3650

Note that the SAN parameter has two entries for the DNS. One for localhost and the other for the LAN server DNS. If you generating the self-signed certificate on a Windows 7 machine, the DNS server entry for the SAN is mandatory.

When you run the PowerShell scripts, you may get the following error:

Only run scripts from trusted publishers

Follow these steps to resolve this issue:

Workaround 1

The PowerShell will prompt to run Scripts from this Publisher “Always”, do allow them “Always”

  1. In Windows Explorer, navigate to the PowerShell script that you ran when you got this error.
  2. Right click on the file and choose Properties | Digital Signatures.
  3. Select the signature and click Details | View Certificate.
  4. Choose the Details tab and click Copy to File.
  5. Save the file with a .CER extension.
  6. Using the Certificates MMC Snapin, import this file into the Trusted Publishers Certificate Store on the Local Machine.

Workaround 2

In an elevated PowerShell, use the following command to set the execution policy to either RemoteSigned or Unrestricted:

Set-ExecutionPolicy RemoteSigned
OR
Set-ExecutionPolicy Unrestricted

Known issues

We are working to address these issues and any others that arise as soon as possible.

If you uninstall a LAN activation package on a client machine, the Feature Restricted license count on the Admin Console or the LAN Server Management Console does not reflect this.

More like this

Adobe, Inc.

Get help faster and easier

New user?

Quick links

View all your plans Manage your plans
View quick links
Hide quick links

Legal Notices    |    Online Privacy Policy