Set up Feature Restricted Licensing LAN server

Search
Enterprise

Enterprise

Admin Console

Applies to enterprise.

To use LAN Feature Restricted Licensing, set up a Feature Restricted Licensing LAN server (or LAN server), to which user machines connect for activating their licenses.

Setup overview

The following are the high-level steps to set up the LAN server for licensing apps on user machines.  

  1. Navigate to Adobe Admin Console > Packages > Toolsand download the Server Configuration Tool (zip file).

  2. Extract the contents of the downloaded file on the LAN server machine. Use the scripts (in the scripts folder) to do the following:

    1. Configure the server.
    2. Start the server.
      When the server starts, the browser is launched with the URL https://<host name>:<configured_port>.

  3. Access the server at https://<host name>:<configured_port>, and generate an Authorization file.

  4. Navigate to Adobe Admin Console > Packages > Servers, and create a LAN server (using the Authorization file).
    When you create a LAN server on the Adobe Admin Console, an Authority to Operate (ATO) file is generated. The ATO file enables the server machine to act as a licensing server for Adobe apps.

  5. To complete the server setup, upload the ATO file to the LAN server.

  6. After the server is set up, create LAN activation packages and deploy to user machines.

     

    Note

    To enable the LAN server to communicate securely with user machines, install self-signed certificates.

LAN server requirements

Before getting started, ensure that the machine you're using to run the LAN server meets the following minimum system requirements. You also require an SSL certificate (either purchased or self-signed) to set up the server.

Caution

Adobe recommends that you avoid using self-signed SSL certificates. These certificates introduce more complexity, which can slow down implementation of the LAN server.

The following are the minimum system requirements for a LAN server:

  • Java SE Runtime Environment 8
  • Operating system:
    • Windows Server 2012, 2016, or 2019
    • CentOS 7
  • Hard disk space:
    • 1000 end-user licenses require approximately 200 KB of hard disk space
  • Physical or Virtual machines are supported
  • Browsers supported for the LAN Server Management Console
    • Microsoft Edge
    • Google Chrome
    • Mozilla Firefox
  • The server machine that issues licenses to user machines or the user machines never access the Internet. 
  • The authorization of the server happens offline through a manual file transfer.
  • When setting up the LAN server, all files uploaded to or download from the Adobe servers are human-readable.

Generate SSL certificates

Your LAN server communicates using HTTP over SSL for secure network communication between the server and user machines. As a prerequisite, an SSL certificate, along with private keys (either from a service provider or self-signed), must be set up on the LAN server.

Note
  • If you are using a self-signed SSL certificate, the certificate must also be installed on each user machine. Also, setting up the server requires you to run PowerShell scripts. To run the scripts, you are required to install the self-signed certificate on the Windows Certificate store. See Add self-signed certificates for details.
  • You can use a self-signed or third-party certificate. In both cases, the script assumes that the certificate has either a Subject or Subject Alternate Name in the Certificate as the host name. If Subject Alternative Name is used, the script assumes that the certificate has a wildcard for the host's domain.

KeyStore (JKS or PKCS12) file (for self-signed SSL certificates)

To set up a self-signed SSL certificate, create a KeyStore file on your LAN server.

Note

The KeyStore file location is required when you configure your LAN server as described in the steps described below.

Run the following commands on the LAN server to create a KeyStore file:

  1. To create a JKS file with the following specifications:

    • Validity: Ten years
    • Type: RSA
    • Key size 4096bits
    • Subject Alternate Name (SAN) support

    keytool -genkeypair -alias <key_alias> -keyalg RSA -keysize 4096 -sigalg SHA512withRSA -ext SAN=dns:localhost,ip:127.0.0.1,ip:::1 -keystore <keystore_file> -validity 3650

    Note

    The SAN details specified above are only required if you are using self-signed certificates. The actual host name required can also be specified in the SAN option.

    For example: SAN=dns:localhost,dns=x.y.z.com,ip:127.0.0.1,ip:::1

  2. (Optional) To generate a certificate from the JKS file created in the previous step:

    keytool -exportcert -alias <key_alias> -keystore <keystore_file> -file adminService.cer

    Note

    Add the self-signed certificate to the LAN Server and all clients that access the LAN server.

  3. (Recommended) To convert a JKS file to a PKCS12 file:

    keytool.exe -importkeystore -srckeystore <src_file> -destkeystore <dest_file> -srcstoretype JKS -deststoretype PKCS12 -deststorepass <password>

    Note

    Since JKS is proprietary format, it is recommended that you use the PKCS12 format.

  4. To verify the KeyStore you have created above.

    JKS file format:

    keytool.exe -list -v -keystore <keystore_file> -storetype jks

    PKCS12 file format:

    keytool.exe -list -v -keystore <keystore_file> -storetype pkcs12

    After the command is run successfully, the keystore file details are displayed. It includes the data you entered while creating the file, such as the host name of the server and the date until which it is valid.

    Note

    The keystore_file specified above must have either a .kcs or .p12 extension.

KeyStore (PKCS12) file (for SSL certificates from service providers)

If you have purchased your SSL certificates from service providers (such as GoDaddy or Digicert), the certificate comes bundled with the private keys.

  1. Add this certificate to the Keychain (for macOS) or Key Store (for Windows).

  2. Once the certificate is added, export the private keys using Keychain (for macOS) or the MMC tool (for Windows).

    The keys are exported in PKCS12 format (.p12 or .pfx).

  3. To verify the KeyStore you have created above.

    JKS file format:

    keytool.exe -list -v -keystore <keystore_file> -storetype jks

    PKCS12 file format:

    keytool.exe -list -v -keystore <keystore_file> -storetype pkcs12

    After the command is run successfully, the keystore file details are displayed. It includes the data you entered while creating the file, such as the host name of the server and the date until which it is valid.

Note

The KeyStore file location is required when you configure your LAN server as described in the steps in the server configuration section below.

If the service provider issues the certificates, you need not upload them to the client machines.

Add self-signed certificates (for Windows)

Follow these steps to add a self-signed certificate on the LAN server and each user machine.

  1. In the Windows Run dialog box, type mmc.exe and press Enter.

  2. From the File menu, choose Add/Remove Snap-In.

  3. In the Add or Remove Snap-ins dialog box, select Certificates, and click Add.

  4. In the Certificates Snap-in dialog box, choose Computer account and click Next.

  5. On the Select Computer screen, click Finish.

  6. To close the Add or Remove Snap-ins dialog box, click OK.

  7. In the left pane, click to expand the Certificates tree.

  8. Click to expand the Trusted Root Certification Authorities node.

  9. Right-click Certificates, and choose Import from the All Tasks menu.

  10. In the Certificate Import wizard, click Next.

  11. Click Browse, select the certificate file from your computer, and click Next.

  12. Follow the wizard until you reach the last step. Then click Finish.

  13. After the certificate is successfully imported, click to expand the Certificates node.

Verify that your self-signed certificate shows up in the list of certificates.

Update certificate

 

1. Download Server Configuration Tool

To get started, download the Server Configuration Tool from the Adobe Admin Console.

You will use the Server Configuration Tool to run and manage your LAN server.

  1. On the Admin Console, navigate to Packages > Tools.

  2. Download the Server Configuration Tool based on your operating system.

    Download Server Configuration tool

  3. Transfer the downloaded Server Configuration Tool (.zip) to your LAN server machine.

2. Configure and start server

In your LAN environment, you need a server machine that you will use to set up as your LAN server. Your end-user machines will connect to this server to activate their Adobe licenses.

Ensure that the LAN server that you set up meets the minimum system requirements.

Note

You will need the following KeyStore information (see prerequisites, above) to configure the server, so keep it handy:

  • KeyStore file type - JKS or PKCS
  • KeyStore file location
  • KeyStore file password
  • KeyStore file alias

If you have purchased your SSL certificate from these providers, see the corresponding documentation for details on the above information:

If a service provider issues the SSL certificate, export a keystore file from the certificate.

2.a. Configure the server

Before you start the server, perform the following steps to configure the LAN server machine for HTTPS:

  1. Extract the contents of the Server Configuration Tool (.zip file).

  2. Open the Linux terminal or the Windows PowerShell and navigate to the extracted directory.

  3. Optionally, if you're using an external database and run the following scripts to grant the required permissions to the database user. This script sets up the database tables on the external database server. Prior to running the script, a database user must be created. After which, the script can be opened through SQL client and replace all the occurrences of ‘adobefrldbuser’ with the newly created dbuser.

    By default, the script creates a database: adobefrldb. For Microsoft SQL Server, a new schema  adobefrlschema is also created. To use a different name for the database, replace all occurrences of adobefrldb with the desired name in the SQL script. For Microsoft SQL Server, to use a different name of the schema replace all the occurrences of adobefrlschema with the desired name. After you run the script, new tables are created and the new dB user is granted the permissions to perform the insert, update, delete operations on the newly created tables. Find the following scripts in the db_setup folder.

    Microsoft SQL Server

    • MicrosoftSQLServerSetup.sql

    MySQL server

    • MySQLServerSetup.sql

  4. Do one of the following and press Enter:

    • Windows PowerShell: Type one of the following commands from the location where you extracted the Server Configuration Tool (.zip file) to start the FRL LAN server.
      • To install Feature Restricted Licensing LAN as a service that starts automatically during the computer's boot process, navigate to the scripts directory. Run the script as follows:
        cd scripts
        .\adobeLanService.ps1 -Setup
      • To manually start the Feature Restricted Licensing LAN server process, run the following command:
        .\adobe-lan-server-setup.ps1
    • Linux terminal:
      ./scripts/adobe-lan-server-setup.sh
    Note

    Use the adobeLanService.ps1 script to set up the server as a Windows service. Navigate to the \scripts folder to start this script. 

  5. When you are prompted, enter the following information:

    • Specify the type of KeyStore file format: JKS or PKCS
    • Specify the path of the KeyStore file with extension. For example: adminService.jks, if you have placed the KeyStore file in the Server Configuration Tool directory.
    • Specify the password that you used when you created the KeyStore file.
    • Specify the alias that you used when you created the KeyStore file.
    Note

    If you are using a PKCS file format and if PKCS file was created without the -name or the -alias option, enter 1 for the alias.

    • Specify a port number on which the LAN server will run. Or press Enter to use the default port: 8463.
    • Choose to connect the server to an embedded database or an external database.
    Note

    The following prompts are only displayed if you choose to connect the server to an external database.

    • Database server host name or IP address.
    • Database server port.
    • Database name on the database server.
    • Database schema name under the database
    Note

    Database schema name is required only if you are using Microsoft SQL Server. For MySQL, this information is not required.

    • Database user name.
    • Database password.
    • Option to connect to the Database server through an SSL connection.
    Note

    If you are connecting to an external database, ensure that the database is configured correctly. For more details, see Support for server to connect to external database.

If you are setting up your server on a Windows computer, after the setup is complete, an adobeLanService folder is created at the following location:

C:\Windows\System32\adobeLanService

2.b. Start server

  1. Open the Windows PowerShell with admin privileges and navigate to the folder that is created after you complete the server configuration steps (described above):

    .\scripts\adobeLanService

  2. Type the following command and press Enter:

    .\adobeLanService.ps1 -Start

To check that the Window service is running, in the Run dialog, type services.msc and press Enter.

Notice that the LAN Server is displayed with status: Running.

In the C:\Windows\System32\adobeLanService folder, the following folders are created:

  • logs
  • downloads
  • uploads

After the LAN server is started successfully, the default web browser on the server machine opens the LAN Server Management Console. If you've configured the server as a Windows service, manually open the browser and navigate to the LAN Server Management Console at https://<host name>:<configured_port>/.

LAN Server Management Console

  1. Open the terminal and navigate to the scripts directory in the extracted zip file directory.

  2. Type the following command and press Enter:

    • Windows PowerShell:
      .\scripts\adobe-lan-server.ps1 start
    • Linux terminal:
      ./scripts/adobe-lan-server.sh start

After the LAN server is started successfully, the default web browser on the server machine opens the LAN Server Management Console in the following location:

https://<host name>:<configured_port>/

LAN Server Management Console

3. Generate Authorization file

On your LAN server, go to the LAN Server Management Console and generate an Authorization file. The Authorization file gives your LAN server the authority to operate as an Adobe licensing server.

  1. On the LAN server, go to https://<host name>:<configured_port> and navigate to the Server Setup tab.

  2. Click Generate Authorization File.

    LAN server setup tab

When the server generates the Authorization, the file is downloaded to your local drive. You will use the Authorization file to create LAN servers on the Adobe Admin Console.

Note

The Authorization file is a clear text human-readable file that contains the following data:

  • The UUID of the LAN server.
  • A table of end-user machine activations.

Contents of a sample Authorization file:

{"authReportSpecVersion":"1.0","payload":"{\"serverInstanceId\":\"4ee7f844-9dfb-33ac-82a8-f28256e58092\",\"activatedDesktops\":null}","checksum":"6ET9G2B2JM7VP2XK"}

4. Create LAN server and generate ATO file

Navigate to Adobe Admin Console > Packages  and create LAN server instances. Each server instance allows you to specify the product entitlements for user machines that connect to this instance.

When you create a LAN server on the Admin Console, you are provided an Authority to Operate (ATO) file that you upload to the LAN server. The ATO file enables the LAN server to act as a licensing server for Adobe apps. User machines can then connect to the LAN server to activate their licenses. To activate the Adobe licenses on their machines, your end users, are then not required to connect to the Adobe licensing servers.

  1. On the Admin Console, navigate to Packages > Server.

  2. Click Create a Server.

    Create server
    If you have previously created servers, you will see the list of servers and the buttons on the right.

  3. Upload the Authorization file that you downloaded from the LAN Server Management Console, and click Next

    Upload auth file

    Note

    If you are unable to drag files,  check browser settings. Enable drag-and-drop functionality on your browser or use another browser, such as Firefox.

  4. On the Configure screen, specify the following details:

    • DNS address and port location of the LAN server.
    • Set LAN timeout to specify how long the client can run without contacting the license server.
    Note

    Make sure the server location that you specify is reachable by clients. Else, the license activation on client machines will fail.

  5. Add your organization's name, and click Next.

    Your users will see this as the organization name in their messages.

  6. Select the products to host on the current server, and click Next.

    The end-user entitlements are based on the products that you select.

  7. In the Finalize screen, specify a name for the server, review the server details, and click Create Server.

After the LAN server is created, an Authority to Operate (ATO) file is downloaded.

The ATO file enables the LAN server to act as a licensing server. Your end-user machines can then connect to the LAN server to activate their licenses. Now, to activate the Adobe licenses on end-user machines, these users are not required to connect to the Adobe licensing servers.

The activation period of a LAN server is for a maximum of 365 days from the date you create the ATO. However, it is less than or equal to the contract end date. After the activation period expires, you are required to reauthorize the server.

5. Upload ATO file on the LAN server

To complete the LAN server setup, go back to the LAN Server Management Console and upload the ATO file that you generate when you create a LAN server instance on the Adobe Admin Console.

  1. On the LAN server, go to https://<host name>:<configured_port> and navigate to the Server Setup tab.

  2. Upload the ATO file.

    Upload ATO file

    On the Confirm Entitlements dialog, review your entitlements, and click Confirm.

Your LAN server is successfully set up.

6. Upgrade LAN server

If you are experiencing issues while running the LAN server in your local environment, we recommend that you follow these steps to upgrade to the latest version of the server.

  1. On the LAN server, go to https://<host name>:<configured_port>.

  2. Stop the LAN server that is currently running.

    Note

    Stopping the server won’t affect the already activated licenses on client devices.

    2.a To stop the server (as Windows Service)

    1. Open the Services (Desktop app). 

    2. Stop the FRL LAN Server serice.

      LAN server service
      LAN server service

    2.B To stop the LAN server

    1. Go to the folder from where your are running the current LAN server.

    2. Type the following command and press Enter:

      Windows PowerShell

      \scripts\adobe-lan-server.ps1 stop

      Linux terminal

      /scripts/adobe-lan-server.sh stop

  3. Refresh the browser to verify that LAN server is stopped successfully.

    LAN server stopped

    You can also verify that server is stopped successfully via adobeLanService.log at C:\Windows\Logs\

    The following entry indicates the server has stopped:

    Adobe LAN Server stopped [<process_id>]
    adobeLanService.ps1 -Service # Exiting

  4. Navigate to Adobe Admin Console > Packages > Toolsand download the Server Configuration Tool (zip file).

  5. Transfer the downloaded Server Configuration Tool (.zip) to your LAN server machine.

  6. Use the Keystore file with the alias and the password that you previously created. See Generate SSL certificates, above. 

  7. Make sure that you give sufficient permissions to the Server Configuration Tool (.zip)  file before extraction so that all the files are extracted and can run successfully.

  8. After extraction go the scripts folder and remove the already installed service using the command:

    adobeLanService.ps1 -Remove

  9. Follow the steps given for installation of the service using the keystore file.

More like this

Adobe, Inc.

Get help faster and easier

New user?

Quick links

View all your plans Manage your plans
View quick links
Hide quick links

Legal Notices    |    Online Privacy Policy