COBOL Server 2012 Runtime - firewall issues

We installed COBOL Server 2012 Runtime on our server... it's actually a Windows 7 workstation that we use for file sharing.   I am using a batch file to run native INT programs from another Windows 7 workstation in the office:

SET COBSW=/S15000 P3-F B C
set COBDIR=\\\COBOLsrv

mfcesdchk.exe >nul
if errorlevel 1 goto startlic

goto startapp

start /B mfcesd.exe -b

mfcesdchk.exe >nul
if errorlevel 1 goto checkloop




The mfcesdchk command from the workstation completes successfully and returns:

CES daemon running, version 10000.2.01443

The Windows 7 "server" is running FortiClient Firewall.  We have opened port 5093 and we have set lservnt.exe to "allow" for both the private zone and public zone, but we get an error when trying to run our INT:

error code: 247, pc=0, call=1, seg=0

247 Licensing error (Error[5]: Cannot talk to the license server on host "". Server may not be running.)

When we set the firewall to "Pass All" the INT runs with no issue.   Is there some other port or process that needs to be opened up on the firewall for the licensing to work correctly?

  • Verified Answer

    The Licensing that we use is from Safenet.

    The way that the communication works between the license daemon running on the client and the license manager running on the server is the following:

    The client application is assigned a port number by the OS (AKA an ephemeral port). The client sends its request to the known port number of the server (in our case 5093 which is registered with IANA by SafeNet). The message includes the client’s address port and the server uses that to send its reply. The client application in our case is the mfcesd daemon.

    According to Wikipedia:

    The range 49152–65535 (215 214 to 216−1) – above the registered ports – contains dynamic or private ports that cannot be registered with IANA.[149] This range is used for custom or temporary purposes and for automatic allocation of ephemeral ports.

    So in addition to port 5093 which is the well known port an additional dynamic port is assigned and used in the communication but the dynamic port should only be used in communication from the server to the client and not the other way around.

    We are not familiar with the firewall software that you are using.

    Does it allow e.g. for other machines to be ‘trusted’?


  • We have our firewall issues figured out, but now we are getting some random performance issues.  Just as a recap, we are running native INTs compiled under Visual Cobol 2.2 for Visual Studio 2012.  

    Our application is a menu driven/data entry type app.   The application will randomly hang for 5 to 10 seconds when selecting a menu item.

    I don't have these issues when I run the application from my laptop that has the development license installed.   We are only having the issue from workstations connecting to the server where the runtime license is installed.  


  • Hi Chris,

    Could you please create a support incident for this problem.

    I believe that we will have to run some traces to figure out where the slow down is occurring.