New Ranks & Badges For The Community!
Notice something different? The ranks and associated badges have gone "Star Fleet". See what they all mean HERE
Highlighted
Lieutenant Commander
Lieutenant Commander
3743 views

COBOL Server 2012 Runtime - firewall issues

Jump to solution

We installed COBOL Server 2012 Runtime on our server... it's actually a Windows 7 workstation that we use for file sharing.   I am using a batch file to run native INT programs from another Windows 7 workstation in the office:

SET COBSW=/S15000+P3-F+B+C
set COBDIR=\\10.172.150.50\COBOLsrv
set PATH=%COBDIR%;%COBDIR%\bin;%PATH%

mfcesdchk.exe >nul
if errorlevel 1 goto startlic

goto startapp

:startlic
start /B mfcesd.exe -b

:checkloop
mfcesdchk.exe >nul
if errorlevel 1 goto checkloop

:startapp

cmd

run mainmenu.int

The mfcesdchk command from the workstation completes successfully and returns:

CES daemon running, version 10000.2.01443

The Windows 7 "server" is running FortiClient Firewall.  We have opened port 5093 and we have set lservnt.exe to "allow" for both the private zone and public zone, but we get an error when trying to run our INT:

error code: 247, pc=0, call=1, seg=0

247 Licensing error (Error[5]: Cannot talk to the license server on host "10.172.150.50". Server may not be running.)

When we set the firewall to "Pass All" the INT runs with no issue.   Is there some other port or process that needs to be opened up on the firewall for the licensing to work correctly?

0 Likes
1 Solution

Accepted Solutions
Highlighted
Micro Focus Expert
Micro Focus Expert

The Licensing that we use is from Safenet.

The way that the communication works between the license daemon running on the client and the license manager running on the server is the following:

The client application is assigned a port number by the OS (AKA an ephemeral port). The client sends its request to the known port number of the server (in our case 5093 which is registered with IANA by SafeNet). The message includes the client’s address+port and the server uses that to send its reply. The client application in our case is the mfcesd daemon.

According to Wikipedia:

The range 49152–65535 (215+214 to 216−1) – above the registered ports – contains dynamic or private ports that cannot be registered with IANA.[149] This range is used for custom or temporary purposes and for automatic allocation of ephemeral ports.

So in addition to port 5093 which is the well known port an additional dynamic port is assigned and used in the communication but the dynamic port should only be used in communication from the server to the client and not the other way around.

We are not familiar with the firewall software that you are using.

Does it allow e.g. for other machines to be ‘trusted’?

Thanks.

View solution in original post

0 Likes
4 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

The Licensing that we use is from Safenet.

The way that the communication works between the license daemon running on the client and the license manager running on the server is the following:

The client application is assigned a port number by the OS (AKA an ephemeral port). The client sends its request to the known port number of the server (in our case 5093 which is registered with IANA by SafeNet). The message includes the client’s address+port and the server uses that to send its reply. The client application in our case is the mfcesd daemon.

According to Wikipedia:

The range 49152–65535 (215+214 to 216−1) – above the registered ports – contains dynamic or private ports that cannot be registered with IANA.[149] This range is used for custom or temporary purposes and for automatic allocation of ephemeral ports.

So in addition to port 5093 which is the well known port an additional dynamic port is assigned and used in the communication but the dynamic port should only be used in communication from the server to the client and not the other way around.

We are not familiar with the firewall software that you are using.

Does it allow e.g. for other machines to be ‘trusted’?

Thanks.

View solution in original post

0 Likes
Lieutenant Commander
Lieutenant Commander

We have our firewall issues figured out, but now we are getting some random performance issues.  Just as a recap, we are running native INTs compiled under Visual Cobol 2.2 for Visual Studio 2012.  

Our application is a menu driven/data entry type app.   The application will randomly hang for 5 to 10 seconds when selecting a menu item.

I don't have these issues when I run the application from my laptop that has the development license installed.   We are only having the issue from workstations connecting to the server where the runtime license is installed.  

Thanks.

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Hi Chris,

Could you please create a support incident for this problem.

I believe that we will have to run some traces to figure out where the slow down is occurring.

Thanks

0 Likes
Highlighted
Lieutenant Commander
Lieutenant Commander

Will do.

Thanks!

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.