License server
Last updated
Was this helpful?
Last updated
Was this helpful?
This manual describes the installation, management, and interaction with a Hex-Rays License Server deployment. It is primarily intended for administrators, and will focus on the setup and management of the Hex-Rays License Server.
While we will (at least superficially) make use of the command-line client used to access/manage the server, this manual will not offer a detailed explanation of its usage, although there is a dedicated section for
The first step is to install the Hex-Rays License Server, which is the central component of the deployment.
After your purchase of a Hex-Rays product with floating licenses, go to the , where you will find:
an installer for the Hex-Rays License Server
the installer for the product you have purchased
a license_server_<LID>.hexlic
(where <LID> is your license ID) and the certificate bundle will be available after License Server activation, under tab
All those will be necessary, so please go ahead and download them.
You will also need root
access on the host where you will be installing the server.
This chapter explains how to install the Hex-Rays License Server.
The command-line client lsadm
is bundled with the Hex-Rays License Server installer. To install both Hex-Rays License Server and lsadm
, simply run the installer and follow the instructions.
Every Hex-Rays product using floating licenses, such as IDA, is also a client of Hex-Rays License Server. For installation instructions for these products, please refer to their documentation.
The Hex-Rays License Server can be installed on x64 Linux servers. We have tested it on Debian and Ubuntu, but other major flavors of Linux should be fine too.
To install the server, run the Hex-Rays License Server installer as root
and follow the instructions (the server will not require root
permissions; only the installer does.)
In order for the Hex-Rays License Server license to be activated, it must be bound to a Host ID (an Ethernet MAC address.)
From a command prompt, run /sbin/ifconfig
, and lookup the "ether" address for the network interface through which the server will be accessible.
In this case, our MAC address is: bf:e2:91:10:58:d2
license server certificate bundle
license_server_<LID>.hexlic
(license key)
Those need to be copied in the Hex-Rays License Server installation directory. As root
:
At this point, the server should be ready to run.
On the first install, you will need to initialize the database the server will use:
Testing the server
Now that the server is installed and has a database to work with, we can test that it works:
At this point, you may want to either let the server run, or stop it (Ctrl+C
will do) and restart it using systemd:
...and make sure it runs:
If you don't see a running license_server
process, please refer to the systemd
diagnostic tools (e.g., journalctl
) for more info.
This chapter explains in detail how to perform regular administrator tasks.
Currently, there is no dedicated procedure to back up the Hex-Rays License Server database. It can be done by temporarily stopping the Hex-Rays License Server and making a copy of the sqlite3 database. The server must be stopped only during the backup of the sqlite3 database and then can be immediately restarted.
Alternatively, it is possible to use sqlite3 backup functionality to make a backup of the database.
Switching to the newest versions of the Hex-Rays License Server is recommended in order for the team to benefit from its improvements and new features.
The upgrade procedure consists of the following steps:
Stop the server. For example, if you are using systemd
to manage the server: sudo systemctl stop hexlicsrv
Launch the installer
Follow the on-screen instructions
Upgrade the database with ./license_server --config-file hexlicsrv.conf --upgrade-schema
Restart the server. E.g., sudo systemctl start hexlicsrv
This chapter explains how to solve typical problems with the Hex-Rays License Server.
By default, the Hex-Rays License Server listens on the TCP port 65434 on all interfaces. Please ensure that this port is enabled in your firewalls.
The Hex-Rays License Server uses secure TLS connections with the clients. The TLS layer requires the certificate (.crt) and private key (.key) files. Usually, they are attached to the email message with the activation information.
The following files shouldn't be readable by everyone on the system, but only by root
and hexlicsrv
:
hexlicsrv.conf
: this file file holds the connection string to the database the server will use, and might contain credentials.
hexlicsrv.crt
: the certificate chain
hexlicsrv.key
: the private key file
license_server_<LID>.hexlic
: the license file
As a precaution, the Hex-Rays License Server will refuse to start if these files are readable by unauthorized users.
Please make sure they:
have hexlicsrv:hexlicsrv
ownership: chown hexlicsrv:hexlicsrv hexlicsrv.crt hexlicsrv.key licensesrv.hexlic hexlicsrv.conf
are not world-accessible: chmod 640 hexlicsrv.crt hexlicsrv.key license_server_<LID>.hexlic hexlicsrv.conf
This error means that the currently installed license server license file (hexlic) content is incorrect. More precisly, the "licenses" list does not contain an entry with the following items:
or that the activation end date in the same section has expired.
Make sure to activate all the floating license plans owned by the license server before downloading the license server hexlic file.
There are no special precautions to take: restoring the sqlite3 database from a backup should be enough.
This quick manual presents the basic common commands for lsadm tool.
Note: Replace <IP_ADDRESS>:<PORT>
with your actual server address and port.
This command shows:
Licensed products and their IDs (IDA, License server, Teams Server or Lumina Server)
Add-ons/decompilers associated with each license
License start and expiration dates
Available and total seats
License owner information
This command shows:
currently used licenses
users using those licenses (both online and borrowed)
end dates for borrowed licenses
This command shows:
Server version
MAC address
Connected client details and session timestamp
Go to and . During that process, you will need to provide the MAC address of the device where the license server will be running. Once the activation is complete, you'll be able to download the following files:
Good, the server appears to run! If you are observing more worrying messages than this one, please refer to the section.
Perform a of the database
The licensesrv.hexlic file is tied to the MAC address of the first network interface. If they do not match, the server will not start. To change the MAC address, please contact