DSLicSrv Command

The DSLicSrv command initializes and starts the license server and its associated administration tool.

Note that all command parameters are case-sensitive.

This page discusses:

Command Location and Syntax

On Windows, the DSLicSrv command is located by default in:

C:\Program Files\Dassault
          Systemes\DS License Server\win_b64\code\bin

On Linux, the DSLicSrv command is located by default in:

/usr/DassaultSystemes/DSLicenseServer/linux_a64/code/bin

This is the syntax:

DSLicSrv 
-initServer [-adminPort nnnn] [-licensingPort nnn] [-enroll filename] [-force]
-startServer [-echo] [-logDir path_to_log] [-logFileSize number] [-compressLog]
[-disableSSLProtocol protocol] [-cipherSuitesPath filename]
-stopServer 
-adminUI [-resetSettings] [-locale en_US]
-admin [-i input_file] [-o output_file] [-t output_file] [-ks [keystore_file]]

Initialize the Server

Option Description
-initServer [-adminPort nnnn] [-licensingPort nnn] [-enroll filename] [-force] Initializes the license server.
  • -adminPort nnnn: administration listening port number; mandatory only if never previously installed or if -force is also used; in other cases, -adminPort nnn is ignored if passed
  • -licensingPort nnnn: set the licensing port at installation time (avoids having to set it later)
  • -enroll filename: enroll a .LICZ license file at installation time (avoids having to enroll it later). If enrollment fails, the installation succeeds. Only a warning is added in the license server logs. This can happen, for example, if the license file does not exist.
  • - force: licenses must be re-enrolled (including the activation license)

Example:

DSLicSrv -initServer -adminPort 4084
Note: You must run this command as root on Linux, and in an elevated command prompt on Windows.

Start the Server

Option Description
-startServer [-echo] [-logDir path_to_log] [-logFileSize number] [-compressLog] [-disableSSLProtocol protocol] [-cipherSuitesPath filename][-tokenLogsUploader None]Start the license server:
  • -echo: display messages in addition to logging them
  • -logDir path: specify a different log directory; if you specify a remote directory, the license server may hang if the remote directory can no longer be accessed
  • -logFileSize number: specify the maximum size of each server log file. The number is in MB: the default is 1MB. As soon as this size is reached, a new log file is created by the license server.
  • -compressLog: compress server log files, in .gz format. Compression is performed by the license server every time the uncompressed size of the current log file reaches the logFileSize value (1MB by default), and every time the license server is stopped. Note that an uncompressed log file is created every time the license server is initialized (typically at installation time).
  • -disableSSLProtocol: specify the protocol to disable. For example: -disableSSLProtocol SSLv3
  • -cipherSuitesPath filename: specify cipher suite path.
  • -tokenLogsUploader None: Token/Credit logs are not automatically sent to Dassault Systèmes.

Example

DSLicSrv -startServer
Note: You must run this command as root on Linux, and in an elevated command prompt on Windows.

On Windows, you may prefer to use the following command in an elevated command prompt to start the server as a Windows service:

net start "DS License Server"

Setting options in the DSLS Windows service

You can configure the DSLS Windows service to use the start options as follows:

  1. Open an elevated command prompt.
  2. Check the current properties of the license server service by running the following Windows command:

    sc.exe qc "DS License Server"

    The displayed BINARY_PATH_NAME line should match something like this:

    "C:\Program Files\Dassault Systemes\DS License Server\win_b64\code\bin\DSLicSrv.exe" -startServer

  3. Modify the BINARY_PATH_NAME by running a command like the following one:

    sc.exe config "DS License Server" binpath= "\"C:\Program Files\Dassault Systemes\DS License
    Server\win_b64\code\bin\DSLicSrv.exe\" -startServer -logFileSize 20 -compressLog"

    Note: note the space character after " binpath= ".
  4. Check the new properties of the license server service:

    sc.exe qc "DS License Server"

  5. Stop and restart the service to take the changes into account.
  6. Repeat this configuration after every installation, because an installation resets license server service properties.

On Linux, the start options can be set in /etc/init.d/dsls.

Stop the Server

Option Description
-stopServerStops the license server

Example:

DSLicSrv -stopServer
Note: You must run this command as root on Linux, and in an elevated command prompt on Windows.

Start the License Administration Tool GUI

Option Description
-adminUI [-resetSettings] [-locale en_US]Starts the License Administration Tool GUI:
  • -resetSettings: resets License Administration Tool GUI settings
  • -locale en_US: forces the License Administration Tool to be displayed in English.

Example

DSLicSrv -adminUI

starts the License Administration Tool user interface.

Start the License Administration Tool in Command Line Mode

The majority of the tasks explained in this guide involve the use of the GUI version of the License Administration Tool. However, you can perform the same tasks in command line mode.

Option Description
-admin [-i input_file] [-o output_file] [-t output_file] [-run "list of commands"] [-ks [keystore_file]Starts the License Administration Tool in command line mode
  • -i input_file: input file containing list of commands
  • -o output_file: redirects output to an output file
  • -t output_file: redirects output both to an output file and to the command line window

    For more information, see Redirecting Output.

  • -run "list of commands: runs a concatenated list of commands, as explained in Running Several Commands at the Same Time
  • -ks keystore_file: creates or uses an existing encrypted password file, as explained in Managing Passwords.

The following command prompt appears:

License Administration Tool Version 6.419.0 Built on Jun 27, 2016 1:01:10 PM.
admin >

As you can see, when the prompt is:

admin >

you are inside the command line administration tool.

You have to connect to a license server after having launched the command line administration tool.

To list the commands available, enter one of the following commands:

admin > ?
admin > help

Most commands have both a long and abbreviated format, as indicated by the "|" separator which means "or", for example: getConfig|gc. Running either the getConfig or gc command displays the same result.

To get help about a specific command, use the help|h command, for example:

help getConfig

help gc

Note: An asterisk (*) in the following list of available commands denotes functionalities not supported in managed licensing service mode.
Operation Command SyntaxOptions
Connect to a license server connect|c server port [ -proxy | -p proxyHost proxyPort] [-restricted | -r] server: license server host name

port: administration port number

-proxy|-p proxyHost proxyPort: proxy host name and proxy port number

-restricted|-r: forces connection in restricted mode (replaces -readOnly which remains valid for backward compatibility reasons)

Get current license server informationgetServerInfo|gsi
Disconnect from connected license serverdisconnect|disc|d
Get license server configuration (*)getConfig|gc
Get license information getLicenseInfo|gli [-superseded] [-csv]

-superseded: display superseded licenses.

-csv: format output as a .csv file.

Show current license usagegetLicenseUsage|glu [-feature feat] [-all|-short] [-csv] [-usedOnly|-uo]

-feature: display usage on specified feature

-all: display detailed client usage (including casual license usage in minutes, last used date for automatic recycling purposes, etc.) and running processes

-short: display global usage only

-csv: format output as a .csv file.

-usedOnly: lists only consumed licenses.

Expiration Date is only displayed when connected to a R2015x license server or a higher level.

The client process level (5 for V5 licensing client processes, and 6 for V6 and 3DEXPERIENCE) is also displayed.

Get license usage tracing flags (*)getLicenseUsageTraces|dutGet license usage tracing flags
Activate/Deactivate license usage trace (*)setLicenseUsageTraces|sut all|license1 license2 ... -trace|-t yes|no [-editorId|-e editor]license1 license2 ...: licenses to manage usage tracing, or all to manage all licenses

-trace yes|no: to activate or deactivate trace

-editorID: editor

Display logged server messagesshowLog|sl [-from fromDate] [-to toDate]-from: lower limit (default midnight)

-to: upper limit (default now)

Date format: YYYY/MM/DD [HH:MM:SS]

Modify server configuration (*)setConfig|sc [-licensingPort|-lp port] [-adminPort|-ap port] [-failoverPort|-fp port] [-password|-pwd] [-restrictedPassword|-rpwd] [-remoteAdmin|-ra none|restricted|full] [-failoverMode|-fm yes|no] [-clusterName1|-cn1 name] [-clusterName2|-cn2 name] [-clusterName3|-cn3 name] [-enableLicenseStats|-els yes|no] [-automaticRecycling|-ar yes|no] [-enableOffline|-eo yes|no]-licensingPort: listening port for license client access

-adminPort: listening port for administration usage

-failoverPort: listening port for intra cluster communications

-password: ask to be prompted to enable/disable password protection administration

-restrictedPassword: ask to be prompted to enable/disable restricted mode password protection administration

-remoteAdmin: disable administration from a remote machine or enable in full or restricted mode

-failoverMode: change standalone/failover mode

-clusterName1: host name of the first machine of the failover configuration

-clusterName2: host name of the second machine of the failover configuration

-clusterName3: host name of the third machine of the failover configuration

-enableLicenseStats: activates statistics

-automaticRecycling: activates automatic license recycling.

-enableOffline: enable offline license extraction.

Configure settings in managed licensing service mode manageCustomerSettings|mcs [-enableOffline yes|no] [-enableAutoRecycling yes|no] [ -fullPassword] [ -restrictedPassword]

-enableOffline: enables offline licensing.

-enableAutoRecycling: activates automatic license recycling.

-fullPassword: ask to be prompted to change existing full administration password.

-restrictedPassword: ask to be prompted to change existing restricted administration password.

Modify cluster (*)modifyCluster|mc [-repair|-r host] [-update|-u host] [-changeName|-cn host newHost] [-changeMachine|-cm host newHost]-repair: repair server when license database is corrupted

-update: update cluster when host computer id has changed

-changeName: modify cluster when a host name has changed, computer id still the same

-changeMachine: modify cluster when a machine has been replaced (computer id no longer available)

Enroll license files (*)enrollLicense|e -dir inputDir [-file file1 file2...] -dir: input directory

-file: input files or regular expression

Delete expired licenses (*)deleteExpiredLicenses|dxl
Delete superseded licenses (*) deleteSupersededLicenses|dslUseless when connected to a license server on a level higher than or equal to R2016x.
Create group of users to manage authorization listscreateUserGroup|cug groupName -users user1 user2 ... [-replace]-users: list of users contained in that group

-replace: replace existing group of users if any

Create group of hosts to manage authorization listscreateHostGroup|chg groupName -hosts host1 host2 ... [-replace] -hosts: list of hosts contained in that group

-replace: replace existing group of hosts if any

Create an authorization list createAuthorizationList|cal name -type t -editorId id [-product prd -model m [-licenseId id | -pricingStruct s | -customerCountry c | -customerSite c | -customerId i]] [-users user1[,number,[rule]] ...] [-hosts host1[,number,[rule]] ...] [-usergroups usrgrp1[,number,[rule]] ...] [-hostgroups hostgrp1[,number,[rule]] ...] [-ipranges ipr1[,number,[rule]] ...] [-iprangegroups iprgrp1[,number,[rule]] ...] [-replace]

-type: type of authorization list (ALLOW, DENY, RESERVE, LIMIT or COMPOSITE)

-editorId: unique editor identifier

-product: feature name to manage (optional); when not used, the rule is applied at the Editor level.

-model: model of the feature to manage (NamedUser, ConcurrentUser, Token, Credit or Site)

-licenseId: licenseID number (optional)

-pricingStruct: pricing structure (optional)

-customerCountry: customer country (optional)

-customerSite: customer site (optional)

-customerId: customer ID number (optional)

-users: list of individual users with optional number of licenses and rule if type is COMPOSITE

-hosts: list of individual hosts with optional number of licenses and rule if type is COMPOSITE

-ipranges: list of IPRanges with optional number of licenses and rule if type is COMPOSITE

-usergroups: list of groups of users with optional number of licenses and rule if type is COMPOSITE

-hostgroups: list of groups of hosts with optional number of licenses and rule if type is COMPOSITE

-iprangegroups: list of groups of IPRanges with optional number of licenses and rule if type is COMPOSITE

-replace: replace existing list if any

Create offline extraction restrictionscreateOfflineRestrictions|cor name -editorId id -product prd -model m [-licenseId id] [-keyword kw] [-maxDuration n] [-replace] [-rule ALLOW|DENY [-users user1 ...] [-usergroups usrgrp1 ...] [-hosts host1 ...] [-hostgroups hostgrp1 ...] [-ipranges ipr1 ...] [-iprangegroups iprgrp1 ...]] -editorId: editor unique identifier

-product: product name to manage

-model: model of product to manage (NamedUser|ConcurrentUser|Token|Credit)

-licenseId: license product number

-keyword: keyword to be provided to extract offline license.

-maxDuration: maximum duration of extraction validity, between 0 and 30 days

-replace: replace existing restriction name if any

At least option -keyword or -maxDuration must be passed.

-rule: specifies allow/deny restriction rules for User, Host, IPRange, User Group, Host Group or IPRange Group.

Delete user deleteUser|du userName
Delete host deleteHost|dh hostName
Delete group of users deleteUserGroup|dug groupName
Delete group of hosts deleteHostGroup|dhg groupName
Delete an authorization list deleteAuthorizationList|dal listnamelistname: name of list
Delete offline restrictionsdeleteOfflineRestrictions|dor listname listname: name of list
List users listUsers|lu
List hosts listHosts|lh
List groups of users listUserGroups|lug
List groups of hosts listHostGroups|lhg
Rename user group renameUserGroupName|rug currentName newName
Rename host grouprenameHostGroupName|rhg currentName newName
Rename authorization list renameAuthorizationList|ral currentName newName
Rename offline restrictions renameOfflineRestrictions|ror currentListName newListName
List all authorization lists listAuthorizationLists|lal
List all offline restrictions (keywords, maximum durations and rules)listOfflineRestrictions|lor
Create IP rangecreateIPRange|cipr name -ip iprange [-replace]

-ip: internet address range, (firstIP-lastIP or CIDR notation)

-replace: replace existing item if any

Examples:

  • cipr local1921680 -ip 192.168.0.1/24 -replace
  • cipr localcomputer -ip 127.0.0.1/32 -replace
  • cipr local10232 -ip 10.232.0.0-10.232.255.255 -replace
  • cipr localipv6 -ip fd00::/10 -replace
Create IP range group createIPRangeGroup|ciprg name -ip iprange1 iprange2 ... [-replace]

-ip: IPRanges

-replace: replace existing item if any

Example:

ciprg localgroup -ip localcomputer local1921680 local10232 localipv6 -replace

List all IPRanges listIPRange|lipr
List all IPRange groups listIPRangeGroup|liprg
Rename IPRangerenameIPRange|ripr currentName newName
Rename IPRange grouprenameIPRangeGroup|riprg currentName newName
Delete IPRange deleteIPRange|dipr name
Delete IPRange groupdeleteIPRange|diprg name
Export authorizations to file in XML formatexportAuthorizations|ea -o file-o file: path of XML file to generate
Import authorizations from file in XML formatimportAuthorizations|ia -f file [-clear]-f file: path of XML file to read

-clear: remove all existing authorizations.

Note that all differences are automatically accepted: existing data is removed and the new data is added.

Monitor license server (*)monitor|mon [-dumpHeap|-dh] [-dumpThreads|-dt] [-outDir|-o dir]-dumpHeap|-dh: obtain server heap dump

-dumpThreads|-dt: obtain server threads status

-outDir|-o dir: directory storing result of command (mandatory for -dumpHeap option)

Display mail configurationgetMailConfig|gmc
Set mail configurationsetMailConfig|smc [-test|-t] [-smtp servername] [-from sender] [-to email1,email2,...] [-activate|-a event yes|no] [-parameter|-p event param value] [-subject|-s event "..."] [-body|-b event "..."] [-mailBodyFooter|-footer "..."] -test|-t: test mail configuration

-smtp servername (*): SMTP server name

-from sender (*): sets the sender of the e-mails. It can be useful when certain security rules set on the smtp server prevent the default sender name value. The default value is %host%@noreply. %host% is a placeholder matching the hostname of the license server. %host% is very useful in failover mode, to clearly identify which member sends an e-mail. Note that this value cannot be set nor even displayed using the GUI.

-to email1,email2,...: names of recipients separated by comma (,)

-activate|-a event yes|no: activate or deactivate the event, where event can be:

  • OnServerStart: when server starts
  • OnServerStop: when server stops
  • OnDiskShortage: with parameter Threshold in range 1 - 99
  • OnMemberIsolated: with parameter Threshold in range 1 - 60
  • OnLicenseSoonExpiring: when licenses expire, with parameter Threshold in range 1 - 30 (supported in managed licensing service mode)
  • OnResetSettingsIsolated: (for use only in managed licensing service mode) which can be triggered when Dassault Systèmes resets the settings (if you forgot the password).

-parameter|-p event param value: value of the event parameter

-subject|-s event "...": subject of the mail for the event

-body|-b event "...": set the body header of the mail for the event

-mailBodyFooter|-footer "...": body footer of all mails.

For example, to send mail notifications 25 days before license expiration, run the command:

smc -activate OnLicenseSoonExpiring yes -parameter OnLicenseSoonExpiring Threshold 25
Manage SSL certificate (*)manageSSLCertificate|msc [-install -crt file_path_to_server.crt -key file_path_to_server.key] | [-uninstall] [-nofailover] Replaces the default self-signed SSL certificate embedded in the license server by another one you provided.

-install: installs the certificate on the license server and stores it in the repository folder.

-crt: file path to certificate file (server.crt)

-key: file path to RSA key (server.key)

-uninstall: uninstall certificate previously installed (and use the default self-signed one)

-nofailover: do not propagate to both other failover members. This option is useful when installing a certificate on a failover member and the certificate is not a domain certificate. By default, the certificate is sent to the three failover members.

This command can be useful when security rules prevent access to HTTPS servers with a self-signed SSL certificate or a certificate whose duration is too long. It is your responsibility to periodically renew the certificate installed on the license server. If this SSL certificate expires, licensing clients will refuse to connect to the license server and licenses will not be granted.

To revert back to the default behavior (for example, use the default self-signed certificate), you must delete the previously imported certificate using the -uninstall option.

Manage license usage tracing related to users (*) userTraceSetting|uts [-enable|-e user] [-disable|-d user] [-remove|-r user] [-clear|-c]

-enable|-e user: activate usage tracing for user

-disable|-d user: disable usage tracing for the specified user

-remove|-r user: remove tracing for the specified user

-clear|-c user: remove all tracing for all users

If no parameter is passed to the command, the list of user tracing settings is displayed.

Stop license server (*) stopServer|ss
Exit the license administration tool quit|q|exit|x|bye
Display help information help|h|? [command] command: (optional) display help information relative to this command

Redirecting Output

By default, the DSLicSrv -admin command does not redirect output. The following table sums up the different redirection possibilities available:

To perform this operation... Run this command...
Start the License Administration Tool in command line mode and direct output to a newly created output file onlyDSLicSrv -admin -o outputfile or DSLicSrv -admin > outputfile

where outputfile is the name of the output file.

Start the License Administration Tool in command line mode and append output to an existing output file only DSLicSrv -admin >> outputfile

where outputfile is the name of the output file.

Start the License Administration Tool in command line mode and redirect output both to an output file and to the command line windowDSLicSrv -admin -t outputfile

where outputfile is the name of the output file.

After starting the License Administration Tool in command line mode, redirect output from individual commands to a newly created output file

Use the > sign to redirect command output, for example:

glu -admin > outputfile

where outputfile is the name of the output file.

These new redirections take precedence over previous global redirections.

After starting the License Administration Tool in command line mode, redirect output from individual commands to an existing output file

Use the >> sign to redirect command output, for example:

glu -admin >> outputfile

where outputfile is the name of the output file.

These new redirections take precedence over previous global redirections.

Here is a more elaborate example of how to use the different redirection possibilities:

Output from the commands highlighted in yellow is not redirected.

Output from the command highlighted in blue is appended to the existing file C:\temp\usage.txt.

Output from the pink command is redirected to the newly created file C:\temp\info.txt.

Managing Passwords

You may not want to enter passwords each time you run DSLicSrv -admin, particularly if full and restricted passwords are set, or if passwords are different between license servers. Furthermore, writing passwords in batch files is not secure.

You can store passwords in an encrypted file and reference this file when connecting to license servers. Adding the option -keyStore [file.ks] (or -ks [file.ks] ) instructs the License Administration Tool to work with the encrypted file containing the passwords.

The default pathname of the .ks file is:

  • C:\Users\userid\AppData\Roaming\DassaultSystemes\LicenseAdmin.ks (Windows)
  • $HOME/.LicenseAdmin.ks (Linux).

but any pathname can be used.

The .ks file is encrypted with the OS username and the pathname in lowercase. This partially prevents different users from using the same .ks file, or from moving a .ks file from one folder to another.

The .ks file can contain full and restricted passwords for several license servers. When the -keyStore option is used and the .ks file does not exist or does not contain the valid password for the license server, you will be prompted to enter a password. If you enter the correct password, it will be stored in the .ks file.

When the -keyStore option is used and the .ks file contains a valid password for the license server, no password prompt is displayed and the access will be granted.

License servers are identified by their names in a .ks file. Consequently, connecting a license server with an IP address whereas the name has been stored in the .ks file will lead to a password prompt. The behavior is the same if a license server is accessed both via localhost and its name, for example.

At the beginning of the following example, the -keyStore option has not been used already, therefore a .ks file does not already exist, and you are trying to connect to a password-protected license server:

In the case of the command highlighted in yellow, you are prompted to enter a password because there is no existing .ks file yet, so it will be created once you enter the password.

In the case of the command highlighted in blue, you are NOT prompted to enter a password because it can be found in the .ks file which has just been created in the previous step.

In the case of the command highlighted in pink, you are prompted to enter a password because you started the License Administration Tool without the -keyStore option.

Running Several Commands at the Same Time

You can run several commands at a time:

  • using a batch file as input file containing the commands: in the input file, several commands can be entered as if they were entered interactively
  • or by concatenating the commands from the command line, eliminating the need for a batch file.

    This is done using the -run "list of commands" option. Each command in the list of commands is separated by a semicolon ;. The first command in the list must be the connect command (or help command). Note that disconnect and quit commands are not mandatory at the end of the list.

    If the server is protected by a full or restricted password, the password can be either entered interactively or using a .ks file. You cannot enter the password in the list of commands after the -run option.

    For commands requiring a confirmation, you must place the "yes" string immediately after the ";" without a space between ";" and "yes".

    Only one -run option can be passed.

The following table illustrates how to use both methods.

To perform this operation... Run this command...
Start the License Administration Tool in command line mode and execute a command parameter fileDSLicSrv -admin -i input file

The input file contains commands executed in command line mode.

Start the License Administration Tool in command line mode and run a list of commandsDSLicSrv -admin -run "list of commands"

Examples:

DSLicSrv -admin -run "c localhost 4084; glu"

displays license usage.

DSLicSrv -admin -run "c localhost 4084; gc; gli > C:\temp\gli.txt; glu >> C:\temp\glu.txt"

displays the license server configuration, redirects the license information to a new file, then appends license usage information to an existing file.

DSLicSrv -admin -run "c protcomp 4084 -r; glu -all" -ks

displays the detailed license usage of a password-protected license server accessed in restricted mode.