Old HASP license manager at port 475

[refurbisher]

Why are you using simultaneously both new (at port 1947) and old (at default port 475) HASP license managers in your products? The old one makes a lot of trouble when accessed from more than one network interface on a single server machine. Plus the old one has not been updated for years and therefore might be vulnerable to internet attacks. If the old license manager is not accessible your network configured products end up with "Login error: -7".

[b.milan]

We are using both ports or it is better to say - both types of Sentinel Hasp protection systems (new and old) because the new one (which is safer and better), does not have all the functionality we had with the old one. Sentinel Hasp in their new, 'state of art' protection system did not implement, for us, something very important. With the new protection system we are not able to control the number of used licenses for network users, as we did before. That means that new license counting system is totally incompatible with the license system we were using for years.

There are no unsolved problems with old license manager. Problems with old license manager could be related to:
1) old versions of our programs where was not implemented automatic configuration of NETHASP.INI file
2) firewalls

Solution for #1 is installing the new version.
Solution for #2 is configuring the firewall.

Login error -7 could be caused by one of:
1) firewall is blocking port 475
2) exceeded number of users which may run the application

And last and not least reason of using both generation of Sentinel Hasp protection is - the protection.
It is much harder to compromise two layers of protection than single one.

[refurbisher]

There is a major problem with the old license manager. If there are two (or probably more) network interfaces on a single server machine for some reason the old license manager works only with one of them (the last connected) and error -7 is inevitable if one is trying to access the server thru the other (the first connected) network connection. Note that telnet test at port 475 still works via both interfaces.

The Access Control Center shows properly the number of connected stations to a certain hasp feature. Are you saying there is no API to retrieve this info?

[b.milan]

There is a major problem with the old license manager. If there are two (or probably more) network interfaces on a single server machine for some reason the old license manager works only with one of them (the last connected) .. .

As I said, there is no unresolved problems with old License Manager. If You are using old versions of our programs which did not contain automatic configuration of NETHASP.INI files, or if You do not have proper NETHASP.INI file or if You do not have NETHASP.INI file at all, You will have problems as described.
I suggest that You contact me by email and send me information such as - name of the program owner, program version and Build, operating system at the server and client. After that we will resolve this problem very quickly.

The Access Control Center shows properly the number of connected stations to a certain hasp feature. Are you saying there is no API to retrieve this info?

There is no API to set the maximum number of concurrent users from within the protected application. During the installation process of our programs, we were unable to set maximum number of concurrent users. Simple request but impossible to do.

[refurbisher]

This is the scenario on the server side:

Server running XP 32 SP2/3 with latest SRM drivers and old hasp license manager 8.32. XP firewall adjusted. Red HASP NET 10 dongle connected.
One ethernet (adapter) connection via router 1.
One wifi connection via router 2.
Both routers have static different internet IPs and of course ports 1947 and 475 are open (passed thru). Thus the server is accessible from Internet via two different IPs.



Clients are running the latest x32 radimpex software.
Their NETHASP.INI files are adjusted manually with proper IPs.
The server dongle is visible in the respective local ACCs of every client regardless to which server IP it is directed to.
It took me several days to figure out that the software is able to run (e.g. without error -7) only if connected to the router (doesn't matter router1 or router2) which had last established connection to the server (e.g. via IP 1 or IP 2).

[b.milan]

Instead of using IP address in NETHASP.INI file, You should use server name.

[NH_TCPIP]
NH_SERVER_ADDR = serverXX;

Using server name is recommended method. During the network(server) installation, program generate NETHASP.INI file where server location was set by name, rather than by IP address. This is more flexible and more comfortable option. It is default.
(instead of 'serverXX' You should write actual name of Your server).

[refurbisher]

Names cannot be used since there are no domain names bought for these IPs. And let me remind you the server must be (and is) accessible from the Internet and not only from within LAN. Anyway using names cannot solve the packet layer problem with the old hasp license manager (the new one works perfectly under the above mentioned server configuration)

[b.milan]

Since You told me that server has Windows XP, that computer has its name. Use this name for accessing through LOCAL network.

For accessing trough INTERNET you should use global address (which is represented by IP address You are talking about).
When You are using two interfaces for accessing the server (LOCAL and INTERNET), You must have both of them enumerated in NETHASP.INI file.

[refurbisher]

There are two different network interfaces used for INTERNET access via two different ISPs. This is primarily used with the sole purpose of providing a fail-safe access to the server (e.g. if one ISP is temporarily down then the traffic goes via the other ISP) Yes, both IPs are enumerated. Actually one interface is used for LAN and INTERNET access but this is irrelevant (except that there is a 3rd IP for LAN clients ). Of course, local clients might use that MS server name but the problem appears (mainly?) when the client machine connects to the server via internet.

[b.milan]

Of course, local clients might use that MS server name but the problem appears (mainly?) when the client machine connects to the server via internet.

In NETHASP.INI file You've set only parameters for INTERNET access but problem arises when client accessed server through LOCAL network.
In NETHASP.INI file You must provide both - global IP addres for accesing trough internet and MS name (or local IP address).

Code: Izaberi sve

[NH_TCPIP]
NH_SERVER_ADDR = serverxx;        ; MS name of server for local connection
NH_SERVER_ADDR = 55.56.57.99;   ; global IP address of server, for accessing via internet 

or

Code: Izaberi sve

[NH_TCPIP]
NH_SERVER_ADDR = 192.168.1.6;        ; local IP address of server for local connection
NH_SERVER_ADDR = 55.56.57.99;   ; global IP address of server, for accessing via internet 

[refurbisher]

Forget about the LAN side. We have no problems there (so far). Unless you try the above mentioned server configuration you cannot reproduce the problem. Imagine that all clients are accessing server via internet. And there are two different network cards in that server connected to two different ISPs with two different internet IPs. That's it. And the old hasp license manager is able to control only one of the interfaces with the last physically established connection. HINT: the latter circumstance is used to build the routing table of the server with the corresponding metrcis of every network interface. As an IT and a network engineer am able to further test the problem but since I figured out the problem I think I am done. The rest is up to you. I don't care whether you fix your software or not. Your problem can be avoided if people use only one network interface to access the server. Keep in mind that a corporate server can be used for other things (apart from mere old hasp server) that require multiple network interfaces.

[b.milan]

You did not mentioned that clients could access server via two IP addresses.
Try this:

Code: Izaberi sve

   
[NH_TCPIP]
NH_SERVER_ADDR = serverxx;        ; MS name of server for local connection
NH_SERVER_ADDR = 55.56.57.99;   ; global IP address of server, internet access - 1st interface
NH_SERVER_ADDR = 88.89.90.59;   ; global IP address of server, internet access - 2nd interface

You can set in NETHASP.INI that program searches License Manager search on arbitrary number of addresses.

If this does not working try changing this

Code: Izaberi sve

NH_USE_BROADCAST = Disabled		; Use TCPI/IP Broadcast mechanism.

to

Code: Izaberi sve

NH_USE_BROADCAST = Enabled		; Use TCPI/IP Broadcast mechanism.

We deliberately disabled "Broadcast" option in automatically generated NETHAP.INI file because of very long response time in case of large networks with more than one interfaces. That is probably set by default in "new" license manager and that's the reason its working.