Allow Tekla on-premises license server to operate through Windows Firewall

Tekla Structures
Not version-specific
Tekla Structures

Allow Tekla on-premises license server to operate through Windows Firewall

The firewall at your company must allow communication between the license server computer and the client computers where Tekla Structures is installed. You must allow the applications tekla.exe and lmgrd.exe to operate through the firewall on the license servers and on the client computers.

Ensure that your firewall settings allow the following traffic:

  • Outbound traffic on TCP port 443 (the default HTTPS port) to https://identity.trimble.com for the Tekla On-demand License Administration Tool

  • Outbound traffic on TCP port 443 (the default HTTPS port) to https://activate.tekla.com for the Tekla License Administration Tool.

Direct communication from the license server computer to the internet must be allowed while your license server contacts Trimble’s activation server. The activation communication is done using simple object access protocol (SOAP) over HTTPS on TCP port 443.

To allow the activation communication, use the activation server address in your firewall settings: https://activate.tekla.com:443/flexnet/services/ActivationService?wsdl

In addition to allowing the exceptions in your firewall software, you might need to configure exceptions for Windows Firewall. Windows Firewall might be enabled without you being aware of it because some Windows updates might automatically turn on Windows Firewall.

Allow exceptions in firewall for lmgrd.exe and tekla.exe

You need to allow the applications tekla.exe and lmgrd.exe to operate through the firewall on the license server computer to enable licensing traffic.

To allow exceptions for lmgrd.exe and tekla.exe on the license server computer:

  1. Press the Windows logo key + R on your keyboard to show the Run dialog box, then type firewall.cpl and press Enter.
  2. In the left pane, click Allow a program or feature through Windows Firewall or Allow an app or feature through Windows Firewall (depending on the operating system).
  3. In Allowed programs or Allowed apps (depending on the operating system), click Change settings.

    Administrator permission is required. If you're prompted for an administrator password or confirmation, enter the password or confirm.

  4. Click Allow another program or Allow another app (depending on the operating system).
  5. Click Browse to browse for the \Server folder on the computer, select lmgrd.exe and click Open.

    By default, the path is ...\TeklaStructures\License\Server.

  6. Click Add to add lmgrd.exe to the Allowed programs or Allowed apps and features list (depending on the operating system).
  7. Select both Home/Work (Private) or Private (depending on the operating system) and Public check boxes next to lmgrd.exe.
  8. Allow the exceptions also for tekla.exe by repeating the steps 4 – 7.
  9. Click OK to confirm the changes.

Allow traffic in fixed TCP/IP ports

You need to modify the firewall settings to allow traffic through fixed TCP/IP port.

To allow traffic in fixed TCP/IP ports in Windows on the license server computer:

  1. Ensure that no other software or service is using the ports that you are about to set fixed.

    Use the command line command netstat -anp TCP to find out which ports are in use.

    The numbers in the Local Address column after the colon (:) are the port numbers that are in use.

  2. Browse for tekla.lic, and open it using a text editor.

    By default, the path is ..\Tekla\License\Server.

  3. To set a fixed port for lmgrd.exe, enter the TCP/IP port number at the end of the SERVER row.

    The Automatic installation option sets the port to 27007.

  4. Enter the text port=free_port at the end of the VENDOR row, for example, port=1234.

    Defining the TCP/IP port number on the VENDOR row may slow down the restart time of Tekla Licensing Service.

  5. Save the changes and close tekla.lic.
  6. Update your license server with the changes:
    1. Go to Tekla Licensing > LMTOOLS through the Start menu or Start screen, depending on your Windows operating system.
    2. On the Service/License File tab, ensure that Configuration using services and Tekla Licensing Service are selected.

    3. Go to the Start/Stop/Reread tab and click Stop Server to stop the license server, and then start the server again by clicking Start Server.
  7. Click the Windows logo key on your keyboard to show the Start menu or Start screen, depending on the operating system.
  8. Type wf.msc and press Enter.
    The Windows Firewall with Advance Security MMS snap-in is displayed.
  9. In the navigation tree, select Inbound Rule, and then in the Actions pane, click New Rule.

  10. On the Rule type panel, select Port and then click Next.

  11. On the Protocol and Ports panel, select TCP, enter the TCP/IP port numbers that you set in steps 3 and 4 in Specific local ports, and then click Next.

  12. On the Action panel, select Allow the connection, and then click Next.
  13. On the Profile panel, select the appropriate profiles, and then click Next.

  14. On the Name panel, enter the name of the rule, and then click Finish.

The rule is created and automatically enabled.

Was this helpful?
Previous
Next