Get started with the License Server VPX

Download the License Server VPX from Citrix Licensing Version 11.16.6.0.

We distribute the Citrix License Server VPX as a virtual machine system configured in .xva format.

Ensure you have the latest License Server

When upgrading or installing new Citrix products, always have the latest License Server. The new License Server is backward compatible and supports older products and license files. However, new products require the newest License Server to check out licenses correctly. You can install or upgrade the latest version from the product media.

If you are unsure if your License Server version is current, verify it by comparing your version with the number on the Downloads site.

To find your License Server version number on the License Administration Console:

  1. Open a web browser and go to https://License ServerName:secureWebPort.
  2. Click Administration and select the System Information tab. See the release version in the information list.

Directory and file locations

  • License file location: /opt/citrix/licensing/myfiles
  • Keytab file location: /opt/citrix/licensing/LS/conf/ctx_http.keytab
  • server.crt and server.key location: /opt/citrix/licensing/LS/conf/
  • Log locations: /opt/citrix/licensing/LS/logs
  • Report log: /opt/citrix/licensing/LS/reportlog.rl
  • Customer success service renewal files: /opt/citrix/licensing/LS/

To import License Server VPX using Citrix Hypervisor

  1. Open XenCenter, click the server on which to import the License Server VPX, and select Import.
  2. Browse to the location of your package and choose the .xva package.
  3. Choose a Home Server for your VM. This Home Server is the server on which the VM starts automatically. Alternately, you can click a Citrix Hypervisor pool and the VM automatically starts on the most suitable host in that pool.
  4. Choose a storage repository for the virtual disk. The repository must have a minimum of 8 GB of free space.
  5. Define network interfaces. The License Server VPX communicates on a single virtual NIC. Choose a network that is accessible to the Citrix Servers to which you want to provide license services.

After you import the VM, it appears inside your XenCenter management console. You can restart the virtual appliance in Citrix Hypervisor by right-clicking on its name and choosing Start.

Configure the License Server VPX for first use

After importing the License Server VPX, you have a fully functional Citrix License Server on your Citrix Hypervisor pool. The first time you start the License Server, a setup wizard opens to configure networking.

  1. After the wizard opens, create a strong root password for administrators.
  2. Specify a host name for the License Server VPX.

    Most Citrix license files are tied to the case-sensitive host name of your License Server.

  3. Specify a domain for the License Server VPX.
  4. Specify whether to use DHCP as your network type. Choose y to obtain network information automatically. Otherwise, choose n, and type the required network information.
  5. Specify a License Administration Console user name and password for the licensing service.
  6. Choose whether to enable the Customer Experience Improvement Program and Call Home. For more information, see About the Citrix Customer Experience Improvement Program (CEIP).
  7. Choose whether to add the VPX License Server to the Active Directory domain. If you do, after the setup is complete, follow the instructions to generate and install the key tab file.

Important:

If you don’t configure Active Directory, then Citrix Licensing Manager, Studio, and Director integration are unavailable.

Configure licenses from a web-based interface, available on port 8082

If you make a configuration error, log on to the appliance as root with the password you specified. Type the command resetsettings.sh or reset_ceip.sh to rerun the setup wizard.

resetsettings.sh command

resetsettings.sh provides the option to retain or delete historical data files while resetting the Licensing Server VPX configuration. You can fully reset the configuration by deleting all historical data collected until that time or partially reset the configuration by retaining the historical data.

As root, run the following script and make your choices:

# resetsettings.sh

reset_ceip.sh command

reset_ceip.sh provides the option to reset the Customer Experience Improvement Program (CEIP) options you chose during the original configuration. This command resets only the CEIP settings and retains all other settings. On VPX, do not modify the CITRIX.opt file.

As root, run the following script and make your choice of CEIP [1.DIAG 2.ANON 3. NONE]

# reset_ceip.sh

Export the database for use in a different License Server VPX

Use the migrate_historical_data.sh script to migrate the historical data to a newer Licensing Server VPX. The script provides options to back up and restore historical data.

Important:

Run this script as root.

This example procedure migrates the data from VPX_O to VPX_N.

  1. Run the command # migrate_historical_data.sh -b on VPX_O to create a back-up file /tmp/historical_data.tar.
  2. When VPX_N is running, copy or move the /tmp/ historical_data.ta file to VPX_N using any file transfer protocol. For example, scp.
  3. Run the # migrate_historical_data.sh -r /directory command on VPX_N to restore the data. Where directory is the directory in which historical_data.tar resides.

Generate and install the keytab file

  1. Use the ktpass.exe utility from a Windows server that is connected to the same domain. Type the command on one line without returns. The following example shows multiple lines due to space limitations.

    ktpass.exe -princ HTTP/hostFQDN:port@DOMAIN REALM -mapuser domainuser -pass password -out filepath -ptype KRB5_NT_PRINCIPAL

    Where:

    -princ HTTP/hostFQDN:port@DOMAIN REALM specifies the principal name:

    hostFQDN is the Fully Qualified Domain Name of the License Server VPX.

    port is port configured for Web Services for Licensing. Default is 8083.

    DOMAIN REALM is the Active Directory domain typed in UPPERCASE LETTERS.

    -mapuser domainuser specifies a user in the domain that can be used to bind to Active Directory.

    -pass password specifies the domain user password.

    -out filepath specifies the path where the generated keytab file is saved.

    -ptype KRB5_NT_PRINCIPAL specifies the principal type. KRB5_NT_PRINCIPAL is the only supported principal type.

    Example:

    ktpass.exe -princ HTTP/VPXHOST.example.domain.com:8083@EXAMPLE.DOMAIN.COM –mapuser administrator -pass password –out C:\example.keytab -ptype KRB5_NT_PRINCIPAL

  2. Rename the generated keytab file to ctx_http.keytab.
  3. From the License Server VPX command line interface, mount a network path.
    1. Create and share a folder with the ctx_httpd.keytab file in it.
    2. On the VPX, create a mount point, mount the shared drive, and copy the file.

      mkdir /mnt/temp

      mount //your_windows_machine/shared_folder/ cp /mnt/temp/ctx_http.keytab /opt/citrix/licensing/LS/conf

    3. Unmount the drive on the VPX. umount /mnt/temp
  4. Copy the generated keytab file using the Windows share to this path on the License Server VPX.

    /opt/citrix/licensing/LS/conf/ctx_http.keytab

  5. To access the Citrix Licensing Manager, open https://VPXHOST.example.domain.com:8083/
  6. To bind the Active Directory, log on using the user configured in the command in step 1.
  7. To configure and administer other domain users, log on to the Citrix License Administration Console: https://VPXHOST.example.domain.com:8082
  8. Add and remove Active Directory users.

Important:

  • License Server VPX doesn’t support Active Directory groups.
  • Because Kerberos authenticates the Active Directory users, the keytab file generation is crucial.
  • As per Kerberos rules, you must map a unique user against the principal name created using ktpass.exe. For more information, see the ktpass command article.
  • The port in the service principal name (SPN) is required for Studio to display and manage licenses.
  • SSH/SCP is disabled for the root user. Create a new user to access the VPX with SSH/SCP.

Disable domain name truncation on the Citrix License Server VPX

The License Server detects Citrix Service Provider licenses and enables this functionality.

  1. On the command line, go to the /opt/citrix/licensing/LS/conf/ud_settings.conf file.
  2. Using the vi editor, set CTX_UD_USERDOMAIN=1.
  3. Restart the License Server VPX or the Citrix Licensing daemon.
Setting Description  
CTX_UD_USERDOMAIN=1 Use the user domain from user profile. Disables domain name truncation.  
CTX_UD_USERDOMAIN=0 Use the user domain from user profile. Disables domain name truncation. Do not use the user domain from user profile. (default)

Move license files from an older License Server VPX version

This procedure moves only the license files. Reconfigure all the users on the new License Server. Ensure that the license files that you move have the correct ownership and permissions.

  1. Back up the license files from the old Citrix License Server VPX to a network share. All the *.lic license files from: /opt/citrix/licensing/myfiles except citrix_startup.lic
  2. Close the old License Server.
  3. Spin up the new Citrix License Server VPX with the same binding as the older one. The binding might be a MAC address or host name or IP Address specified in the SERVER line of the license files.
  4. Restore the backed-up license files from the Network Share to the new License Server. Restore the files to: /opt/citrix/licensing/myfiles with the file ownership as ctxlsuser:lmadmin (user:group) and permission as 644.
  5. Run this command as ctxlsuser: /opt/citrix/licensing/LS/lmreread -c @localhost

Change port numbers

The Linux kernel reserves Ports 1 through 1024. When configuring the VPX ports, use ports above 1024. When using SSL, use port 8083 for the Citrix Licensing Manager and port 8082 for the License Administration Console, which is open in the firewall. If you select a different port for SSL, reconfigure the firewall in the iptables.