Summary
Citrix Password Manager requires a license server to distribute and track licenses as compared to the manual process seen in MetaFrame Password Manager 2.5. A proper understanding of the technical details of this process will allow the administrator to troubleshoot errors quickly and efficiently. This article will compare the licensing operation of Password Manager to that of Presentation Server as well as exploring the check-out and check–in process of licenses on the Password Manager server.
Licensing Differences Between Citrix Password Manager and Citrix Presentation Server’s Licensing Operation
The Password Manager licensing operation is similar to the licensing operation that is used by Presentation Server. However, there are differences between their modes of operation:
Startup, Check-out, Check-in, Renewal, and behavior
Password Manager Agents require a license server to check-out and check-in licenses; Password Manager will not function without the presence of a license server. The Agent makes a request to the server to check-out a license in order to permit it to operate. After a license is checked-out, only that Agent can use the license for the duration of the Disconnected Mode Period, or until the Agent checks in the license. One important piece of information to keep in mind is that the Agent can only check-out licenses and the server can only check-in licenses. This process will become clearer with the review of the Check-out, Renewal, and Check-in behavior in the debug log file which can be found at C:\Program Files\Citrix\Licensing\LS\ lmgrd_debug.log
Note: For a more in-depth look into licensing see the Licensing_Guide.pdf in the documentation folder of the Password Manager CD.
Startup Process:
Whenever the Agent starts up, it checks out a “start-up license” which delivers generic operating parameters to the Agent.
21:00:50 (CITRIX) TCP_NODELAY enabled
21:00:50 (CITRIX) OUT: "CITRIX" USER15@GENE-VM-2K3 [ec26edf8] (Agent checked out start-up license)
21:00:50 (CITRIX) IN: "CITRIX" USER15@GENE-VM-2K3 [ec26edf8] (Agent checked in start-up license)
21:00:50 (CITRIX) OUT: "MPM_ADV_RC" USER15@GENE-VM-2K3 [ec26edf8]
21:01:05 (CITRIX) OUT: "MPM_ADV_RC" USER15@GENE-VM-2K3 [ec26edf8]
21:01:05 (CITRIX) IN: "MPM_ADV_RC" USER15@GENE-VM-2K3 [ec26edf8]
21:01:40 (CITRIX) IN: "MPM_ADV_RC" USER15@GENE-VM-2K3 [ec26edf8]
21:00:50 (CITRIX) OUT: "CITRIX" USER15@GENE-VM-2K3 [ec26edf8]
21:00:50 (CITRIX) IN: "CITRIX" USER15@GENE-VM-2K3 [ec26edf8]
The Agent checks out a “start-up” license and then immediately checks it back in again. The start-up license does not use the Linger API (explained later in this article). The OUT: entry represents the license being checked out and the IN: entry represents the license being checked in.
Check-Out Process:
The Agent only performs one type of operation with the license server: check-out. In the example below, a Password Manager Agent is started (and receives a license) and is then shut down (and returns the license.) The following is what the debug log on the License Server displays:
21:00:50 (CITRIX) TCP_NODELAY enabled
21:00:50 (CITRIX) OUT: "CITRIX" USER15@GENE-VM-2K3 [ec26edf8]
21:00:50 (CITRIX) IN: "CITRIX" USER15@GENE-VM-2K3 [ec26edf8]
21:00:50 (CITRIX) OUT: "MPM_ADV_RC" USER15@GENE-VM-2K3 [ec26edf8] (Agent has checked out a license)
21:01:05 (CITRIX) OUT: "MPM_ADV_RC" USER15@GENE-VM-2K3 [ec26edf8] (Agent has checked out the license with linger time = 1 second (Agent intends to return the license))
21:01:05 (CITRIX) IN: "MPM_ADV_RC" USER15@GENE-VM-2K3 [ec26edf8]
21:01:40 (CITRIX) IN: "MPM_ADV_RC" USER15@GENE-VM-2K3 [ec26edf8]
21:00:50 (CITRIX) OUT: "MPM_ADV_RC" USER15@GENE-VM-2K3 [ec26edf8]
The Agent has started and has checked out a license. The agent will keep the licenses depending on the licensing mode set by the administrator.
Note: All OUT: log entries accompany a request from the Agent. If you are using a network monitor, you should see communication between the Agent and License Server at all times OUT: entries occur.
Check-In Process:
To explain the check-in process, see the debug log entries below.
21:00:50 (CITRIX) TCP_NODELAY enabled
21:00:50 (CITRIX) OUT: "CITRIX" USER15@GENE-VM-2K3 [ec26edf8]
21:00:50 (CITRIX) IN: "CITRIX" USER15@GENE-VM-2K3 [ec26edf8]
21:00:50 (CITRIX) OUT: "MPM_ADV_RC" USER15@GENE-VM-2K3 [ec26edf8]
21:01:05 (CITRIX) OUT: "MPM_ADV_RC" USER15@GENE-VM-2K3 [ec26edf8]
21:01:05 (CITRIX) IN: "MPM_ADV_RC" USER15@GENE-VM-2K3 [ec26edf8] (License server has checked in a license for [ec26edf8].)
21:01:40 (CITRIX) IN: "MPM_ADV_RC" USER15@GENE-VM-2K3 [ec26edf8] (Linger timer expires, and License server finally checks in the “last” license for [ec26edf8].)
21:01:05 (CITRIX) OUT: "MPM_ADV_RC" USER15@GENE-VM-2K3 [ec26edf8]
This log entry is the result of the Agent shutting down and returning the license.
Since the Agent can perform check-out operations only, the Agent needs to check out the same license a second time for only one second causing the license server to check it back in. This is done by the Agent setting a check-out parameter called a linger period to one second which tells the License server how long to keep the license checked out. At the end of the linger period, the server automatically checks in the license.
Therefore, to return a license, the Agent checks out a license with a linger time of 1 second. This in turn causes the License server to check- in the license a second later.
21:01:05 (CITRIX) IN: "MPM_ADV_RC" USER15@GENE-VM-2K3 [ec26edf8]
This is the first of two IN: entries that will occur. Note that this entry occurs at exactly the same time as the previous OUT: entry. That’s because from the license server’s point of view, the previous IN: entry results in two instances of the same licenses [ec26edf8] being checked out. The license server tries to keep only one instance of a license checked out at all times, so it corrects this situation by performing a check-in.
Now there is only one instance of license with identifier [ec26edf8] checked out. To fully release the license, another check-in must occur (see next section).
Note: Only the license server performs check-ins. Any IN: log entry results from the license server’s actions, not from a request from the Agent. If you are using a network monitor, you should not expect to see communication between the Agent and License Server at times that IN: entries occur.
21:01:40 (CITRIX) IN: "MPM_ADV_RC" USER15@GENE-VM-2K3 [ec26edf8]
Once the Linger timer expires for a particular license, the license is not checked in immediately. Instead it must wait for a thread of the license server process to wake up and check it in. This thread wakes up every minute, and it may take up to a minute to execute. So it may take up to just under 2 minutes for a license to be once again available for check-out.
In the above example, a license was checked in at 21:01:05 with a linger time of 1 second. Its linger timer should have expired at 21:01:06. Finally, at 21:01:40, the license server returned the license to the system. Now there are no more licenses checked out with identifier [ec26edf8].
Renewal Process:
While an Agent is running, it will periodically try to renew its license. There is no renew operation, rather, the Agent only attempts to check-out the license again using the same linger time. For example, consider the scenario of a Named User license with a linger time of 21 days. Every 6 hours, the Agent will try to check out a license with a linger timer of 21 days. By having a proper understanding of the technical details of the differences in licensing between the Citrix products and knowledge of the licensing debug log an administrator will have a valuable tool for troubleshooting. When using the log file an administrator will be able to see the licensing process to assist in tracking down issues.
Note: The log file is cleared by restarting the licensing service. To setup the log file to retain the past information see the Licensing_Guide.pdf
More Information
See Advanced Concepts Guide - Citrix Presentation Server, Platinum Edition - for a list of additional Advanced Concepts Guide articles.
