[ Back | Print ]
Technical Information Document
NW5 Installing MLA License Certificates - TID2944797 (last modified 11OCT2000)
printer friendly tell a friend
Click here if this does not solve your problem
2944797 2944797

NetWare 5.0 MLA license disks ship with a white 5 1/2 x 8 1/2" instruction. (A copy of this document is provided at the bottom of this technical information document (T.I.D.). The additional instructions pertain to installing the Novell International Cryptographic Infrastructure (NICI) foundation key when a license is not installed on the server. These instructions pertain only to NetWare 5.0, NetWare 5.1 provides prompts to install the foundation key without installing the license. Please note that Unlimited CLA licenses are treated the same as MLA licenses.

Some questions have arisen dealing with the various ways MLA licenses can be implemented. This T.I.D. is designed to specifically address concerns with MLA licensing. A more complete document on the issue of licensing for both MLA and non-MLA environments can be found in T.I.D. 2943750, "Understanding NetWare 5 Licensing".

Questions and Answers:

Q: What is the difference between VLA, CLA and MLA licensing?
A: VLA licensing provides special licensing pricing but uses the standard licences: server plus 5 connections and optional additional licenses such as 5, 10, 50, 100 user connection licenses, etc.
CLA and MLA licensing, while contracted for at different rates due to volume, both use the MLA license. An MLA license for NetWare 5 will have "Server Plus Unlimited Connections" on the license disk.

Q: How many times can I install MLA licensing?
MLA Licenses can be installed repeatedly throughout the tree as the licenses will not conflict with one another. The document listed at the bottom of this T.I.D. recommends installing an MLA license in each container that contains a Server object.

Q: Which objects are required for each server?
Each server MUST have an NLS Licensing Object in order to determine where to look for licensing and to provide the licensing server on each server. The object created takes the form: NLS_LSP_<servername>. For example, for server MYSERVER in O=NOVELL, the created NLS License object would be CN=NLS_LSP_MYSERVER.O=NOVELL. These objects can only be properly viewed with the the NWadmin32.exe contained in the SYS:PUBLIC\WIN32 directory of a NetWare 5 server. If the NLS_LSP_<servername> object was not created during the server installation, or has been removed, it must be recreated using SETUPNLS or the "Setup Licensing" option of "Licensing Options" in NWCONFIG.

In an MLA environment, license objects are required for each tree but are optional for each server. There are two types of license objects, the server base license object and the connection license object.

The server base object appears as:
Novell+NetWare 5 Server+500

The connection license appears as:
Novell+NetWare 5 Conn SCL+500

(The 500 refers to the version of NetWare, not the number of connections. NetWare 5.1 objects appear as ....+510)

When the first Netware 5 server is installed into the tree, these two objects will be created in the same container with the first NetWare 5 server. These two license objects are both unlimited connection licenses which can be installed multiple times but do not need to be installed more than once. However, to speed authentication, most administrators will probably want to install licenses into the root of each partition in the tree. Once a workstation has logged in, these objects are cached in server memory thus speeding access.

Because these objects are unlimited, it is not necessary to install a license for each server. In fact, you cannot install an MLA license more than once in the same container, so only the first NetWare 5 server into a container can be licensed. This means some MLA servers may have an NLS_LSP_<servername> object without any associated license objects.

Q: Where should I install these objects?
As stated above, all three objects will be installed in the same container with the first Netware 5 server into the tree. For servers installed into the tree with the option "Install without a License", only the NLS_LSP_<servername> object is created.

[Note: There are several prerequisites for the creation of the NLS_LSP_<servername> object. In order for this object to be successfully created, the following conditions must exist:

+ There is a read/write replica of the partition into which the server will be installed.
+ This read/write replica must reside on a server that currently contains the NLS Licensing Service

There are scenarios in which this replica cannot be added automatically by NWCONFIG and must be added manually.

+ The server is being installed into a child partition below Root and the above two conditions have not been met already.

Q: Do I need to copy the NICI Foundation Keys to each NetWare 5 server?
The MLA License installation document indicates that the NICI Foundation Keys should be copied to each server. NICI is only required for SSL and related security features if implemented on the server in question. however, to prevent problems with the lack of these files if these features are installed in the future, it is a good policy to copy and rename the foundation key as specified below for each NetWare 5 installed without a license.

Q: If a Server has been assigned to a license certificate, can I delete this assignment?
Yes, but only in an MLA environment. Double-click the particular license object to reveal the license certificate. Right-Click the certificate and select "Details". On the details screen that pops-up, select the "Assignments" tab. For Non-MLA licenses, the server assignment must be filled-in. For MLA licenses, specific server assignment prevents more than one server from using the license. If an assignment is listed, highlight it and delete it. Then click OK to exit the screen.

Q: Why can't I install a second server license into a container?
A server has been associated with the certificate preventing more than one server from using the license. You must remove the server association so that multiple servers can use the MLA license. To do this:
Double-click the particular license object to reveal the license certificate. Right-Click the certificate and select "Details". On the details screen that pops-up, select the "Assignments" tab. For Non-MLA licenses, the server assignment must be filled-in. For MLA licenses, specific server assignments prevent more than one server from using the license. If an assignment is listed, highlight it and delete it. Then click OK to exit the screen.

Q: Why can't my server find the MLA licenses at the Root of the tree?
The NLS_LSP_<servername> object determines how the server can search for licenses. To find this setting, right-click the NLS_LSP_<servername> object. The default setting is "Search to the root of the tree". The object can also be configured to "Search to the root of the local partition". If this second setting has been selected and the license objects are not contained in the current partition, the license search will fail. In either case, the license objects must be contained at the same or higher level (closer to Root) of the tree. A license certificate contained in a container further from root than the server object will not be found.

Q: Can I move my license objects?
License objects can be moved to another location as long as the associated NLS_LSP_<servername> object is moved with it to the same destination. Use SYS:PUBLIC\WIN32\NLSMan32.exe to move license certifcates. Note: You can only move the certificate, not the license container. A new license container will be created the NLSMan32.exe.
The following is extracted from the instructions for installing MLA licenses. This document accompanies each MLA License diskette:
Installing MLA License Certificates and Cryptographic Foundation Key

Installing NetWare 5 in a Master License Agreement (MLA) environment requires some additional procedures to the standard installation process. The following procedures will help you through these additional requirements:

1. Install your MLA license certificates envelope in each NDS container that contains Server objects. You can install the certificates during server installation or use NWCONFIG at the server console or NetWare Administrator.

An envelope contains a certificate for each of the following:

+ Server base license (unlimited units)
+ Server connection license (unlimited units)

NOTE: NetWare 5 does not allow you to install more than one of either certificate in a particular container. However, you can install these certificates multiple times throughout the Directory tree.

When installing NetWare 5, the server installation program will display an error message if a license certificate already exists in a particular container.

If you are installing more than one Server object in a container, do not make a specific file server assignment in the certificate. Doing so will limit other servers in the container from using the certificates.

2. Install the cryptographic foundation key on each server by copying the key from the MLA license diskette to SYS:SYSTEM on each server as NICIFK.

The cryptographic foundation key is stored on the MLA floppy disc as a file XXXXXXXX.NFK, where XXXXXXXX is the license serial number. When copying the key, rename the file from XXXXXXXX.NFK to NICIFK. The file naming is not case sensitive.

3. Reboot the server.

The server will come up with the level of cryptographic functionality supported by the distribution CD-ROM.

Document Title: NW5 Installing MLA License Certificates
Document ID: 2944797
Creation Date: 16NOV1998
Modified Date: 11OCT2000
Document Revision: 10
Novell Product Class: Beta
Novell BorderManager Services
Novell Product and Version: BETA - BorderManager 3.0
NetWare 3.11
NetWare 4.11
NetWare 4.2
NetWare 5
Novell Clients
intraNetWare 4.11
BorderManager Enterprise Edition 3


The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

[ Back | Print ]