You have also the option to alternatively execute some CodeMeter Control Center functions by the command line based CodeMeter Universal Support Tool (cmu).
cmu supports you in:
•listing of CmContainer contents
•creating a simple test environment for CmContainer
•executing a certified time update, and creating and importing of license request and update files (Context Files and Update Files, *.WibuRaC and *.WibuRaU).
Call cmu in the directory %\Program Files%\CodeMeter\Runtime\bin using the command cmu[32].exe.
Alternatively, on Windows call cmu by the start menu item "Start | All Programs | CodeMeter | Tools | CodeMeter Command Prompt". |
|
Press "Windows" key to open Start screen | Type "CodeMeter Command Prompt" | Press "Enter" key. |
For the operating systems macOS and
Linux this command is provided by the usual search path parameter.
The following list shows all existing cmu commands. A short example section is appended.
•CodeMeter Time Server settings
Command |
Description |
|||
---|---|---|---|---|
/h or --help |
shows this help in the command line window. |
|||
/v or --version |
shows the versions of all available CodeMeter components. |
|||
/l or--list |
lists all connected CmContainer by way of their serial numbers. |
|||
/x or --list-content |
lists the contents of all connected CmContainer. |
|||
/k or --list-server |
lists all available network license server. |
|||
/n or –-list-network |
lists the network license information of the own server. For explanations of terms, e.g. access modes, please see information on license monitoring and terms in license display in CodeMeter WebAdmin. |
|||
|
lists network license information also of remote CodeMeter server. -list-network [--server <servername>|--all-servers] [--serial <serial>] [--firmcode <firmcode> [--productcode <productcode> [--featuremap <featuremap>]]] |
|||
|
--all-servers |
lists the network license information for all found servers. |
||
|
--server <servername> |
lists the network license information for the specified server <servername>. |
||
|
--serial <serial> |
specified parameter configure the output according to criteria selected. |
||
--add-server |
adds a server to the end of your server search list. As an argument pass the server's name, IP or CmWAN URL. Examples: server.domain.local 192.168.0.72 fe80::ea06:88ff:fecf:df6f https://user:secretpassword@server.domain.local/cmwan |
|||
--delete-server |
deletes a server from the server search list. As an argument pass the server's name, IP or CmWan URL as it is listed. |
|||
-- clear-serversearchlist |
deletes all the entries from the server search list. To reactivate automatic server broadcast, please add broadcast using option "--add-server 255.255.255.255". |
|||
--show-serversearchlist |
shows the entries in the server search list. |
|||
/c <FI> or --context <FI> |
creates a license request file (Context File) for Firm Item <FI> (see here). Using option --file specifies the output file. If no option is set the standard output is used (stdout). |
|||
/i or --import |
imports a license update file (Update File) for the available CodeMeter license (see here). Using option --file specifies the file name. The update can cover a CmDongle or a CmActLicense license file. |
|||
/d or --firmware-update |
starts the firmware update of a CmContainer. |
|||
/u or --time-update |
starts the update of the Certified Time in each connected CmContainer. |
|||
/e <s> or --enable <s> |
allows the activation or deactivation of the selected CmContainer. Specifying the CodeMeter password is required. The required new Enabling status is specified by the parameter <s>. Parameter values cover 1 (disable), 2 (temporary enable), 3 (enable). |
|||
/t <no> or --test<no> |
starts some simple tests for each connected CmContainer. The number of tests is specified by parameter <no>. It is required that the CmContainer must be (temporarily) enabled. |
|||
/vv or --cmdust |
creates a CmDust report. This report is useful and required when requesting support. Wibu-Systems recommends to create a CmDust report before contacting the support. Using the option --file writes the result into a text file. |
|||
--borrow |
allows the borrowing of licenses from a license server to the local PC. You have to specify the Firm Code and the Product Code of the license using the options --firmcode and --productcode. As an additional option you may specify the Feature Map using the option --featuremap. Moreover, you have to specify the serial number of the client CmContainer and the server name using the options --serial and --server. |
|||
--return |
returns the borrowed license to the license server. You have to specify the Firm Code and the Product Code of the license using the options --firmcode and --productcode and the serial number of the client CmContainer and the server name using the options --serial and --server. |
|||
--borrowlist |
lists the borrowed licenses for the client and the server. |
|||
--transferlist |
creates a listing of the license transfer relevant data. |
|||
--enabling |
lists the enabling stati of all connected CmContainer. Combined with the command –x you can also display additional enabling information of the CmContainer content. |
|||
--create-io |
is used in combination with the option --file and makes sense only when using the hardware form factors CmCard/SD or CmCard/CF. A new codemtr.io file is created. Please call this command only if the codemtr.io file is deleted. |
|||
--detect-proxy |
prints the system proxy to standard output.. Please note, that under |
|||
--delete-cmact-license |
deletes a CmActLicense license you specify using the command --serial.
|
|||
--set-access-data |
activates WebAdmin write authentication and saves the password. Use with option --password to define password. |
|||
sets CodeMeter proxy configuration. As argument pass the name or IP address of the proxy server. A port different to the default port (80) may be defined by --port followed by the port number. A user password authentication may be set by --username <name of the user> --password <password>. To remove the authentication use --username followed by "".
Examples: cmu --set-proxy proxy.company.com --username johndoe --password mypassword --port 90 cmu --set-proxy proxy.company.com --username "" |
||||
--reset-access-data |
deletes both passwords for WebAdmin authentication (read- and write-passwords) and sets default (no read authentication, no write authentication). "Local Access only" will be set. |
|||
--device-id |
sets this parameter on import of WibuCmLiF files (--import) with binding scheme "Binding Extension". The input of the device-id is as 128 hex digits preceeded by "0x". |
|||
--hid |
sets the USB communication standard to the Human Interface Device (HID) class specification. Shortcut for --set-config-disk HidCommunication. May be used with or without specifying a serial number via --serial. Without specifying the command will be executed for all connected CmDongles. |
|||
--msd |
sets the USB communication standard to the Mass Storage Device (MSD) class specification. Shortcut for --set-config-disk MsdCommunication. May be used with or without specifying a serial number via --serial. Without specifying the command will be executed for all connected CmDongles. |
CodeMeter Time Server Settings
Please note that only Wibu-Systems CodeMeter Time Servers may be specified here. You cannot specify your own NTP (Network Time Protocol) time servers here, as this time synchronization does not guarantee a Certified Time, which plays an important role, for example, when retrieving and subsequently validating time-based licenses. |
--add-timeserver |
appends a single CodeMeter Time Server to your Time Server list. As argument, pass the Server name or IP address (IPv5 or IPv6). |
---|---|
--delete-timeserver |
deletes a single CodeMeter Time Server from your Time Server list. As argument, pass the Server name or IP address (IPv5 or IPv6). |
--clear-timeserver-list |
removes all entries from the CodeMeter Time Server list. |
--set-timeserver-default |
sets the CodeMeter Time Server settings to default parameters. •CodeMeter Time Servers: cmtime.codemeter.com, cmtime.codemeter.de, cmtime.codemeter.us •Timeout: 20 seconds •Protocol: http |
--show-timeserver-info |
shows the entries in the CodeMeter Time Server list. |
--set-timeserver-timeout |
sets the timeout of the CodeMeter Time Server in seconds. Value range is between 1 and 120. Default value is 20 seconds. |
--set-timeserver-protocol |
sets one of the protocols HTTP or HTTPS for CodeMeter Time Server. |
All calls existing in CodeMeter Core API for the licenses transfer feature can also be called using cmu. Here the respective files are used (WibuCmLIF/WibuCmRaC/WibuCmRaU). The following cmu calls exist:
Command |
Description |
|||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
--create-lt-context <parameters> |
Enables to create a license transfer context. Used with --lt-push parameters to specify the nature of the transfer - license update with FSB if omitted. Additional parameters:
|
|||||||||||||||||||||
--create-lt-update <parameters> |
Enables to transfer a license transfer context. Used with one of following parameters to specify the nature of the transfer:
Additional mandatory parameters:
Additional optional parameters:
|
|||||||||||||||||||||
--import-lt-update <parameters> |
Updates license transfer data on the target side. Used with either --lt-push, --lt-pull, --lt-fsb or --lt-return parameters to specify the nature of the transfer. Additional parameters:
|
|||||||||||||||||||||
--create-lt-receipt <parameters> |
Creates a signature with a defined private key and gives it back as a receipt to specify the nature the transfer. Additional parameters:
|
|||||||||||||||||||||
--import-lt-receipt <parameters> |
Checks the receipt with a defined public key confirming the validity of a transaction. Used with one of following parameters to specify the nature of the transfer. Additional parameters:
|
|||||||||||||||||||||
--lt-cleanup <parameters> |
Possible cleanup action |
|||||||||||||||||||||
|
--deleted |
clean deleted licenses |
||||||||||||||||||||
--disabled |
clean disabled (dangerous) |
|||||||||||||||||||||
--hiddenhistory |
clean history of given product item |
|||||||||||||||||||||
--container |
removes whole license container (dangerous) |
|||||||||||||||||||||
Additional parameter |
||||||||||||||||||||||
--serial <serial> or -s <serial> |
selects the CmContainer with the specified Serial Number. |
|||||||||||||||||||||
--firmcode <fc> |
selects the Firm Code of the transferred license. |
|||||||||||||||||||||
--productcode <pc> |
selects the Product Code of the transferred license. |
|||||||||||||||||||||
--lt-product-ref <number> |
It is used to specify the Product Item Reference <number>. The default input for the <number> is in decimal unless it begins with 0x or 0X. |
Creating and importing a namelist of Named User
To restrict access to licenses to so-called named users, external namelist files must be used. This process is done in two steps:
A namelist file includes a list of authorized users in plain text entries and must conform to a JSON format. The format is specified by Wibu-Systems.
2.Mandatory importing of the namelist file
Cmu converts the plaintext entries of the namelist file into a list of hash values
After importing and converting the plaintext entries into hash values by cmu, the hash values cannot be exported back to the original plaintext entries: recovery is not possible in any case. You are therefore responsible for saving the data yourself! |
To create the namelist file you need information from software vendors about
•the Firm Code used,
•the JSON format version and
•the unique identifier of the name list (NamelistId).
The following applies to a namelist:
•There is a format version that is easy to edit and extend.
•It is possible to change the namelist file without restarting CodeMeter.
That is importing a changed namelist file is possible at any time without a restart, which then becomes valid, but this does not mean that it is possible to change the file in CodeMeter itself.
•For security reasons no plain names are kept in memory.
•The file can be assigned to one or more product items via NameListId and Firm Code.
•Case sensitivity: using "IgnoreCase": true the names are first converted to lower case before hashing. Currently only ASCII characters are affected by this entry.
•A maximum of 5000 named users are allowed per namelist.
•CodeMeter uses a maximum of 250 namelists.
It is possible to add users to the namelist multiple times, whereby the total frequency, the entry position and the License Quantity are taken into account and allow list control.
With a number of licenses n and a number of m entries applies:
•If the number of entries m is greater than the number n of available licenses, only the first n entries are used.
•If, on the other hand, the number of entries m is less than the number n of available licenses, only the m entries are used; if the license is created with the singlealloc option, the remaining n-m licenses cannot be used.
Please find example files for each credential type with parameters and descriptions below.
{
"NameList": {
"FirmCode": 6000010,
"IgnoreCase": true,
"FormatVersion": 1,
"Mode": "User",
"NameListId": 1234,
"Users": [
{
"Name": "Jane"
},
{
"Name": "Alice"
},
{
"Name": "Bob"
}
]
}
}
Parameter |
Description |
---|---|
FirmCode |
holds the Firm Code to which the namelist refers. |
IgnoreCase |
contains the selection about switching off the upper/lower case criterion. By default, true ignores the case and converts the names to lower case. Currently only ASCII characters are affected by this entry. |
FormatVersion |
holds the valid version of the JSON format. |
Mode |
holds the credential type and the respective check mode. |
NameListId |
holds the unique identification number of the namelist. |
Users |
holds the array of elements of type "Users". |
Name |
holds the respective name of the user eligible for an authorized license access as NamedUser. |
{
"NameList": {
"FirmCode": 6000010,
"IgnoreCase": true,
"FormatVersion": 1,
"Mode": "UserDomain"
"NameListId": 5678,
"Users": [
{
"Domain": "MyCompany",
"Name": "Jane"
},
{
"Domain": "MyCompany",
"Name": "Alice"
},
{
"Domain": "MyCompany",
"Name": "Bob"
}
]
}
}
Parameter |
Description |
---|---|
FirmCode |
holds the Firm Code to which the namelist refers. |
IgnoreCase |
contains the selection about switching off the upper/lower case criterion. By default, true ignores the case and converts the names to lower case. Currently only ASCII characters are affected by this entry. |
FormatVersion |
holds the valid version of the JSON format. |
Mode |
holds the credential type and the respective check mode. |
NameListId |
holds the unique identification number of the namelist. |
Users |
holds the array of elements of type "Users". |
Domain |
holds the respective name of the domain eligible for an authorized license acccess as NamedUser. |
Name |
holds the respective name of the user eligible for an authorized license acccess as NamedUser. |
{
"NameList": {
"FirmCode": 6000010,
"IgnoreCase": true,
"FormatVersion": 1,
"Mode": "UserDefined"
"NameListId": 91011,
"Users": [
{
"UserDefinedText": "ABCSoftwareModule1"
},
{
"UserDefinedText": "ABCSoftwareModule2"
},
{
"UserDefinedText": "ABCSoftwareModule3"
}
]
}
}
Parameter |
Description |
---|---|
FirmCode |
holds the Firm Code to which the namelist refers. |
IgnoreCase |
contains the selection about switching off the upper/lower case criterion. By default, true ignores the case and converts the names to lower case. Currently only ASCII characters are affected by this entry. |
FormatVersion |
holds the valid version of the JSON formatv. |
Mode |
holds the credential type and the respective check mode. |
NameListId |
holds the unique identification number of the namelist. |
Users |
holds the array of elements of type "Users". |
UserDefinedText |
holds the respective user-defined text eligible for an authorized license acccess as NamedUser. |
Importing a namelist of named users
Using external namelist files requires an import via the following cmu command after their creation.
Cmu converts the entries of the namelist file into a list of hashes. Using another cmu command allows the hash output of this Namelist to stdout.
After importing and converting the plaintext entries into hash values by cmu, the hash values cannot be exported back to the original plaintext entries: recovery is not possible in any case. You are therefore responsible for saving the data yourself! |
The cryptographic hash function Secure Hash Algorithm sha256 is used to ensure the integrity of the data.
Only the first 8 bytes are used for the user hash values, but the full 32 bytes are used for the hash value of the entire file.
If an empty namelist file is imported, i.e. without specification of named users, CodeMeter deletes the associated file if it exists.
If a namelist file is re-imported, occupied license accesses are not released. If users suddenly no longer have authorization due to a change in the namelist file, they will also no longer be assigned new license accesses. However, previous license accesses can still be used.
The locations of the imported namelist then generated by cmu for the different operating systems are:
Operating system |
Location |
---|---|
|
%ProgramData%/CodeMeter/NamedUser |
|
/Library/Application Support/CodeMeter/NamedUser |
|
/var/lib/CodeMeter/NamedUser |
The notation bases on Firm Code and NameListId, e.g. 6000010-2222.txt.
Subsequently, CodeMeter handles license accesses of users on the namelist.
Hash output of a namelist file
Option |
Description |
||||||
---|---|---|---|---|---|---|---|
--show-namelisthashes -f <filename> |
outputs the hashes of a namelist file into file <filename>.. Each line outputs a single Named User entry of the namelist. Each line contains exactly two fields separated by a tab.
The output is in UTF-8 format on stdout and can be further processed from there with appropriate applications, e.g. programming language awk for processing and evaluation of any text data. |
||||||
cmu[32].exe --show-namelist-hashes -f NamedUserHashing_user.json Output is: abcdefghijklmn\abcdefghijklmnopqrstuvwxyz01234 8094ca566d14d155 abcdefghijklmn\abcdefghijklmnopqrstuvwxyz01234 8094ca566d14d155 abcdefghijklmn\abcdefghijklmnopqrstuvwxyz01234 8094ca566d14d155 abcdefghijklmn\abcdefghijklmnopqrstuvwxyz01234 8094ca566d14d155 abcdefghijklmn\abcdefghijklmnopqrstuvwxyz01234 8094ca566d14d155 abcdefghijklmn\abcdefghijklmnopqrstuvwxyz0123 f25227d24bb65ac4 abcdefghijklmn\abcdefghijklmnopqrstuvwxyz0123 f25227d24bb65ac4 abcdefghijklmn\abcdefghijklmnopqrstuvwxyz012ä de77086674e55409 abcdefghijklmn\abcdefghijklmnopqrstuvwxyz012 a1c4b5951eb70a1f |
Listing rejected license allocations
The List-Rejected-Allocations feature allows to track all rejected license allocations for a specific CodeMeter License Server (local or remote) and retrieve them as a list of log entries.
The log entries listed cover the following information: timestamp (UTC), LicenseID, Firm Code, Product Code, Product Item Reference, License Quantity, and client and user information.
Configuring allows the data output either for individual Firm Codes or for all Firm Codes (default). In addition, specifying the maximum number of log entries is supported. The current status of the log entries may be retrieved at any time.
If the data is not retrieved, it will no longer be available after restarting CodeMeter License Server. However, if only the feature is deactivated, the data remains and can be retrieved later. Only after a later reactivation, all not retrieved data of the previous recording will be lost.
The use of this feature is independent of license tracking.
Users must actively retrieve the data via cmu. The data is then written to the command line (stdout) or to a user-defined file. Recorded data is not automatically written to a log file at a central location, as is the case with the license tracking log, for example. |
The feature can also be activated, disabled and configured via profiling entries in the registry (Windows) / Server.ini (Unix).
For efficient or effective use of listed rejected license assignments two different strategies can be followed. Either a high number of log entries can be set with potentially higher memory consumption and not so frequent data retrievals. Or a low number of log entries can be set with potentially lower memory consumption and the need to retrieve data more frequently to avoid missing rejections when the limit of the maximum number of log entries is reached.
Command |
Description |
|||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
--list-rejected-allocations |
|
|||||||||||
Options |
|
|||||||||||
|
--activate |
activates logging of rejected allocations.
|
||||||||||
|
--deactivate |
deactivates logging of rejected allocations. |
||||||||||
|
--status |
queries the current status of logging. |
||||||||||
|
--get-data |
queries all data logged by CodeMeter License Server and issues them in order of occurrence of rejected license assignments as a time-sorted list in the console (stdout). |
||||||||||
|
Additional parameter: |
|||||||||||
|
|
[--file <filename>] |
Optionally, the data can also be written to a file. The --file parameter is used either to extend an existing file by appending the data until the maximum number of log entries is reached, or to create a new file with the specified name if none already exists. |
|||||||||
|
Optional |
|
||||||||||
|
--server <ip or hostname> |
allows to execute the above commands also for a remote computer. For this, the remote computer on which CodeMeter License Server is running as a service must be set up as a LAN server. This either in profiling (IsNetworkServer) or in CodeMeter WebAdmin (Configuration | Server | Server Access). |
The console output for the --activate, --deactivate or --status commands might look as follows:
List-Rejected-Allocations – Activated
Started recording at: 2021-07-05T15:49:55 Stopped recording at:
Tracked Firmcode: All Maximum number of entries: 1000
Total rejections: 324
Entries ready for retrieval: 77 |
---|
The output of a data query might look as follows.
cmu --list-rejected-allocations --get-data 2021-05-10T10:11:32 Denial LicenseID:3-5430061-6001494-16, FC:6000010, PC:999, LQ:1, Client:"192.168.2.200", User:"VM\ap" 2021-05-10T11:00:01 Denial LicenseID:3-5430062-6001494-54, FC:6000010, PC:42, LQ:3, Client:"192.168.2.55", User:"ABC\db" 2021-05-10T11:20:19 Denial LicenseID:3-5430061-6001494-18, FC:6000010, PC:999, LQ:1, Client:"10.49.205.3", User:"ABC\cd" 2021-05-10T12:01:33 Denial LicenseID:3-5430063-6001494-99, FC:6000010, PC:123, LQ:1, Client:"192.168.2.106", User:"ABC\ap" 2021-05-10T12:10:00 Denial LicenseID:3-5430061-6001494-17, FC:6000010, PC:999, LQ:1, Client:"10.49.205.3", User:"ABC\cd" 2021-05-10T13:59:59 Denial LicenseID:3-5430062-6001494-54, FC:6000010, PC:42, LQ:3, Client:"192.168.2.55", User:"ABC\dabu" 2021-05-10T14:05:48 Denial LicenseID:3-5430062-6001494-54, FC:6000010, PC:42, LQ:1, Client:"192.168.2.55", User:"ABC\db" 2021-05-10T14:49:53 Denial LicenseID:3-5430063-6001494-99, FC:6000010, PC:123, LQ:1, Client:"192.168.2.106", User:"ABC\ap" |
---|
The following list shows additional cmu options:
Options |
Description |
||||
---|---|---|---|---|---|
/f <file> or --file <file> |
Additional option which writes the command result into a file <file>. This option is used in combination with the commands --context, --import, --cmdust. |
||||
/s <serial> or --serial <serial> |
Additional option which defines that a command is valid only for a CmContainer specified by its serial number <serial>, e.g. "1-10234242". |
||||
/p <pwd> or --password <pwd> |
Additional option in combination with the commands --enable and --firmware-update. This option defines the required CodeMeter Password for this command. |
||||
--firmcode <fc> |
Additional option in combination with the commands --borrow or --return specifying the Firm Code of the borrowed license. |
||||
--productcode <pc> |
Additional option in combination with the commands --borrow or --return specifying the Product Code of the borrowed license. |
||||
--featuremap <fm> |
Additional option in combination with the commands --borrow or --return specifying the Feature Map of the borrowed license. |
||||
--server <servername> |
Additional option to borrow a license from another server. Is used in combination with command --borrow. |
||||
--write |
Additional option used in combination with the command --detect-proxy which saves the setting using the CodeMeter profiling. These settings are written only if no proxy has been previously set in the profiling. For overwriting the settings use the option --force. |
||||
--force |
Additional option used in combination with the command --detect-proxy which overwrites already existing proxy settings in the CodeMeter®profiling. |
||||
--show-config-disk |
Shows the current settings of removable/fixed drives or of the type of the defined Master Boot Record (MBR). This option concerns the behavior of virtual flash memory partitions. Use only for CmStick and CmStick/M. |
||||
--set-config-disk <parameter> |
Allows to define a special behavior of virtual flash memory partitions, e.g. drive settings, boot code or activations (CmDongle only).
|
||||
--check-cm-integrity |
Allows to check the CodeMeter signature. |
||||
allows you to export the list of License Access Permissions (ACL, Access Control List). Please use the --file option to specify the file name. The specification of absolute paths is supported. If no path is specified, the file is located in the local directory. The export is possible during operation, the CodeMeter WebAdmin service does not have to be stopped or started separately. The list is exported in *.json format. No file extension must be specified. The file is editable. For information about format conventions to be used please contact Wibu-Systems Support.
|
|||||
--import-acl |
allows you to import the list of License Access Permissions (ACL, Access Control List). Please use the --file option to specify the file name. The specification of absolute paths is supported. If no path is specified, the file is located in the local directory. The import is possible during operation, the CodeMeter WebAdmin service does not have to be stopped or started separately. The list is imported in *.json format. No file extension must be specified. The file is editable. For information about format conventions to be used please contact Wibu-Systems Support.
|
||||
--delete-cmcloud-credentials |
Allows you to delete the CodeMeter Cloud credentials belonging to the CmCloudContainer specified with --serial.
|
Action |
Parameter |
---|---|
Displaying cmu options |
Cmu[32].exe -h |
Creating a CodeMeter Remote Activation Context File (here:1-1040870.WibuCmRaC) for the Firm Code 10 (Firm Item level) |
Cmu[32].exe -c10 -f1-140870.WibuCmRaC |
Importing a CodeMeter Remote Activation Update File (here:1-1040870.WibuCmRaU) --> reprograms the connected CmContainer |
Cmu[32].exe -i -f1-1040870.WibuCmRaU |
Showing the versions of current CodeMeter components. |
cmu[32] --version |
Listing all available CodeMeter network license server and if existing all related licenses. |
cmu[32] --list-server --list-content |
Starting 100 simple tests. The tests are executed only for the CmContainer specified by the serial number of 1-233232. |
cmu[32] --test 100 --serial 1-233232 |
Changing the enabling status to "temporarily enabled" for the CmContainer 1-2345 by using the CodeMeter password "SECRET". |
cmu[32] --enable2 --serial 1-2345 --password SECRET |