Please be aware that this is not verified at all - but this is posted here just as a precautionary warning until such time as it is verified? Better to be safe than sorry?
***UPDATE: This is a real issue only IF there is a Firewall between the Licensing Server and the Servers hosting Citrix Products
A colleague of mine sent me this:
++++++++++Quote++++++++++++++++++++++++++++++++++
I took down x,xxx users on Monday because I upgraded our License Server to PS 4.5 on Friday afternoon. Everyone went down 11am Monday morning.
Quick look at the firewalls showed that port 1603 was being blocked between all PS servers and the Licensing Server <Licensing.Server.internal.net>. Although telnet on 27000 worked between PS servers and licensing server.
I had the Security Team open the port and all was back to normal, comms resumed....35 minutes down time, what the heck? where did this port come from. None of my research, preparation showed this. <Integrator Support> have not heard of this additional port 1603. <Integrator Support> then raised call with Citrix, but Citrix have passed onto to much higher levels as the 1, 2nd line teams don't know.....
++++++++++Quote++++++++++++++++++++++++++++++++++
And this is further supported by another colleague:
++++++++++Quote++++++++++++++++++++++++++++++++++
I did hit this one at <Customer> when implementing CAG. For some reason, there appears to be this additional port requirement over and above the documented 27000. I didn't pursue it, but it's heck of annoying.
We didn't get the prob in Production with <Customer>, as we did a test in the lab to see what the impact would be, and encountered no issues. But then there were no firewalls between the licence server and the PServers.
++++++++++Quote++++++++++++++++++++++++++++++++++
So reviewing Readme for Citrix Licensing 4.5 (for Windows) lead me to the following article:
It would appear that this comes about as a result of the Citrix Vendor Daemon
As listed in: Licensing: Firewalls and Security Considerations
|
Component
|
Reason for Change
|
See this Section for Procedure
|
|
Citrix vendor daemon
|
By default, the port on which the Citrix vendor daemon communicates changes dynamically—the CitrixLicensing service chooses a new port every time it restarts.
If a firewall is between the license server and the computers running your products, you must configure a static Citrix vendor daemon port number. |
Setting a Static Citrix Vendor Daemon Port Number
|
|
License manager daemon
|
By default, the License Manager daemon communicates over the default TCP port of 27000. If port 27000 is already in use on your license server, you must change the port number the license server uses to communicate with Citrix products.
|
Changing the License Manager Daemon Port Number
|
The upshot of this is that it might still be possible for this to fail until the Citrix Vendor Daemon is locked to a static port? However it does beg the question regarding Citrix's 30 day grace period?