AD licensing cannot collect statistical information by default because the Windows Active Directory does not allow this.
We therefore offer an optional component, the axes4 AD Statistics Server. This is a Windows service that starts a small web server. With the appropriate configuration, the clients send statistical data to the web server. This collects the data and displays it in its own user interface.
When is which data collected?
The axes4 products send statistical data to the server when they are activated. The following therefore applies:
axesWord: The statistics server shows who has installed axesWord and activated the add-in (i.e. started MS Word). The statistics server does not show how often the PDF output of axesWord has been called up.
axesSlide: The statistics server shows who has installed axesSlide and activated the add-in (i.e. started MS PowerPoint). The statistics server does not show how often the PDF output of axesSlide has been called up.
axesPDF: The statistics server shows who has installed and started axesPDF.
Clients send the following data to the server:
- Domain name and user name
- Device name
- axes4 product name
- axes4 license
- Success status including any error information.
Requirements
System requirements
Windows Server 2016 or later. We recommend the latest version of Windows Server.
Network
The statistics server does not send any data to the internet, so it can be located behind the firewall in the intranet.
Clients that send data to the statistics server must be able to reach it in the network. The port on which the statistics server is running must be open on the firewall of the server computer. The installer automatically creates a firewall rule for the default port 29375.
Creating the service account
Create a managed service account in your AD, for example axes4StatServer. After installation, this account is defined as the LogOn account for the statistics server service.
Server certificate
Communication between the clients and the AD-Statistics server is encrypted. A TLS server certificate with server authentication must therefore be installed on the server computer.
AD group for statistics admins
Authorization for access to the user interface of the statistics server is controlled via a freely definable AD group.
Create a group in your AD, for example axes4StatisticsAdmins, and add the users who should have access to the statistics to this group.
Installation
Run the installer.
If desired, the installation path can be selected. The default installation path is
%programfiles%\axes4 AD Licensing Statistics Server
Defining the LogOn account
After installation, set the LogOn account for the axes4 AD Licensing Statistics Server service to the service account that you created under Creating the service account.
Certificate authorizations for the service account
Give the service account full permissions for the server certificate.
To do this, open the certificate management, right-click on the server certificate and select All Tasks > Manage Private Keys...
Manage Private Keys...'"
Give the service account full control for the private key of this certificate.
Configuration of the server
The server is configured via the appsettings.json file, which is located in the installation path after installation.
Certificate
The server Certificate must be configured in the Certificate key of the json file. As a rule, only the subject needs to be adjusted so that it corresponds to the Issued to entry of the certificate.
"Certificate": {
"Subject": "<YourCertificateSubject>",
"Store": "My",
"Location": "LocalMachine",
"AllowInvalid": "false"
}
Port
The server runs on port 29375 by default. If desired, this can be adjusted in the Url key.
Please note that the port must be open on the firewall.
"Url": "https://*:<YourPort>"
AD group for UI access
Enter the name of the AD admin group in the AdminADGroupName key:
"AdminADGroupName": "<YourADGroupName>"
Configuration of the user interface
The UI is configured via the app.config file, which is located in the wwwroot folder in the installation path. Adapt the apiBaseUri entry for your environment. for your environment.
{
"apiBaseUri": "https://<hostname>:<port>"
}
Setting up the Service Principal Name (SPN)
An SPN must be set up so that authentication in the UI works smoothly.
To do this, start an admin console and execute the following commands:
setspn -A HTTP/<hostname, fqdn-format> <service-account>
setspn -A HTTP/<hostname, NetBIOS-format> <service-account>
This allows you to check the settings (shown with example values):
setspn -L <service_account>
Registered ServicePrincipalNames for CN=Service
Account,CN=Users,DC=ADLicensing,DC=com:
HTTP/domainlicensing
HTTP/domainlicensing.adlicensing.com
Operation
After configuration, the user interface can be called up in a browser at https://<hostname>:<port>. Log in with an account that is included in the AD admin group.
Logfile
The log file of the AD statistics server is located in the local AppData path of the service account.
C:\Users\<service-account>\AppData\Local\axes4\ActiveDirectoryLicensingStatisticsServer
Database
The data is stored in an SQLite database. This is located in the same path as the log files.
C:\Users\<Service Account Name>\AppData\Local\axes4\ActiveDirectoryLicensingStatisticsServer
Configuration of the clients
In order for the clients to know where the statistics should be sent to, a registry value must be set to one of the following keys (with descending priority during processing):
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\axes4\Licensing\Manager
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\axes4\Licensing\Manager
Computer\HKEY_CURRENT_USER\Software\Policies\axes4\Licensing\Manager
Computer\HKEY_CURRENT_USER\Software\axes4\Licensing\Manager
Within these keys, the license manager searches for a string value with the name ActiveDirectoryLicensingStatisticBaseUri. The value of the entry must be the URL of the statistics server including the correct port.