Skip to main content

Statistics for Active Directory licensing

AD licensing cannot collect statistical information by default because the Windows Active Directory does not allow this.

We therefore offer an optional component, the axes4 AD Statistics Server. This is a Windows service that starts a small web server. With the appropriate configuration, the clients send statistical data to the web server. This collects the data and displays it in its own user interface.

Screenshot of the user interface of the statistics server.

When is which data collected?

The axes4 products send statistical data to the server when they are activated. The following therefore applies:

axesWord: The statistics server shows who has installed axesWord and activated the add-in (i.e. started MS Word). The statistics server does not show how often the PDF output of axesWord has been called up.

axesSlide: The statistics server shows who has installed axesSlide and activated the add-in (i.e. started MS PowerPoint). The statistics server does not show how often the PDF output of axesSlide has been called up.

axesPDF: The statistics server shows who has installed and started axesPDF.

Clients send the following data to the server:

  • Domain name and user name
  • Device name
  • axes4 product name
  • axes4 license
  • Success status including any error information.

Requirements

System requirements

Windows Server 2016 or later. We recommend the latest version of Windows Server.

Network

The statistics server does not send any data to the internet, so it can be located behind the firewall in the intranet.

Clients that send data to the statistics server must be able to reach it in the network. The port on which the statistics server is running must be open on the firewall of the server computer. The installer automatically creates a firewall rule for the default port 29375.

Screenshot of the Windows Firewall settings. The rule 'axes4 AD Licensing Statistics Server' is highlighted.

Creating the service account

Create a managed service account in your AD, for example axes4StatServer. After installation, this account is defined as the LogOn account for the statistics server service.

Server certificate

Communication between the clients and the AD-Statistics server is encrypted. A TLS server certificate with server authentication must therefore be installed on the server computer.

Screenshot of the Windows computer certificate management. A certificate with Server Authentication is highlighted.

AD group for statistics admins

Authorization for access to the user interface of the statistics server is controlled via a freely definable AD group.

Create a group in your AD, for example axes4StatisticsAdmins, and add the users who should have access to the statistics to this group.

Installation

Run the installer.

If desired, the installation path can be selected. The default installation path is

%programfiles%\axes4 AD Licensing Statistics Server

Defining the LogOn account

After installation, set the LogOn account for the axes4 AD Licensing Statistics Server service to the service account that you created under Creating the service account.

Screenshot of the Windows service administration. The properties dialog of the 'axes4 AD Licensing Statistics Server' service is open. The field for the logon account is highlighted in the properties dialog.

Certificate authorizations for the service account

Give the service account full permissions for the server certificate.

To do this, open the certificate management, right-click on the server certificate and select All Tasks > Manage Private Keys...

alt Manage Private Keys...'"

Give the service account full control for the private key of this certificate.

Screenshot of the Windows permissions dialog. In the upper half, the service account is selected, in the lower half it is marked that it has 'Full Control' rights.

Configuration of the server

The server is configured via the appsettings.json file, which is located in the installation path after installation.

Certificate

The server Certificate must be configured in the Certificate key of the json file. As a rule, only the subject needs to be adjusted so that it corresponds to the Issued to entry of the certificate.

"Certificate": {
"Subject": "<YourCertificateSubject>",
"Store": "My",
"Location": "LocalMachine",
"AllowInvalid": "false"
}

Screenshot of the certificate information of the server certificate. The line 'Issued to:' is highlighted.

Port

The server runs on port 29375 by default. If desired, this can be adjusted in the Url key.

Please note that the port must be open on the firewall.

"Url": "https://*:<YourPort>"

AD group for UI access

Enter the name of the AD admin group in the AdminADGroupName key:

"AdminADGroupName": "<YourADGroupName>"

Configuration of the user interface

The UI is configured via the app.config file, which is located in the wwwroot folder in the installation path. Adapt the apiBaseUri entry for your environment. for your environment.

{
"apiBaseUri": "https://<hostname>:<port>"
}

Setting up the Service Principal Name (SPN)

An SPN must be set up so that authentication in the UI works smoothly.

To do this, start an admin console and execute the following commands:

setspn -A HTTP/<hostname, fqdn-format> <service-account>
setspn -A HTTP/<hostname, NetBIOS-format> <service-account>

This allows you to check the settings (shown with example values):

setspn -L <service_account>

Registered ServicePrincipalNames for CN=Service
Account,CN=Users,DC=ADLicensing,DC=com:
HTTP/domainlicensing
HTTP/domainlicensing.adlicensing.com

Operation

After configuration, the user interface can be called up in a browser at https://<hostname>:<port>. Log in with an account that is included in the AD admin group.

Logfile

The log file of the AD statistics server is located in the local AppData path of the service account.

C:\Users\<service-account>\AppData\Local\axes4\ActiveDirectoryLicensingStatisticsServer

Database

The data is stored in an SQLite database. This is located in the same path as the log files.

C:\Users\<Service Account Name>\AppData\Local\axes4\ActiveDirectoryLicensingStatisticsServer

Configuration of the clients

In order for the clients to know where the statistics should be sent to, a registry value must be set to one of the following keys (with descending priority during processing):

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\axes4\Licensing\Manager
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\axes4\Licensing\Manager
Computer\HKEY_CURRENT_USER\Software\Policies\axes4\Licensing\Manager
Computer\HKEY_CURRENT_USER\Software\axes4\Licensing\Manager

Within these keys, the license manager searches for a string value with the name ActiveDirectoryLicensingStatisticBaseUri. The value of the entry must be the URL of the statistics server including the correct port.