1656207 Views  Updated: 2023-04-27 ? Created: 2018-12-10 
dv: 
Sentinel LDK ^Co[W 8.21 ȍ~ɃAbvO[hƁA SL-AdminMode  SL-Legacy CZXVSȃXg[WɈڍs܂B 
̖肪ƁA^CȑÕo[WɃ_EO[h邱Ƃ͂ł܂B 
^C_EO[hƁA SL-AdminMode  SL-Legacy CZXɂȂ܂B


Sentinel LDK Run-time Environment Installer GUI for Windows: Readme
Version 9.12
̃hLgł́AT|[gĂIy[eBO VXeA@\gAm̖̌݊AꂽȂǁASentinel LDK  Sentinel HASP ̃^CCXg[[ GUI Ɋւ񋟂܂B
Operating Systems Supported
x86 and x64 versions of the following;

>Windows Server 2016
>Windows Server 2019
>Windows Server IoT 2019
>Windows Server 2022
>Windows Server IoT 2022
>Windows 10 IoT Enterprise 2019 LTSC
>Windows 10 IoT Enterprise 2021 LTSC
>Windows 10 22H2
>Windows 11 22H2
>Windows 11 ARM 22H2
: Windows Insider Preview rh̓T|[gĂ܂B

̃ZNVɋLڂĂIy[eBO VXẽo[ẂAThales ɂăeXgASentinel LDK ƊSȌ݊邱ƂmF܂B 
݊ƃZLeB̗RA^Xł́AŐV̏CƃT[rX pbNKpăIy[eBO VXeɍŐV̏ԂɕۂƂ߂܂B

CXg[[́A֘AhCo[CXg[OɁAsɃIy[eBO VXẽo[Wo܂B

Virtual Environments Supported
T|[gĂ鉼z̃XgɂẮAwSentinel LDK Release Notes for EMSx܂́wSentinel LDK Release Notes for Sentinel LDK-EMSx́uT|[gGh [U[̃vbgtH[vQƂĂB


Installation and Upgrade
̃ZNVł́A^CCXg[܂̓AbvO[h@ɂĐ܂B
 ̏󋵂z肵܂B

>ڋq̃}VɃ^CCXg[܂̓AbvO[hĂ܂B
>֘Aob` R[h̐V SL L[̃v[Xz_[AAdmin Control Center  Sentinel Keys y[W̏㕔ɕ\ƍlĂ܂B
݂̃JX^ x_[ Cu^CCXg[[ƂƂɔzz܂B

Installing the Run-time Environment
> CXg[[ GUI ́A֘AhCo[CXg[OɁA^C̃CXg[ɃIy[eBO VXẽo[Wo܂B
>ftHgł́AWindows ̓hCo[̃CXg[Ƀ[U[ AJEg䃁bZ[W\܂B
 CXg[𑱍sɂ́A[U[́usvNbNKv܂B
 邢́A[U[̓Iy[eBO VXẽRg[ plftHgݒύXł܂B
>CXg[vZX̃Ot@ĆAWindows fBNg aksdrvsetup.log ɏ܂܂B

Upgrading the Run-time Environment
CXg[[ GUI gpă^CAbvO[hꍇ́ÂƂmFĂB

>̎sCXg[[̓ANeBuł͂܂B
>̃^CR|[lg̓ANeBuł͂܂B
 CXg[ vÓA^CɃANZXĂAvP[VI܂As̃T[rX͏I܂B
 Ƃ΁ASentinel License Manager T[rXƂĎsĂꍇ́A^CAbvO[hOɃT[rX~Kv܂B

Installing Run-time Environment With or Without Legacy Drivers
Windows vbgtH[ł́ASentinel LDK ^C (RTE) ́AȉŐvɉāAKV[ hCo[̗Lɂ炸AIɃCXg[܂B

>KV[hCo[Ȃ
RTE V}VɃCXg[ꍇAftHgł́ACXg[ɂ̓KV[ hCo[͊܂܂܂B 
ɂARTE ̍ł肵\񋟂܂B 
lɁAKV[ hCo[ȑOɃCXg[ĂȂ}V RTE AbvO[hꍇACXg[ɂ̓KV[ hCo[͊܂܂܂B

>KV[hCo[gpꍇ
ȑOɃKV[ hCo[CXg[Ă}V (Ƃ΁ARTE 8.15 ȑOCXg[Ăꍇ)  RTE AbvO[hƁACXg[[͂̃hCo[ێ܂̓AbvO[h܂B 
ɂA̕ی삳ꂽAvP[VƂ̌݊mۂ܂B

Kvɉ (Ƃ΁AȉŐ󋵂̂ꂩ݂邱Ƃ킩Ăꍇ)AV}VɃKV[ hCo[gp RTE IɃCXg[IvV܂B 
́ARTE R}hC CXg[[ (haspdinst.exe) gpĂ̂ݎsł܂B

ȉ̏󋵂ł́AKV[ hCo[KvɂȂ܂B
>AvP[V Sentinel LDK Envelope o[W 6.x ȑOgpĕی삳ĂAAvP[Vo[W 1 f[^ t@Cی샂[hgpăf[^ÍĂꍇB 
̏ꍇA] aksdf.sys hCo[KvłB

>AvP[Vn[hbN p |[g L[gpăCZXF؂ĂꍇA܂͔ɌÂn[hbN Cu܂ރn[hbN USB L[gpĂꍇB 
̂悤ȏꍇA]̃n[hbN hCo[KvłB
 n[hbN hCo[́ARTE 8.41 ȍ~ł̓T|[gĂ܂B AvP[VɃn[hbN hCo[Kvȏꍇ́ARTE 8.31 ȑOCXg[Kv܂B


Allowing Incoming Connections From Public Networks Using Port 1947
^CCXg[[́A|[g 1947 gpvCx[g lbg[N̎MڑuSentinel License ManagervƂÕt@CAEH[ [ǉ܂B
̃|[ggpăpubN lbg[ÑANZX蓮ŋ邱Ƃł܂A^Xł͂܂B
|[g 1947 gppubN lbg[N̎Mڑ\肪ꍇ́A RTE AbvO[hɂẴANZX폜Ȃ悤ɁAʂ̖Õ[쐬܂B


Issues Related to Device Guard and Code Integrity Policies
Windows ňӂ̂AvP[Vی삷邱܂ł̏]̕@́AECX΍܂͂̑̃ZLeB \[VɂăubNȂAAvP[VM邱ƂłB 
Windows 10 Enterprise ŗp\ Device Guard ́AIy[eBO VXeƂɂďFꂽAvP[V݂̂M铮샂[h܂B 
̐MłAvP[Vw肷ɂ́AR[h|V[쐬܂B

ubNKv\tgEFÁuVOl`ṽXgɍXVčU҂ɐ񂶂悤Ƃ̂ł͂ȂAs\tgEFÃzCgXg (\\ȃR[h|V[) ێ邱Ƃł܂B 
̃Av[`ł́AoC foCX̃Iy[eBO VXeł悭mĂ Trust-Nothing fgp܂B

R[h̐ɂāAʏ͐Mł鏐҂̂̂ƂĎʂꂽfW^ɂČ؂ꂽR[ĥ݂s܂B 
ɂAJ[l [hƃ[U[ [h̗ŁAꂽR[hSɐł܂B

R[h̐ɂ́A 2 ̎vȃR|[lg܂܂܂B
>J[l [h R[h̐ (KMCI)
>[U[ [h R[h̐ (UMCI)

̃ZNVł́AGh [U[ TCg̃}V Device Guard LɂȂĂAR[h|V[uv[hɐݒ肳ĂꍇɔƂ̉ɂĐ܂B
 ̃hLgŐĂ菇́ADevice Guard уR[h|V[ɐʂ IT ƂɂĎsKv܂B

Issue 1: Windows blocks the installation of the Run-time Environment
Rs[^ւ̃^C̃CXg[ɁAWindows ͎̂悤ȃbZ[W\܂BugD Device Guard gpẴAvubN܂BڍׂɂẮAT|[gS҂ɂ₢킹Bv
Solution:
Device Guard [h (PcaCertificate x̃R[h`FbN𗘗p) ŗLɂȂĂ}VɃ^CCXg[ɂ́A|V[ t@C̏҃Xg DigiCert XgĂ邩ǉĂ邱ƂmFĂB
R[h|V[쐬OɁAS[f Rs[^̒ԏؖ@ (ICA) XgA̐Mł郊Xg DigiCert ԏؖC|[g܂B
Digicert ԏؖ́Ahttps://aboutssl.org/digicert-trusted-root-authority-certificates/#intermediates ł܂B [ԏؖ] ŁADigiCert EV R[h CA (SHA2) ؖă_E[h܂B ̒ԏؖMł\[X擾邱Ƃł܂B

To add the DigiCert Root Certificate:
1.S[f Rs[^ɏؖ_E[hAؖt@C_uNbN܂B 
  mؖn_CAO{bNX\܂B
2.uؖ̃CXg[vNbN܂B 
  ؖCXg[ EBU[hɏ]āȀؖ ICA XgAւ̃C|[g܂B

3.V|V[܂͍XVꂽ|V[쐬菇s܂B 
  ɂADevice Guard LɂȂĂ}V Sentinel \tgEFAȂCXg[ł悤ɂȂ܂B

s̃CXg[JԂ܂B

Issue 2: Protected application does not operate at the customer site
(LDK-17267)) SL L[ŕی삳ꂽAvP[VzzꍇÃAvP[VɕKvȃJX^}CYꂽx_[ Cu (haspvlib_vendorID.*) ͏܂B 
̌ʁADevice Guard ͌ڋqTCgł̃\tgEFA̓܂B

Workaround A
̉͌ڋqTCgŎsKv܂B
R[h|V[ɃJX^}CYꂽx_[ Cu t@C̗Oǉɂ́A̎菇s܂B

1.Ǘғ[h Windows PowerShell gpāAÕ|V[쐬܂B
2.O[v |V[ GfB^gpāA|V[ t@CWJ܂B

̊e菇ɂẮAȉŐ܂B
ڍׂɂẮAhttps://technet.microsoft.com/en-us/itpro/windows/keep-secure/deploy-code-integrity-policies-steps?f=255&MSPPError=-2147217396 QƂĂB

To create the policy for the exception:
1.PowerShell i[hŊJ܂B
2.R}hsāAč[hŃ|V[ (ȉAP1 ƌĂт܂) 쐬܂B
3.̃|V[WJ܂B
4.ی삳ꂽAvP[Vʏǂ葀삵܂B
5.Cxg Oč擾ʂ̃|V[ (P2 ƌĂ΂) 쐬܂B
 ̃XebvɐiޑOɁA|V[ P2 𒍈Ӑ[mFĂB 
   ̃|V[ɂ́Aی삳ꂽAvP[V̑쒆ɃVXeŎgpꂽׂẴoCiɊւ񂪊܂܂Ă܂B 
   ̊ԂɎsꂽsvȃAvP[Vׂ͂ă|V[ɋL^܂B 
   폜ȂꍇÂ悤ȃAvP[V͐MłoCiƂĈ܂B
6.|V[ P1  P2 }[W܂B
7.č[h𖳌ɂ܂B
8.}[Wꂽ|V[WJ܂B

To deploy the policy file:
1. GPEdit.msc sāAO[v |V[ GfB^[J܂B
2.uRs[^[̍\\Ǘpev[g\VXe\Device GuardvɈړ܂B
3.uR[h|V[̓WJvI܂B 
   Lō쐬֘A|V[ t@Cւ̃pXgpāA̐ݒLɂ܂B

Issue 3: Vendor Tools fail to load
(SM-907) Sentinel LDK x_[ c[̃[hɎs܂B 
DLLALIBACOMA܂ EXE t@C Windows Ŏs悤ɐ݌vĂȂƁA܂ DLL ɃG[܂܂Ă邱ƂG[ bZ[W\܂B

Workaround A
R[h|V[ t@C Sentinel LDK x_[ c[̃|V[ǉɂ́A̎菇s܂B

1.Windows PowerShell Ǘғ[hŎgpāAx_[ c[̃|V[쐬܂B
2.O[v |V[ GfB^gpāA|V[ t@CWJ܂B
̊e菇ɂẮAȉŐ܂B 
ڍׂɂẮAhttps://technet.microsoft.com/en-us/itpro/windows/keep-secure/deploy-code-integrity-policies-steps?f=255&MSPPError=-2147217396 QƂĂB

To create the policy for the Vendor Tools:
1.PowerShell i[hŊJ܂B
2.R}hsāAč[hŃ|V[ (ȉAP1 ƌĂт܂) 쐬܂B
3.̃|V[WJ܂B
4.TCgŕKvƂȂ邷ׂẴx_[ c[sÃc[ŕKvƂȂ邷ׂĂ̋@\s܂B 
  Kvȃx_[ c[܂̓x_[ c[֐sĂꍇAKvȃGg͐VR[h|V[ɒǉꂸÃc[܂͊֐ŏIIɎgpƂɃG[ bZ[W܂B
5.Cxg Oč擾ʂ̃|V[ (P2 ƌĂ΂) 쐬܂B
 ̃XebvɐiޑOɁA|V[ P2 𒍈Ӑ[mFĂB 
   ̃|V[ɂ́Ax_[ c[̑쒆ɃVXeŎgpꂽׂẴoCiɊւ񂪊܂܂Ă܂B 
   ̊ԂɎsꂽsvȃAvP[Vׂ͂ă|V[ɋL^܂B 
   폜ȂꍇÂ悤ȃAvP[V͐MłoCiƂĈ܂B
6.|V[ P1  P2 }[W܂B
7.č[h𖳌ɂ܂B
8.}[Wꂽ|V[WJ܂B

To deploy the policy file:
1. GPEdit.msc sāAO[v |V[ GfB^[J܂B
2.uRs[^[̍\\Ǘpev[g\VXe\Device GuardvɈړ܂B
3.uR[h|V[̓WJvI܂B 
   Lō쐬֘A|V[ t@Cւ̃pXgpāA̐ݒLɂ܂B

Issue 4: Digital signature removed from the RTE Installer
(SM-18780) [U[ Sentinel LDK }X^[ EBU[hgpă^CCXg[[쐬ƁAfW^CXg[[폜܂B 
̌ʁADevice Guard  RTE CXg[[̎subN܂B
x_[CXg[[ EXE t@CƂă_E[hďꍇADevice Guard ̓CXg[[̎s܂Ahaspdinst.exe ɂČĂяo鏐ĂȂ DLL t@CŃCXg[͎s܂B

Workaround A
ȉ̎菇sĂB
1.Thales Web TCg̎ URL 烉^CCXg[[_E[h܂B
https://cpl.thalesgroup.com/software-monetization/sentinel-drivers
2._E[hCXg[[gpāAsCXg[܂B
3.x_[ Cu (haspvlib_vendorID.*) ̃Rs[ %CommonProgramFiles(x86)%\Aladdin Shared\HASP\ ɔzu܂B
(32 rbg }Vł́Ax_[ Cu %CommonProgramFiles%\Aladdin Shared\HASP\ ɔzu܂)
Sentinel EMS ܂ Sentinel LDK-EMS gpɂ́A̒ǉ菇ɐi݂܂B
4.Web uEUŎ̂悤ɓ͂āAAdmin Control Center N܂: http://localhost:1947
5. [lbg[Nݒ̍\] y[W [EMS URL] tB[hɁASentinel EMS ܂ Sentinel LDK-EMS T[rXɃANZX邽߂ URL ͂܂B
6.uMvNbN܂B
7.KvɉāASentinel EMS ܂ Sentinel LDK-EMS ̎gpɐi݂܂B

Workaround B
LIssue 2܂Issue 3̉pB


Enhancements and Issues Resolved in This Release
̃[Xŉꂽ@\Ɩ_
Enhancements in Version 9.12
SM-137293
 Sentinel LDK ^Cƕی삳ꂽAvP[V͗Ƃ Windows 11 ARM 22H2 ŃT|[gĂ܂B
SM-137232
 ZbV̍őACh ^CAEg 72 Ԃɑ܂B
SM-134021
 Sentinel Admin API ւ̃ANZX𐧌ł悤ɂȂA[J lbg[Ñ[U[݂̂pł悤ɂȂ܂B 
 ́At@CAEH[ [gpċł܂B 
 Ǘ҃x̃NGXǵÃ|[g܂̓lbg[N C^[tFCX (邢̗͂) ł̂݋܂B
SM-105690
 License Manager ́AV Sentinel Licensing REST API T|[g悤ɂȂ܂B
SM-104883
 CZX }l[W[́ASL L[̎Xe[^XNA邽߂ V2C t@C󂯓悤ɂȂ܂B

Issues Resolved in Version 9.12
SM-134020
 ̏󋵉ł́AUDP pPbg\܂B u[hLXgł́AUDP pPbg̑邽߂ UDP M𕡐JԂ悤ɂȂ܂B
SM-136775
 License Manager ́A2,000 𒴂NCAg LM ID ǐՂł܂łB 
 ɂAT[o[̊ǗRg[ Z^[ y[WŐ؂藣ꂽCZXꗗ\ƂɁA񂪕sSɂȂ\܂B
 2,000 LM ʎq̐ȂȂ܂B
SM-139869
 ȑÓAACC ŃvLV\ĂꍇA[J lbg[N DNS łȂꍇłALM  DNS ݂̉Ă܂B 
 ɂڑQ܂B 
 ݁AACC ŃvLV`ĂꍇALM  DNS 悤ƂȂȂ܂B 
 ɁAvLV DNS ł悤ɂ܂B
 SM-139963
 x_[`ĂȂCZXV[g؂藣ꂽꍇAH2R t@C̃x_[tB[hɖȏ񂪊܂܂Ă܂B
SM-140200
 NCAg ID ̃L[ ID Œ`ĂAXR[v̓̃L[ ID gp admin_get ĂяoꂽꍇASentinel Admin API ̓NCAg ID 擾ł܂łB
SM-141007
 ZbV [U[Ɂu&v܂܂ĂꍇAGetInfo ֐ XML \̒lwǂɕ񍐂A XML t@CɂȂ܂B 
 Ⴆ΁F
 <session username="G&D" />
 ݁A XML GeBeBƂĕ񍐂܂B 
 Ⴆ΁F
 <session username="G&amp;D" />