Open iT Denials
In many license environments, especially those using FlexNet, multiple license servers, or applications that try different feature versions, it is very common to see DENIED messages in log files that do not represent real denials the user experiences.
Open iT Core Server has a built-in mechanism that identifies these situations and reclassifies them as false-denial or false-denial-local, ensuring that License Monitor reports show only real denials that impacted users.
False Denials
A false denial occurs when a license request is logged as DENIED, but the same user successfully checks out a license shortly after.
In Open iT, a false denial is defined as a DENIED event that is closely followed by an OUT (successful checkout) within a short time window. This reclassification is enabled by default in the Core Server. The default matching windows are 5 seconds before the checkout and 2 seconds after the checkout. This allows detection even when log timestamps are slightly misaligned across servers.
Since false denials represent temporary denials with no impact to end users, they are immediately resolved and Open iT automatically excludes them from Utilization Trends denial charts, denial summaries, and real-denial statistics. This is controlled by the EventFrameDetector filter that is by default used for data types (75) License Logfile Events, (104) License Logfile Events v2.0, and (129) FlexNet Log Events.
false-denial (Forwarding between License Servers)
There are two (2) scenarios where a false-denial may occur:
- Your environment has multiple license servers for the same application
- You have license forwarding configured so requests can be redirected to another server if the local server has no available licenses
A false-denial occurs when a user requests a license from Server A, which has no available licenses and therefore logs a DENIED event, but the request is immediately forwarded to Server B, where a license is available and successfully checked out, resulting in an OUT event.
The user never experiences an actual denial—the fallback server fulfills the request immediately.
Open iT detects this by matching the same user, host, and feature, and by finding an OUT event from a different server within the configured time window. When these conditions are met, the DENIED event is reclassified as false-denial and tagged with the vendor license or license server that actually granted the license.
false-denial-local (Local Version Probing)
This type of false denial happens within the same license server. It occurs when an application is trying to get versions of a license that is not supported but eventually followed up with a request for a valid version.
3:25:13 (cameo) DENIED: "FEATURE" john_doe@example.com "v2023"(License server system does not support this version of this feature. (-25,334))
3:25:13 (cameo) DENIED: "FEATURE" john_doe@example.com "v2022"(License server system does not support this version of this feature. (-25,334))
3:25:13 (cameo) OUT: "FEATURE" john_doe@example.com
As shown above, an application may generate several DENIED entries in a row before a valid license version is found. These entries are reclassified as false-denial-local to distinguish them from real denials that prevent a user from obtaining a license.
True Denials
A true denial occurs when a user requests a license and the request cannot be fulfilled by any license server, resulting in an actual failure to obtain a license. In this situation, the DENIED event in the log file represents a true, user-impacting denial because no subsequent OUT (successful checkout) follows within the configured matching window.
True denials typically happen when all licenses for a feature are in use, the user exceeds borrowing or token limits, required feature versions are unavailable, or a license server is unreachable. Because no valid checkout occurs, Open iT does not reclassify these events—they remain marked as DENIED and appear in License Monitor reports as true denials.