To top
Support & Downloads Support & Downloads

Frequently Asked Questions




    If you would like to start or activate the Usage Period of a license by using the CodeMeter Core-API, it is not sufficient to simply run a CmAccess2 on the corresponding license entry.

    CmCrypt2 is required for this. This is because the encryption/decryption is carried out on the CmContainer, which finally starts the Usage Period.


    Further information about CmCrypt2 can be found in the CodeMeter Core-API Help or in the CodeMeter API Guide.


    To use a WibuBox or a CmDongle on a system as a network server or via the network, a "standard" operating system (Windows, Linux, macOs or similar) is required.

    However, since NAS devices usually use their own operating system or have been adapted for NAS operation, it is most often not possible to use it here.


    To create a CmDust.log, depending on your operating system, please proceed as follows:



    1. Connect CmDongle. This step is omitted if using CmActLicense.

    2. Open CmDust using the "Start | All Programs | CodeMeter | Tools" menu item.

    The output of the executed program is written to the text file CmDust-Result.log and saved to the user directory which automatically opens when starting CmDust.

    Alternatively, you are able to use the commandline application cmu32 to create a log file.

    3. Send this file for analyzing to .



    For macOS, you create the CmDust file using the cmu commandline program. Calling cmu is stored in the search path. To create a CmDust log, please proceed as follows:

    1. Open the commandline/terminal

    2. Type in the following command cmu --cmdust.

    Using the option --file allows you to specify a name and the storage location. -->cmu --cmdust --file CmDust.log

    By default, the file displays in the screen console.

    3. Send this file for analyzing to


    Linux, Sun

    For the operating systems Linux and Sun you create the CmDust file using the cmu commandline program. Calling cmu is stored in the search path.

    1. Open the commandline/terminal

    2. Type in the following command cmu --cmdust.

    Using the option --file allows you to specify a name and the storage location. -->cmu --cmdust --file CmDust.log

    By default, the file displays in the screen console.

    3. Send this file for analyzing to


    No confidential information is transferred to Wibu-Systems. You are able to check the information saved in the CmDust-Result.log, they are saved in plain text.


    You are able to import the file using the "cmu" commandline tool.


    Copy the file to the system and import the file using the following command:

    cmu -i -f<location and name of the file>, for example, cmu -i -f CmFirm.wbc.


    The tool is stored in the system's serach path and issues a message n successful import.


    The file import using "cmu(32)" also works on Windows and macOS.


    If the CodeMeter service (CodeMeter.exe) stops automatically after a few minutes, this indicates that the self-diagnosis of CodeMeter strikes because a process attached to CodeMeter is detected. For example a debugger. The self-diagnosis then evaluates the process as debugger and terminates CodeMeter automatically.


    This often happens when a virus scanner using a kind of 'DeepGuard Scan' or other monitoring tools is used. These DeepGuard scans attach themselves to executables to monitor them. This triggers the automatic shutdown of CodeMeter.exe for self-protection.

    Usually, it is sufficient to enter CodeMeter.exe as exception for your virus scanner to avoid the problem.


    Starting with CodeMeter version 6.90 CodeMeter reads out all existing Active Directory groups and users when CodeMeter is started. This cache is then regularly updated.

    This interval is defined in profiling. You can set this interval to 1-1440 minutes or set it to a value of 0 to disable the queries completely.

    To do this, proceed as follows depending on the operating system:



    1. Press the Win+R keys.

    2. Enter 'regedit' and confirm with Enter

    3. Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\WIBU-SYSTEMS\CodeMeter\Server\AccessControl

    4. Adjust the value of ActiveDirectoryUpdateInterval to the desired value

    Note: If the value does not yet exist, you must first create it with the DWORD type.


    Linux / macOS

    Using Linux/macOS, profiling is configured via the Server.ini file.

    Linux: /etc/wibu/CodeMeter/Server.ini

    macOS: /Library/Preferences/com.wibu.CodeMeter.Server.ini

    1. Stop the CodeMeter service.

    2. Open the Server.ini file and find section [AccessControl].

    3. Insert/adapt the desired value.


    4. Save the Server.ini file.

    5. Restart the CodeMeter service.


    - Open CodeMeter Webadmin.

    - Navigate to "Container | FSB | Licenses | 99 Firm Security Box Item".


    Overview of the FSB entries:


    Firm Code: 99 "Firm Security Box Item

    Product code: X

    (X = your Firm Code)


    Billing entries (depending on the Firm Code-Type entries will differ) - displayed as in WebAdmin:

    X "Company Name" (FA) per CmContainer: A transaction is deducted as soon as the Firm Code is added

    X "Company Name" (PaPu) Per transaction: A transaction is deducted as soon as a Product Item is changed or added



    X "Company Name" (Enc Only) for encryption only

    X "Company Name" (Trial) Release for programming trial licenses (NoneBind CmActLicense with max. 90 days usage period)

    X "Company Name" (Protection Only) Release for programming of NoneBind/Protection only licenses (no 90 days limitation)

    X "Company Name" (Others) Internal information (authorizations etc.)

    X "Company Name" (SER) only CmAct 5xxxxxx - Internal information for calculating the serial number for CmActLicenses (automatically filled in when transactions (PaPu/FA) are purchased)

    - if the SER entry is set to 0 once, but there are still transactions, please contact the sales department


    => With the exception of the "SER" entry, these have only an Expiration Time, but no Unit Counters


    When using Universal Firm Codes, the corresponding entries (FA/PaPu/Trial/PO) can be found under FC102688:

    Navigate to "Container | FSB | Licenses | 102688 WIBU-SYSTEMS AG - Licensing".


    Here the licenses are listed as follows:

    1 Per CmContainer (FA)

    2 Per transaction (PaPu)

    3 (Trial) Release for programming of trial licenses (NoneBind with max. 90 days duration)

    4 (Protection Only) Release for programming NoneBind/Protection only licenses (no 90-day limit)

    5 Unlimited

    1000000 Billing entry for the Test Firm Code 6000010


    Here is a screenshot of how this might look like:


    To create a Context File (*.WibumRaC), proceed as follows:


    With graphical user interface:

    1. Open CodeMeter Control Center.

    2. Select on the left side the license from which you want to create the Context File.

    3. Click the "License Update" button.

    4. The CmFAS Wizard should now open. Click the "Next" button.

    5. Select the first option "Generate license request" and click the "Next" button.

    If it is a software-based license, you only have to select where the *.WibumRaC file

    should be saved.

    Otherwise continue with step 6.

    6. Select the first option "Extend existing license" and click the button "Next".

    7. Select the corresponding software manufacturer, or if you are not sure, simply all. Click the "Next" button.

    8. Select the file location.


    Without graphical user interface:



    1. Navigate 'cd' to the command line tool 'cmu32'. It locates at:

    for 32 bit: C:\Program Files\CodeMeter\Runtime\bin

    for 64 bit: C:\Program Files (x86)\CodeMeter\Runtime\bin

    2. Use the following command to create the context file:

    cmu32 --context <Firm Code> --serial <Serial number of the CmContainer/License> --file C:\Path\to the\targetFile.WibuCmRaC

    e.g.: cmu32 --context 10 --serial 2-1234567 --file C:\temp\context.WibuCmRaC


    Linux, macOS

    1. The command line tool 'cmu' should already be available in the terminal with a CodeMeter Runtime installation.

    2. Use the following command to create the context file:

    cmu --context <Firm Code> --serial <Serial number of the CmContainer/license> --file /Path/to/target.WibuCmRaC

    e.g.: cmu --context 10 --serial 2-1234567 --file /temp/context.WibuCmRaC


    To decrement the Unit Counter of a license entry, a handle to the license entry is required first. This can be achieved with the CmAccess2 function.

    With the help of the handle then an encryption uing CmCrypt2 can be accomplished. In the BaseCrypt structure it can then be specified as part of the EncryptionCodeOptions by how many units the Unit Counter should be reduced, e.g. cmBaseCrypt.EncryptionCodeOptions |= 1;

    Note: a maximum of 9999 units can be reduced at once.


    Additionally using the EncryptionCodeOption it can be configured that CmCrypt2:

     - makes sure that a Unit Counter is present and that it has a value > 0

     - checks if a Unit Counter is present and if it is present, that it has a value > 0

     - ignores if a Unit Counter is present at all e.g. cmBaseCrypt.EncryptionCodeOptions |= (uint) CmBaseCrypt.EncCodeOption.UnitCounterCheck;


    Sample code for general use of CmCrypt2 can be found in the CmCalculator sample at:




    Additional information about the API functions can also be found in the CodeMeter Core API help at:

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeMeter\Documentation |Core API Help


    There exist different Firm Codes for different CmContainer types.

    1. = CmDongle Firm Code, only importable into CmDongles (Hardware)

    2. = CmActLicense Firm Code, only valid as CmActLicenses (software)

    3. = Universal Firm Code for CmDongle, CmActLicenses, and CmCloud


    The Universal Firm Code was introduced, among other things, to avoid that our customers need different Firm Codes for the different types of CmContainers. Therefore only a single Firm Code has to be queried in the protected application.

    Furthermore, the Universal Firm Code supports some new features that are not supported by the other two Firm Code types. These are among others: License Transfer, Module Items, Blurry Box, and Universal Data.


    The Generic Programming Sequence (GPS) allows to prepare a programming sequence into which any data can be inserted at runtime.

    With this sequence any application can write data into data fields of a license without access to a Firm Security Box (FSB). This works for the following data fields:

    - Extended Protected Data

    - Hidden Data

    - Secret Data


    For this a tool (GenericPgmSequence.exe) exists for creating sample code for a special field of a license. This contains:

    - the required API calls of the CodeMeter Core API for the programming sequence

    to use.

    - a specific header and trailer that only works for that entry.

    Header and trailer are always specific to the combination of:

    Firm Code, Product Code, Data Field Type, Data Field Extended Type (page).

    For the calculation of the specific headers and trailers an FSB is needed once.

    You can then integrate this in your application and use it as often as you like.


    For preparation, you must first create the entry for which the sequence is to be created. Here it is important that the entry is programmed without dependencies.

    An example command line: cmboxpgm -qb1 -f10 -p123 -phd1:0x1234,none -ca

    This creates a Product Item 123 for Firm Code 10 with a Hidden Data field with Extended Type 1 and no dependencies.

    More details on programming licenses with CmBoxPgm can be found in the Developer's Guide: "Programming CmContainers and Licensing Management | CmBoxPgm".


    You can then generate the sample code. Templates next to the tool are used for this. You can specify them with /i, by default 'c++.txt' is used.


    GenericPgmSequence.exe [options]

    /F<firmcode> -- FirmCode

    /P<ProductCode> -- ProductCode

    /T<ExtendedType> -- ExtendedType

    /D[E|H|S |U] -- Type of Data (<E>xtendedProtectedData, <H>iddenData, <S>ecretData, <U>serData)


    For Universal Firm Codes, this type of programming is supported for Runtime versions 6.50 and higher and Firmware versions 4.0 and higher.


    Enclosed find a C# example that shows you how to use the 'getTicket()' method from the WSTicket web service.


    Experience shows that in many cases the use of 'getSingleTicket()' is sufficient.


    Especially for Linux systems without graphical user interface, it is necessary to configure CodeMeter runtime settings directly in the Server.ini file of CodeMeter.


    To make corresponding changes in the Server.ini file, please proceed as follows:


    1. Stop the CodeMeter daemon using the command line:

    sudo systemctl stop codemeter.service

    2. Edit the Server.ini file:


    3. Create or change the entry in the corresponding section; e.g. IsNetworkServer = 1

    4. Save the Server.ini file

    5. Start the CodeMeter daemon using the command line:

    sudo systemctl start codemeter.service


    This error usually occurs when initializing the programming engine of the CodeMeter Programming API (HIP).

    This is because required DLLs are missing or the DLLs used are not compatible with each other, e.g. with different versions.


    To run a .NET programming API assembly successfully, 3 DLLs with exactly the same version are required:

    1) The WibuCmHipApiNet.dll from C:\Program Files (x86)\CodeMeter\DevKit\HipApi\C#. This is referenced in your program and copied to the release directory by default.

    2) The WibuCmHipApiInternalNet32.dll. You can find this wrapper DLLl with CodeMeter SDK installed under C:\Program Files (x86)\CodeMeter\DevKit\HipApi\C#. It is best to copy this DLL into the release directory as well.

    3) Finally, WibuCmHipApi32.dll (C++) is required. This is already in the search path under C:\Program Files (x86)\CodeMeter\DevKit\bin and therefore does not have to be copied.


    Please check these DLLs and all other DLLs used for version equality, e.g. by right-clicking on "Properties | Details | File version".


    Please also note that you have to create your program with x86, because the .NET Progammier HIP-DLLs are only available in 32-bit.

    An application created with x64 or created with Any CPU and running on a 64-bit system is currently not supported.


    To start the daemon manually, please proceed as follows:

    1. Open a terminal (Finder | Applications | Utilities | Terminal)

    2. Enter the command cd /Library/LaunchDaemons/

    3. Enter command sudo launchctl load -w com.wibu.CodeMeter.Server.plist

    4. Enter the password of the user account

    Open CodeMeter Control Center to check whether the 'Stop Service' button is displayed.


    In certain scenarios, it may be necessary to open several handles at once. For example, if you start several threads and want to allocate one license per thread.


    Since CodeMeter version 6.20 it is possible to open several handles with one function call with CmAccess2(). For this you can use the following code:

    CMACCESS2 cmAcc;

    cmAcc.mflCtrl |= CM_ACCESS_USERLIMIT;

    cmAcc.mulLicenseQuantity = 5; //Number of handles to open

    cmAcc.mulUsedRuntimeVersion = CM_SET_VERSION(6, 20, 0);

    hcmse = CmAccess2(CM_ACCESS_LOCAL, &cmAcc);


    Please note that there will be an error "CMERROR_NO_MORE_LICENSES" if there are not enough free licenses available. Further information can be found in the CodeMeter Core API Help under CmAccess2.


    To program the Firm Access Counter (FAC) using CodeMeter License Editor, you must first create a Context File (*.WibuCmRaC) of the affected CmContainer and Firm Code.

    As always, your Firm Security Box (FSB) and a valid CmFirm.wbc file are required.


    Please proceed as follows:

    1. Open CodeMeter License Editor (Start - CodeMeter - CodeMeter License Editor).

    2. Select in menu "File" - "Open context file".

    3. Select the context file (*.WibuCmRaC).

    4. Open the serial number of the CmContainer in the display tree. Your Firm Code is listed.

    5. Select the desired Firm Code and open the context menu with the right mouse button.

    6. Select "Change item". A dialogue box "Update Firm Item" opens. In this context menu you can now set the FAC to any value, e.g. 1.

    7. Click on "Execute". Then you will find the Update File (*.WibuCmRaU) and a Modified Context File (*.WibuCmRaM) in the directory where the *.WibuCmRaC is located.

    8. Import the Update File (*.WibuCmRaU) into the CmContainer.


    Enclosed you will find sample code for reading HiddenData, which you can apply and test in the CmDemo example.

    There you replace the function MyCode() and run the code via Run MyCode.


    This example code consists of 2 parts:


    Part 1:

    Here you first calculate the PioCoreKey for your license in an internal application in your company.

    - To calculate the "PioCoreKey", use the function "CmCalculatePioCoreKey()".

    This calculation requires access to your FSB.

    - Enter the Hidden Data Access Code of the corresponding Hiddata Data Index, which is used to encrypt the data.

    - Now use the calculated PioCoreKey to calculate a key pair of PioEncryptionKey and PioDataKey.

    For the PioEncryptionKey, you can use random values of 16 bytes or determine a value yourself.

    - With the function "CmGetPioDataKey ()" you then get the PioDataKey with the specified PioCoreKey and PioEncryptionKey.


    Since only you have a Firm Security Box (FSB) and since you should not release the PioCoreKey, all this happens in an internal application that you do not give to your customer.


    Part 2

    This part now happens completely in your application that you send to the customer.

    - Here you use the previously created PioEncryptionKey and PioDataKey key pairs to read the Hidden Data.

    - First you use the function CmGetSecureData() and the PioEncryptionKey to retrieve the Hidden Data from the CmContainer.

    - Then you only have to decrypt this data with the function CmDecryptPioData() and the PioDataKey.


    The COLI is a so-called "Pseudo Product Item Option (PIO)". This means that this PIO does not have its own place in the structure of a license, but is encoded in data fields of the license.

    The COLI is programmed as an Extended Protected Data field with Extended Type 250. This means that to read out the COLIs the Extended Protected Data field must be read out with Extended Type 250. This is coded as a UTF-8 string.


    An example of how this can be done can be found in the CmDemo sample that is installed with the Windows CodeMeter SDK.

    You can find the sample at: C:\Users\Public\Documents\WIBU-SYSTEMS\\<Programming Language>\Special\CmDemo.

    Please take a closer look at the method "ListProductItem".


    If the CodeMeter service does not start, this could also be the case for security reasons.

    In this case, an encrypted file in the format "LicenseLock<Date+Time>.log" is stored in the CodeMeter logs directory, by default C:\ProgramData\CodeMeter\Logs.

    The presence of a LicenseLock file with a suitable timestamp itself indicates that the CodeMeter service could not be started for security reasons and thus excludes other causes.

    You can also send us the encrypted LicenseLock file to determine the exact cause of the detected security violation.


    The LicenseLock-*.log file

    The file LicenseLock-*.log is created, if the Firm Access Counter (FAC) has been modified according to AxProtector encryption settings and the Firm Access Counter has reached a value of 0.

    The LicenseLock file is also created if "CodeMeter.exe" detect a " reverse engineering kernel debugger driver" is found on the PC, which cause CodeMeter.exe to terminate itself.

    The information is saved on a case-by-case basis and not appended to a single file. By default, the log file is written on Windows into the directory C:\ProgramData\CodeMeter\Logs , on macOS into /Library/Logs/CodeMeter and on Linux into /var/log/CodeMeter.


    The name of the file follows the pattern: LicenseLock-YYYY-MM-DD-hhmmss-TimeStamp

    YYYY-MM-DD year-month-day specification.

    hhmmss current time of the machine on which the license is available.

    TimeStamp milliseconds value since Thu Jan 1 00:00:00 1970 (64-bit value without padded zeros).


    The file is partly plaintext partly encrypted.

    Wibu-Systems analyzes the encrypted information. The software vendor then is informed on the conclusions drawn from reasons and trigger for and of the locking and is able to take appropriate action.


    There exist different options to lock licenses.


    Locking a CmContainer via blacklist maintained by Wibu-Systems


    This type locks the complete CmContainer (and not only your Firm Code). This requires that you send the Serial Number of the CmContainer so that Wibu-Systems is able to add the CmContainer to the blacklist. Please note that this locking type cannot be reversed.

    The locking applies once the affected CmContainer attempts to update the certified time or the firmware. Because these are the only two cases in which a CmContainer actually tries to 'call home'. For example, if the certified time for a CmContainer is to be updated, automatically it is checked whether the Serial Number is on the blacklist. If this is the case, a locking sequence is sent to the CmContainer and not the certified time.

    Then you receive a notification when the CmContainer has been locked.

    In order to force a 'call home' once in a while from within your software, you are able to cyclical call the Core API function "CmSetCertifiedTime()". If an Internet connection is established calling this function updates the certified time. If the call fails, either currently no Internet connection is available or the enduser locates behind a proxy not part of the CodeMeter profiling.


    Also when using "CmAccess2()" calls, the API allows you to define which Minimum Firmware Version the CmContainer must have to which the access is performed. This not only keeps firmware versions in the field up-to-date but also to automatically lock all CmContainer which are on the blacklist.


    Locking a license using CodeMeter License Central


    The CodeMeter License Central navigation item "Blacklist" allows you to specify and store Serial Numbers of CmContainer to be locked. In this case, only your Firm Code in the respective CmContainer is locked. This locking type is reversible. Here the so-called "Firm Access Counter" (FAC) is set to a value of 0. If the FAC has a value of 0 a further use of licenses of this Firm Code is no longer possible.

    Via license update the FAC value can be set to a value other than 0.

    For further information on this topic including how to create an item to unlock a license see section 'Blacklist' of the separate CodeMeter License Central User Manual.


    Locking using a blacklist in your own software:


    Finally, you are able to maintain an 'internal' blacklist in your own software to be synchronized with each update of your software.

    Also in this case, the Firm Access Counter (FAC) would be set to a value of 0 to allow for a later unlocking. In order to lock a license or your Firm Code from within your software, you must first read the Serial Numbers of the CmContainer available to the system and then synchronizing it with the internally maintained blacklist. If one of those CmContainer should be on the blacklist, you must decrement the FAC using the Core API function "CmCrypt2()". A small disadvantage is that each call of "CmCrypt2()" can only decrement the FAC by a value of 1. Thus, if you want to use this type of locking, please note that when creating the own Firm Code use a smaller value for the FAC, e.g. 1 or 2.


    The error occurs because you are still missing the invoicing entry for your Universal Firm Code.

    You will receive this when you purchase your Firm Code and must activate it online.

    You will find a ticket number on the delivery note within the tabular list.

    With the help of the ticket number, you can then activate it on



    Information about the system requirements for CodeMeter Runtime Kit can be found in the "CodeMeter Runtime Data Sheet".

    This can be downloaded at from our website (see appendix).

    If you have questions about supported operating systems, please download the "Product Life Cycle" PDF from the developer page of our website. You do not need a password (