<style>p { margin: 0 0 10px; }h1, h2, h3 { margin: 20px 0 10px; }h4, h5, h6 { margin: 10px 0 10px; }</style><p>A short guide on the endpoints, protocols and ports required to successfully allow licencing calls for the Halo Web Application [HaloPSA, HaloITSM, HaloCRM etc.]</p>
<style>p { margin: 0 0 10px; }h1, h2, h3 { margin: 20px 0 10px; }h4, h5, h6 { margin: 10px 0 10px; }</style><h1 id="halo-licensing">Halo Licensing</h1>
<h2 id="endpoints">Endpoints</h2>
<p>The licencing service is located at the addresses:</p>
<ul>
<li>support.nethelpdesk.com</li>
<li>licensing.haloitsm.com</li>
</ul>
<p>These addresses have the IP Set</p>
<ul>
<li>75.2.9.128/32</li>
<li>3.33.165.105/32</li>
</ul>
<h2 id="protocols">Protocols</h2>
<p>The only protocol accepted and required by the licensing service is HTTPS on port 443.</p>
<h2 id="the-halo-application-on-prem">The Halo Application On-Prem</h2>
<p>For any on-prem customer the only requirement to ensure you have a correct and up to date licence is to allow outbound traffic to these Endpoints.</p>
<h2 id="on-prem-verification-and-testing-of-access-to-our-licensing-server">On-Prem verification and testing of access to our licensing server</h2>
<p>First of all, varify that the you can access support.nethelpdesk.com in your browser. This should return a 403 error. If any other error is returned then it's clear that something is blocking access from your side. However, getting a 403 in the browser does not mean that the Halo Auth application also has access. Further testing would be necessary.</p>
<p>The next step would be trying to send a POST request using Postman from your server to <a href="https://support.nethelpdesk.com/lic/licenseCheck">https://support.nethelpdesk.com/lic/licenseCheck</a> with a request body of:</p>
<p>{}</p>
<p>This should return the response:</p>
<p>{"allow":false,"allowMessage":"Unable to obtain licence information from the Halo Licencing Server."}</p>
<p>If the POST request works from Postman, the next step is to test it from an IIS-hosted application. This is important because:</p>
<ul>
<li>IIS apps (like the Halo Auth server) run under a different security context than Postman.</li>
<li>Security rules, permissions, or network restrictions may affect the request differently.</li>
</ul>
<h2 id="option-1-test-via-a-halo-custom-integration">Option 1: Test via a Halo Custom Integration</h2>
<p>You can use a custom integration method within Halo to send the request. Note: The request will be sent from the Halo API, which runs under a different application pool than the Auth server. This may result in different behavior due to:</p>
<ul>
<li>Permissions</li>
<li>Network restrictions</li>
<li>Application pool identity</li>
</ul>
<h2 id="option-2-create-a-minimal-iis-test-app">Option 2: Create a Minimal IIS Test App</h2>
<p>If you need more accurate testing, create a simple IIS application that performs the same POST request. To match the behavior of the Auth server, run the test app under the same application pool as the Halo Auth server.</p>
<p>This will give you the closest approximation to how the Auth server performs license checks. Even then, factors like antivirus software or custom firewall rules may still treat the test app differently.</p>
