Novell Home

ZfD 4 on Windows XP SP2

Novell Cool Solutions: Trench

Digg This - Slashdot This

Updated: 19 May 2005
 

Question: Will ZfD 4 work on the new Windows XP SP2?

Answer: Novell is currently testing its ZENworks products running on the released version of Windows XP Service Pack 2 (XPSP2). Full support for ZENworks products running on XP SP2 will occur within 90 days of the XP SP2 release. Check this TID for more information.

If you have anything to add, let us know.

Suggestions

Jeff Ferris

Questions were posted asking about SP2 and its effect on ZENworks. We noticed one thing. You have to tell the SP2 firewall to allow NDPS ports, or it won't allow NDPS to communicate. You can allow it through the settings of the firewall, but just an FYI.

Matt Merrell

I have been completely unsuccessful in getting ZENworks 3.2 to work with XP SP2. I have opened all the ports and done everything I can think of... no go. Well, at least on the remote control side.

Sergio León

After installing XPSP2 the remote control doesn't work even when we disable the Microsoft firewall.

Dave Lloyd

Testing SP2 on several Compaq PC's we have found that after installing ZENworks for Desktop Management Agent (a variety of flavours were tried) it would neither uninstall nor upgrade (as the first action is to uninstall) - PC's hung and needed to be rebooted... Agents remained installed. No solution to this as yet...

Chuck Ireton

XP Service Pack Two in its default state breaks remote control. You have to manually open the Firewall settings and allow C:\Program Files\Novell\ZENworks\Remote Management\RMAgent\ZENREM32.EXE.

Also, XP SP2 and the ZENworks optimized drivers cause a blue screen. We had to rename C:\Windows\System32\drishti.dll to drishti.old.

Mark E. Crist

I noticed that the remote control functionality breaks after installing Windows XP SP2. It's an easy fix, just add "C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe" as an exception to the firewall rules.

The inventory also seems to break but I have not found a workaround yet.

James Rudd

We had problems with a clean Windows XP SP2 slipstreamed install, after applying the latest ZfD4 agent with Workstation Manager. From what I can tell when it applies the Group Policies it somehow breaks MSI or RPC functionality. No MSI applications will install, and when I try to bring up Disk Management in the Computer Management MMC it reports that it could not connect to the RPC server.

Most likely problems come from the ConsoleOne built Group Policy. If I install ZfDAgent without Workstation Manager, no problems.

Nathan Lock

We have had the same problem as James Rudd did. It turns out that it is the security policy settings from old group policies that break it. You must create brand new computer workstation policies on a Service Pack 2 machine (that has not been imported so it does not have a broken policy on it to start with) then all will work ok. It has taken me over a month to find this out! And Microsoft was no help whatsoever.

It appears that because of the security model changes in XP sp2, applying old policies created with a pre-sp2 machine breaks the com+ system application service, which will fill your event log with lots of meaningless errors. Here is a full list of symptoms that you will get if it is broken:

  • Dcomcnfg will just exit when you click on Component Services and then computers.
  • Windows installer will not let you install any msi based software and will say "The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance."
  • The Windows search/find files command button on the start menu will do nothing!
  • Disk management and removable storage will not run in the mmc.
  • You get a Win32 error if you try to look at the dependencies tab of any of your services!

I hope you can publicize this information as widely as possible so that no one has to go through the nightmare month I have just had!

Update:

My original posting above has finally been recognised by Novell and typed up in a TID explaining it, 10095342 check it out for the full explanation of what was happening.

Also Harry Manbeck posted about the remote control service not starting properly, preventing the installation of further agents, this is now documented in TID 10095223. Neither of these problems are actually fixed yet though.

Also on the subject of XPSP2 we and quite a few others in the Novell Support client forums have been experiencing "8884" login script errors where the client is unable to connect to a server picked at random. Detailed in TID 10095000/ 10091670. It does not always happen, it is totally random and the advice being given every time is to check your slp settings. We have, and everything is set to static and no autodiscovery, and we don't have any problems on machines without XPSP2! Several people have said disable the XP firewall, but that does not make any difference. Again our Novell Support provider is looking in to this and has been able to re-create this problem, but is having a hard time getting Novell to believe it! TID 10094642 says there are no known incompatibles, but then goes on in the 2nd paragraph of the notes to suggest there might be. I am not convinced that the suggested workaround of disabling the bad name and address cache is 100% reliable either, because that seems to make the 1st logon fail as if you had typed your password wrong, and pressing ok again after the error it succeeds.

Lastly off at a slight tangent, but I am hoping the next release of the Zen 6.5 agent will actually fix tids 10096223,10094539,10095225,10094015/10093908 plus including the fix from hotpatch 3 for slow shutdowns and then ZEN 6.5 might actually be a useable product! Oh and also the windows update settings in a computer group policy don't work either!! (confirmed in other support forum postings).

I was led to believe that ZENworks 6.5 was a more stable product because it uses the Microsoft profile technology and had undergone more testing than ZENworks 4, and that ZENworks 4 was never going to have another "proper" release (it has been in a permanent state of beta or "interim" releases since 4.01!) yet Novell seem to be doing the opposite, we have ZENworks 4 interim release 5 out now, but no new ZENworks 6.5 agents on general release.

Has anyone got XPSP2 + ZENworks 6.5 + Client 4.9SP2(+PKC+NWGINA 6,8 or 9) actually working as usable combination yet?

We have been unable to deploy our 250 new pcs yet because of these problems.

I can't use ZENworks 4 because the roaming profiles are flaky, but the windows updates settings work fine. We use this combination in our student areas because the students don't have roaming profiles.

I can't deploy ZENworks 6.5 with XPSP1 because the windows updates policy doesn't get applied so all the machines will upgrade themselves to SP2 and then the client will break with the random failure to connect to the servers.

Will Wilson

I've noticed that even if you disable notifications for Windows Security Center, when a new user is created via DLU the new user is presented with the Windows Security Center screen on first login. This is not a major problem, but it would be nice if the DLU user wasn't presented with this screen to "mess with".

Marin Dowlin

I've been successful getting ZENworks 3.2 remote to work if I put a extra scheduled action policy in the group policy objects and doing a net start "Remote management" after the users desktop appears. I've also put all the ports into the group policy to open up the firewall. What it seems to be happening with the remote agent is that it times out on startup, probably waiting for something to start (I blame a Winsock incompatibility). If you give it a few minuites it comes up if you start the service.

BTW, tests showed that it worked without this workaround in the RC2 of SP2, but not in the final. Strange.

Doug Roehm

The agent service shows as "starting" but never goes to the status of "started". You have to set the service to "manual" - then reboot - then apply the new agent (whuch by the way still shows as "starting" (this is the remote control service. However it seems to work even when the status says starting.

Trey Ray

My shop experienced the same problem as James Rudd and Nathan Lock. In addition to using a clean XPSP2 workstation to recreate your ZENworks-enabled Group Policies with the new SP2 security model, broken workstations can be repaired by restoring the default XPSP2 security settings using the command line below:

secedit /configure /overwrite /db 
c:\windows\security\database\defwrk.sdb /cfg 
c:\windows\servicepackfiles\i386\defltwk.inf /log 
c:\windows\security\logs\defltwk.log

Harry Manbeck

We have had a similar Windows XP SP2 issue on our Novell network of 4000 systems to the one Nathan had. It seems that when SP2 installs, the Workstation Manager component of ZENworks for Desktops 4.0.1.42 removes two important registry keys located at HKLM\SECURITY\POLICY\ACCOUNTS\ names S-1-5-4 and S-1-5-6. As a result, various errors appear in numerous places. Some of these are File Search, Microsoft Office clipart, MSI, and DCOM errors, and errors when accessing various services. There is information pertaining to S-1-5-4 and S-1-5-6 in the Microsoft knowledgebase.

If these keys are replaced, they will again be removed by the Workstation Manager Service. We have been able to work around the issue but disabling the Workstation Manager service and then replacing the missing keys to restore functionality. This is the quickest way we could remotely restore all the systems that have this issue. Locally, a workstation can be fixed by removing ZENworksworks and then applying SP2 before reinstalling ZENworksworks so that a new security policy is in place before Workstation Manager takes effect.

This simply takes too much time, so a local fix is not practical for our large network. We are hoping that a future release of ZENworksworks will rectify the situation. For now we have had to sacrifice the functions of Workstation Manager to get back on our feet.

Update!!

It seems ZENworksworks 4.01 IR5 has fixed the XPSP2 Workstation Manager issue! This version will not damage the security settings in SP2. However, any machine already damaged must first be repaired, then rebooted in order to install this new version of ZENworksworks because the MSI service is inaccessible until the security settings are restored. This can be done with Trey's command line; however I have personally found it easier to pull the keys (that I previously mentioned) from a working SP2 installation and import them into the registry after unlocking that section of the registry using a utility like regini.exe. (Don't forget to stop workstation manager before you reboot.)

There is only one problem that remains. The Novell ZfD Remote Management service has an issue that previously existed but is worse under XPSP2. As Doug Roehm mentioned, it seems that this service displays the status "Starting" even though it appears to work. I have read that some people are having trouble getting it to work, though we have not had any trouble using it. The trouble has been in trying to remove or reinstall ZENworksworks when the ZENworksrem32.exe is running, as it cannot be stopped either by the ZENworksworks MSI or by using a command like "NET STOP." Under both SP1 and SP2, if you look at the properties for this service, click on the dependencies tab, and then click back to the General tab, the service status changes from Started to Starting, assuming it was ever Started to begin with.

While upgrading ZENworksworks, the installer gets stuck at the ZENworksrem32.exe file. If I kill this application, the installer can continue, but I cannot visit every system on our network. As a resolution, we change the remote management service status to "disabled" and force the machines to reboot, and then push the new ZENworksworks installer so that it does not get stopped at ZENworksrem32.exe.

There are some errors in the RMErrorLog0.txt file that I have yet to fully understand or resolve. Any help would be greatly appreciated.

John Driver

We had similar issues to those mentioned above regarding the XPSP2 Firewall and security centre popups. My simple fix was as part of our build to run services.msc (which we were doing anyway to disable remote registry) and disable the Windows Firewall/ICS and also Security Centre. You need to do this BEFORE copying settings to default user as otherwise the Security Centre re-enables itself. So far this seems to work for us and hasn't caused any adverse effects.

Mary Stohr

I have been unsuccessful using remote control - even with ports opened - on Win2k and XP machines. I can remote control WInNT without problem. Win2K and XP try to connect but never do.

Stefan Davenport

Just a brief suggestion, if you want to deploy Windows XP SP2 without the Firewall enabled, the following registry settings will disable it:

"HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\EnableFirewall" DWORD value 0 is off, 1 is on
"HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall" DWORD value 0 is off, 1 is on

Wayne Hanks

Found a problem this morning that stymied me. I went to create a new application install using a Windows XP SP2 workstation and had to install the Wise installation Tailor to customise the application. It ran through ok and created the mst file. However when I created the application object and associated the mst, it would not start the installation on a Windows XP sp1 workstation. When I created the mst file and object on the xpsp1 machine it worked fine and allowed me to do the installation on the xpsp2 machine.

Shawn Dakin

I have a solution to the problems with ZENworks 3.2 Remote Management agent. Unlike other solutions, which only work after login, this will actually allow the service to start on bootup.

The problem is not actually a problem, but rather a feature of the WF/ICS service. The Windows Firewall provided with XP SP2 has a new feature known as "Startup Security". The Microsoft WF_XPSP2.DOC file states that the ?startup Windows Firewall policy to perform stateful packet filtering, which allows the computer to perform basic networking startup tasks using Dynamic Host Configuration Protocol (DHCP) and the Domain Name System (DNS) protocol to configure the computer and communicate with a domain controller to obtain Group Policy updates. Once the Windows Firewall (WF)/Internet Connection Sharing (ICS) service is started, it uses its configuration and removes the startup policy. The startup policy settings cannot be configured." However changing the service from automatic to manual can disable the startup policy. What we have done is set the service to "manual" and then evoked it before the Zen Remote Agent is loaded. So here is a short description of what I did. Try it at your own risk!!

  1. Change the Windows Firewall/ICS service to manual
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess String Value Start = 3


  2. Force Windows Firewall/ICS service to start before Remote Management
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Novell User Agent Multi String Value DependOnService = SharedAccess
    NOTE: DependOnService must also contain WM


  3. Set Firewall Exceptions for wuser.exe
    netsh firewall add portopening UDP 1761 ZENRC Enable
    netsh firewall add portopening UDP 1762 ZENRC Enable
    netsh firewall add allowedprogram c:\novell\zenrc\wuser32.exe ZenRC enable

This fixed the problems for us, and allows us to remote control even if the user is not connected.

THIS WORKS WITH ZENworks 3.2 ONLY

Scott White

Here are registry settings we use with regards to XPSP2 that I've thrown into a .reg file (or distribute via ZENworks):

Windows Registry Editor Version 5.00
 
;Disable Information Bar Prompt in Internet Explorer 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InformationBar] 
"FirstTime"=dword:00000000 
 
;Override Antivirus Monitoring
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride"=dword:00000001
 
;Override Windows Firewall Monitoring
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallOverride"=dword:00000001
 
;Disable Anti-virus Notifications
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000001
 
;Disable Firewall Notifications
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify"=dword:00000001
 
;Disable Windows Firewall
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\
StandardProfile]
"EnableFirewall"=dword:00000000
 
;Disable Windows Firewall
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\
DomainProfile]
"EnableFirewall"=dword:00000000
 
;Disable Security Center Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Start"=dword:00000004
 
;Disable Automatic Updates Notifications
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify"=dword:00000001

XPSP2 command line options are available here to use for an automated/unattended installation.

A batch file for an install might be something similar to this:

rem silently install Windows XP SP2
xpsp2.exe /F /N /O /norestart /Q
 
rem add registry keys for xpsp2
reg import xpsp2.reg 
 
rem restart machine
shutdown -r

Note: We had to use "REGEDIT4" instead of "Windows Registry Editor Version 5.00" for a .reg file import to work for us.

Hope this might help someone...

Vebjørn Nergård

With ZENworks for Desktops 6.5 and Windows XP SP2 -- Change Firewall Settings:

Use policy setting:

  1. Create User policy (ConsoleOne)
  2. Group Policy
  3. Network Location of Existing / new Group Policy \\serverxxx\sys\public\mgmt\group-pol
  4. Check User Configuration and Computer Configuration
  5. Click Edit Policies
    • Open Computer Conf- Administrative Templates- Network -- Network Connections- Windows Firewall -- Standard Profile
    • Define Program Exceptions: "C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe?

REMEMBER: You have to use a computer installed with XP sp 2 when editing the Group Policy.

Brian Meldrum

I created a new group policy with an SP2 box. SP2 replaces the group policy files, so to get the right version, you have to run ConsoleOne from SP2. Just go into GPM, update the GPM files, and disable the Security center, turn off firewall and TADA! It works fine with SP2.

Mike Harris

For our environment of NetWare 6.5, ZENworks for Desktops 4 (4.0.1.4 launcher) with Windows 2000 and XP workstations, we've been successful enough with the following manual procedure that we've gone ahead with rolling all new machines out with XP SP2 installed. Have not yet tackled pushing it out to existing machines (see note further down).

==== manual procedure begins ====

Before applying SP2 to XP:
 - Assure Novell Client 4.9 SP2   (enables UNC type accesses)
 - For "not received new in 9/04 or later" Dell GX260 and GX270
   workstation, update NIC driver (fixes problem of DHCP lease 
   failing to renew).

Apply XP SP2.

After XP SP2 applied (see Control Panel | Windows Firewall | Exceptions
tab):
 - Unblock  NDPS RPM & Notification Listener (dpmw32.exe)  
 - Add port exception for port 1761, for Novell Remote Control
 - If Oracle applications & Oracle Discoverer are to be used, 
    run them and OK their behaviour to SP2 firewall.

==== manual procedure ends ====

We have not yet pinned down how to automate the before and after via a ZEN push yet (other priorities) for existing workstations, but assume that we will be able to create such a push. Would assume that will try to push both the before and after stuff together, before XP SP2 itself, if practical (don't know if can push MS firewall settings (registry settings?) before MS firewall (XP SP2) is installed. We anticipate using Microsoft's Software Update Service (SUS) to distribute XP SP2 itself, rather than ZEN (for the sake of avoiding user involvement), though that's not to say couldn't push XP SP2 itself via ZEN (just haven't investigated it, due to already having SUS running and SUS's bandwidth throttling capabilities).

Ong

Noticed that workstation will not be able to login after Management Agent was removed after XPSP2 (error message stating that NWGina.dll cannot be found), the only option given is to restart the machine. Safe mode would not help as well, reported missing files. Scenario can be duplicated with the following steps:

  1. Workstation installed with Windows XP SP1
  2. Install Management Agent (p2)
  3. Patch with SP2
  4. Uninstall Management Agent (works for me)
  5. Errors reported after restart

However, if I change the registry key prior to uninstallation of Management Agent, then the workstation is usable. The key is

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL "MSGina.dll" (changed from NWGina.dll)

While SP2 is in effect, Remote service would not start but I'm glad to know that I'm in the crowd =)

Eric Belcher

Update on ACGS XPSP2 ZEN Rollout

We are now rolling out new IBM PC's with XPSP2 and ZENworks 6.5. The basic process we have used is as follows:

  • Used nLite to create cut down image of XPSP2, (got rid of firewall etc - We operate in a Deep Freeze environment behind firewalls).
  • Installed Client 4.9SP2 with nwfs.sys patch
  • Installed ZfD 6.5 Update 2

The problems we have and are having to work around are:

  • Applications associated with a workstation object only will not deploy files (seeming rights issue), no matter what rights are given. As soon as the user object is added to the object, the files will install.
  • NDPS Printers. Although we have Windows Group policies set to install drivers silently without error, NDPS printers will not distribute via ZfD policies. If you manually install the printer first using the windows install printer, ZfD distribution will then work from then on.
  • ZfD 6.5 is highly immature, especially when it comes to application object creation. We have to use ZEN 4 snapins to create a new application in most cases, and then use ZEN 6.5 snapins to make changes. Sometimes editing an App object with ZfD 6.5 snapins causes C1 to crash. (This has been duplicated with a clean install of C1 and ZfD 6.5.)
  • The editing of XP Group policies cannot be done with C1 1.3.6c ZfD 6.5 Snapins if MMC editing tools are disabled. This was a bug in ZfD 4.01 that was fixed. (I now see a TID for this problem TID10095582 )

Otherwise, things have gone quite well. Once ZfD 6.5 is fully functional this will be a good solution. Our documentation is nearly complete and I'm happy to send people copies upon request

Patrick Reeder

We have seen some strange things with certain SP2 updates and ZENworks. Not sure if they are related, but after installing certain patches or imaging a base image using the ZEN Boot CD, the Network Properties can no longer be accessed. When refreshing the connections, it spits out an error saying that the Network connections Manager cannot retrieve a list of installed adapters. Also, the Windows Installer service is no longer working. Very strange. We are still testing these issues to try and isolate the problem.

Update: Our issues concerning machines with SP2 for XP have been resolved using the information from TID 10095342.

Bill Friedkin

I have successfully deployed XPsp2 on Dell D600, GX270, GX260 and GX50. However; when installing to the D505 laptop, the end result is: the icons disappear for Local area connection and the network connections in the tray. Everything else seems to work, but I am unable to manage connectivity, client, protocols, etc. I have since reved the machines back to XPsp1a until I can resolve. I am open to suggestions.

Policies seem to work (I have edited them through my D600 (xpsp2)) and Remote Control works by making the exception for Zenrem32.exe (C:\Program Files\Novell\Zenworks\RemoteManagement\RMAgent\ZenRem32.exe), for NDPS (C:\WINDOWS\System32\dpmw32.exe) AND for the Session manager (C:\WINDOWS\System32\sessmgr.exe). These exceptions can be made through an app object in the registry after capturing with a snapshot.

UPDATE

The issue to D505 SP2 upgrade was manifested by the lack of a Local Area Connection icon. Everything else "seemed" to be running okay. There were other symptoms not realized until reading the article here that mentions a full list of symptoms that you will get if it is broken:

  • Dcomcnfg will just exit when you click on Component Services and then computers.
  • Windows installer will not let you install any msi based software and will say "The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance."
  • The Windows search/find files command button on the start menu will do nothing!
  • Disk management and removable storage will not run in the mmc.
  • You get a Win32 error if you try to look at the dependencies tab of any of your services!
    (I would like to submit one more symptom)
  • No Local Area Connection icon

Thanks to entries made by many here, we have found a solution.

The administrative workstation which edits the group policies must be on XPSP2.

  1. Remove the current ZfDAgent.
  2. Remove ALL GroupPolicy directories under C:\windows\system32.
  3. Run gpedit.msc, which will rebuild the default set of windows group policies.
  4. Run the local or IT Pro upgrades to SP2.
  5. Log into the workstation as Workstation Only and get the latest security patches and upgrades for SP2.
  6. Reinstall the ZfDAgent from IR5 (Sept 2004) and re-register the workstation.

We have Interim Release 5 installed to the network and the updated IMG files (zfd401ir5img25.exe) installed.

The IR5 release neglected to include the 3Com and Broadcom drivers ( Dell GX280, D505, D600) needed for PXE imaging within our environment. The kernel version (linux.1) also within IR5 was incorrect for our environment. Installing the IMG files (linux.1, linux.2 and linux3.tgz) corrected both issues. We can now image all SP2 machines.

Rick Darter

I haven't noticed anyone mentioning Application problems. Just today I figured out (trial and error) how to get a simple delete and copy batch file to run on XP both SP1 and 2. The ZENworks App would work when "Run Normal" under Executable Security Level. But the batch file would fail as the local users group only had "Read and Execute" and "Read" to the file. I then changed the App to "Run as secure system user" (System has Full rights to the file). Now ZENworks would report that it couldn't find the batch file. It would list the correct path to the batch file, but would not run. I finally changed the "Path to file:" from Z:\path\test.cmd to the UNC path \\server\vol\path\test.cmd and it started working like a charm...

We are running NetWare 6.0SP4/5 with ZENworks 4, and have a mix of Win2k (didn't have the problem) and XP Pro desktops.

Dwayne Watkins

I have tested, successfully I might add, a Dell GX280 with WinXP Pro SP2 with remote control and workstation manager. Before installing SP2 I verified that I was able to remote control and registered WM. My winxppro build was using a custom Winnt.sif file with automatic updates turned off, firewall installed but not configured, and with Mcafee ver 8. Client ver. 4.9 sp2, and ZEN 4.01. I also forgot to mention that I installed an NDPS printer, an HP 4650 color laser printer.

I installed SP2 by hand (still testing the network setup). Since my automatic updates were already turned off after the install of SP2, it remained off.

Before turning anything on I verified again that I can remote control the workstation, unregistered and re-registered the workstation, and finally print.

I then enabled the firewall, and could not do anything mentioned above except print (which was a relief). I could no longer remote control and received an error in communication when registering. I opened port 1761 tcp and was able to remote control again. I am currently still testing other applications with XPSP2 so hopefully I can add to this later.

Matthew Schlawin

I have been running WinXP sp2 on several machines with NetWare 6.5 and ZENworks 4.01 for testing purposes. I have recently installed Ir5 as well. I thought everything was going ok until I tried to image one of our labs of computers.

We have 30 Compaq EVO d510 computers currently running WinXP sp1. I re-image them regularly with no problems. I installed sp2 on one computer and it appears to work just fine. I had exceptions in place to allow printing, Internet access, and IPTV. However when I tried imaging the rest of the lab I had major problems.

The imaging went just fine, the workstations rebooted and gave the "zenworks imaging engine is finalizing settings...please wait" message, but that message box would not go away on some machines. Others took a long time and then gave out of memory errors and Dr. Watson errors. On about two thirds of the computers, this box appeared at EVERY reboot and would not go away. Some of the computers made it past this box (why?) but would pop up the Windows security center on every boot. (Same as Will Wilson above)

I tried five (5) different re-images with firewall off, automatic updates off, deleting the partition with fdisk, unicast insted of multicast, etc. but nothing worked. I finally put the old image with sp1 back on and everything is fine.

So my problem was not so much with SP2, but with imaging SP2. I have posted this in the forums as well but have not had a response yet.

Brian Schonecker

ZFD65 Remote Control.

Screen blanking doesn't.

Mouse & Keyboard locking does.

Carolyn D. Snyder

I have had problems with imaging Windows sp2 on Dell computers. I have no problem retrieving or dumping a pxe image with xp1 on it, but I cannot dump an xp2 image on the server. The machine starts to image and then at about the 80% mark, an error that says ?'failed to write to proxy' unknown error - see documentation ? appears and I cannot write the image. I am using ZfD 4 and NetWare 5.1. Any suggestions? I can dump an image with Ghost software and retrieve it as well. Do I need to continue to purchase Ghost?

Update from Gary Muller: With regards to Carolyn's problem, I have encountered exactly the same problem and found that if your image is above 2Gb then it is not possible to use ZENworks Imaging, especially if you are wanting to write it to DVD. I have continued using Ghost for images above 2G, anything below 2Gb, ZENworks Imaging works like a dream.

Further Update from Gary Muller: An update on Carolyn's problem, I have managed to split the image if it is larger than 2 GB and copy it then to DVD. Got info off the net that if you are creating an iso file, no file within the iso image is allowed to be greater than 2 GB. So using ZENworks 6.5 image splitting tool I set the break at 1.8 GB and then copied this into iso image. The only problem that I am sitting with currently is trying to automate the second image file to launch after the first has completed its restore.

Tony Strother

Issue with the NAL icons on the desktop disappearing after the installation of MS Office 2000, SP3. After installation, refresh of the NAL, icons are still gone. Uninstall office and they re-appear!

Lee Pipkin

Update to Tony's post. Novell Support helped us solve this one. We had a corrupt application object that was causing this behavior. As the ZfD4 NAL read the dsattr.bin from each app it came across the corrupt one and then went out to lunch. No icons in the NAL and the NAL went off line. Through process of elimination we found the corrupt app and all is good. This type of behavior is non-existent in ZFD 6.5 due to the code change of the NAL.

Thanks Novell Support!

David Van Domelen

I am successfully running:

1. ZfD Version 4.0.1.4 on Windows XP Pro SP2 with either
2. Novell 4.83 SP2 Client on about 400 Compaq EVO510s or
3. Novell 4.90 SP2 Client on thirty Acer 5600s.

Everything works including:

1. Remote Management,
2. MSI installs,
3. non-MSI AOTs
4. and especially the new Windows SP2 policies.

I am still testing the February Security Updates, but so far they seem ok. Good luck folks.

Kevin Martin

In our labs we sometimes have login scripts errors when ZENworks 4.0.1 IR 5 is on the machine with XP SP2. It is very sporadic but when you log on, sometimes the drives in the login script will not map and gives an error "can't map to x drive". When ZENworks is removed, there is never any errors. I say again, this is very sporadic and will happen to various machines at various times.

Chris Bizette

We are running ZENworks 3.2 (although it should work for other versions too) and used the following to fix the remote control issue.

Create two entries for the firewall exception.

  • Add port name it zenremc1 with port 1761 udp
  • Add port name it zenremc2 with port 1762 udp

In addition, to get the remote agent to start properly I created a batch file that I pushed down using ZENworks that does the following:

Net start "remote management"

In addition it adds a registry key to HKLM\Software\Microsoft\Windows\CurrentVersion\Run

String value startzenrc with value c:\winnt\zenrcbatch.bat to allow it to run on each bootup.

Jeremy Mlazovsky

I found Bill Friedkin's tip for adding exceptions to XP SP2 firewall very helpful. However, instead of using a snapshot to determine which system changes were made, I was able to find an article on Micro$oft's site which explains how to configure the WinXP SP2 firewall from the commandline. I used Bill's list of programs to allow and Microsoft's article to create an AutoIt v3.x script file which configures the firewall for us. I run this script automatically at the end of our Client32 and ZEN Agent installer script. The official Microsoft knowledgebase article on commandline options for the XP SP2 firewall can be found here.

The commands I use are as follows:

netsh firewall add allowedprogram PROGRAM="C:\Program Files\Novell\Zenworks\RemoteManagement\RMAgent\ZenRem32.exe" NAME="Remote Management" MODE=ENABLE PROFILE=ALL 

netsh firewall add allowedprogram PROGRAM="C:\WINDOWS\System32\dpmw32.exe" NAME=NDPS MODE=ENABLE PROFILE=ALL 

netsh firewall add allowedprogram PROGRAM="C:\WINDOWS\System32\sessmgr.exe" NAME="Session Manager" MODE=ENABLE PROFILE=ALL 

Samuel Dee

I have to add that my campus runs NW6.5, ZfD 4 ir5, XP Pro SP2 on Dell GX280s. I have been running pretty smoothly since last October when I decided to add SP2 to the list of things I'm testing.

Everything has been running relatively well until the last month when I started seeing Symantec Live Update errors. This led me to discover the MSI problems discussed by James Rudd and Nathan Lock.

Despite some good directions I find I don't agree with the assessment that it's caused by Group Policies that are made on an SP1 machine. I've dumped my old group policies lately and recreated them, making sure my machine is totally updated. If anything I'm getting MORE machines with MSI problems and don't have anything do do but go back to SP1.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell