The information in this Readme pertains to the ZENworks 2017 Update 1 release.
The following table contains information on the documentation content changes that were made in this Readme after the initial release of ZENworks 2017 Update 1:
Table 1 Readme Updates
|
Date |
Readme Item Added or Updated |
|---|---|
|
June, 2019 |
An important note has been included in the following section: Section 3.0, Planning to Deploy ZENworks 2017 Update 1 The following known issue has been added: Upgrade of a ZENworks 17.x appliance to a later version fails if the April 2019 Appliance Security Patches have been applied. |
For information on the new features included in this release, see What’s New in ZENworks 2017 Update 1.
Use the following guidelines to plan for the deployment of ZENworks 2017 Update 1 in your Management Zone:
IMPORTANT:If you have applied the April 2019 Appliance Security Patches, before upgrading to ZENworks 2017 Update 1, you need to first apply the FTF that is available in bug 1134324.
If you are using Disk Encryption and you want to update the Full Disk Encryption Agent, you MUST remove the Disk Encryption policy from those managed devices before you update them to ZENworks 2017 Update 1.
For more information about updating Full Disk Encryption in ZENworks 2017 Update 1, see the ZENworks 2017 Update 1 - Full Disk Encryption Update Reference.
You must first upgrade the Primary Servers, then update the Satellite Servers, and finally the managed devices to ZENworks 2017 Update 1. Do not upgrade the managed devices and Satellite Servers (or add new 2017 Update 1 Agents in the zone) until all Primary Servers in the zone have been upgraded to ZENworks 2017 Update 1.
NOTE:Agents might receive inconsistent data from the zone until all Primary Servers are upgraded. Therefore, this part of the process should take place in as short a time as possible - ideally, immediately after the first Primary Server is upgraded.
If the managed devices have been updated to ZENworks 11.x or later, you can directly update the managed devices in the zone to ZENworks 2017 Update 1.
The system reboots once after you upgrade to ZENworks 2017 Update 1. However, a double reboot will be required in the following scenarios:
If you update from 11.x to ZENworks 2017 or 2017 Update 1 with Endpoint Security enabled, you will need a second reboot to load the ZESNETAccess driver.
If a managed device uses Windows 10 with Client Self Defense enabled and you are upgrading from 11.4.x to ZENworks 2017 or 2017 Update 1, you need to disable Client Self Defense in ZENworks Control Center, reboot the managed device, and then run the update, requiring a second reboot on the device.
If you have a Disk Encryption policy enforced on a managed device, and you want to update the Full Disk Encryption Agent to ZENworks 2017 Update 1, you must first remove the policy and decrypt the device, which requires a device reboot. You then update the device to 2017 Update 1, requiring a second reboot.
IMPORTANT:Managed Devices running versions prior to 11.x must first be upgraded to 11.x. The system reboots after the upgrade to 11.x and then reboots again when the ZENworks 2017 Update 1 system update is deployed.
Table 2 ZENworks Cumulative Agent Update to ZENworks 2017 Update 1: Supported Paths
|
Managed Device Type |
Operating System |
Supported Versions |
Unsupported Versions |
|---|---|---|---|
|
Primary Server |
Windows/Linux |
v2017 Update |
Any version prior to v2017 |
|
Satellite Server |
Windows/Linux/Mac |
v11.0 and subsequent versions |
Any version prior to v11.x |
|
Managed Device |
Windows |
v11.0 and subsequent versions |
Any version prior to v11.0 |
|
Linux |
v11.0 and subsequent versions |
NA |
|
|
Mac |
v11.2 and subsequent versions |
NA |
Prior to installing the System Update, ensure that you have adequate free disk space in the following locations:
|
Location |
Description |
Disk Space |
|---|---|---|
|
Windows: %zenworks_home%\install\downloads Linux: opt/novell/zenworks/install/downloads |
To maintain agent packages. |
5 GB |
|
Windows: %zenworks_home%\work\content-repo Linux: /var/opt/novell/zenworks/content-repo |
To import the zip file to the content system. |
5 GB |
|
Agent Cache |
To download the applicable System Update contents that are required to update the ZENworks server. |
1.5 GB |
|
Location where the System Update file is copied. This is only applicable for the ZENworks Server that is used to import the System Update zip file |
To store the downloaded System Update zip file. |
5 GB |
For instructions on downloading and deploying ZENworks 2017 Update 1, see the ZENworks System Updates Reference.
If your Management Zone consists of Primary Servers with a version prior to ZENworks 2017, you can deploy ZENworks 2017 Update 1 to these Primary Servers only after all of them have been upgraded to ZENworks 2017. For instructions, see the ZENworks Upgrade Guide.
For administrative tasks, see the ZENworks 2017 Update 1 documentation site.
IMPORTANT:Do not update the Remote Management (RM) viewer until all the Join Proxy Satellite Servers are updated in the zone. To perform Remote Management through Join Proxy, you need to ensure that the RM viewer version and the Join Proxy version are the same.
Ensure that you read Section 3.0, Planning to Deploy ZENworks 2017 Update 1 before you download and deploy the ZENworks 2017 Update 1 update.
This update requires schema changes to be made to the database. During the initial patch installation, the services will run only on the Master or dedicated Primary Server. This is to ensure that other Primary Servers do not try to access the tables being changed in the database.
After the Master or dedicated Primary Server has been updated, the services will resume on the remaining servers and the update will be applied simultaneously.
NOTE:You do not need to manually stop or start the services on the servers during the update. The services will be stopped and started automatically.
When you postpone a system update and log out of the managed device, the system update is applied on the device.
For the list of supported Managed Device and Satellite Server versions in a Management Zone with ZENworks 2017 Update 1, see Supported Managed Devices and Satellite Server Versions.
Some of the issues identified in previous releases have been addressed in this release. For a list of the resolved issues, see TID 7020155 in the Support Knowledgebase.
Some of the issues that were discovered in previous versions of ZENworks 2017 Update 1 have not yet been resolved. Review the following Readme documents for more information:
This section contains information about issues that might occur while you work with ZENworks 2017 Update 1:
When you add a new Primary Server with ZENworks 2017 to an IPv6-enabled zone in ZENworks 2017 Update 1 or later, then the closest servers might be empty, or it might contain incorrect IPv6 URL format. You can view the closest server URLs by running the zac zc -l command in the text console.
Workaround: Perform the following:
On older Primary Servers, stop the loader service.
Execute the zman lrr -f command on a server that is upgraded to the latest version.
Execute the zac ref bypasscache command on the device on which you see incorrect IPv6 URLs.
NOTE:If the workaround mentioned above is not performed, when you add a new Windows 2016 ZENworks 17 server to an existing 17.x zone and update the Windows 2016 server to 17.x, the ZENworks Server Properties will be in an unavailable state when accessed using the zapp system tray Icon. To resolve this issue, you have to run zac cc followed by the zac ref bypasscache commands on the Windows 2016 server.
After installing the agent on a Windows 2012 R2 device, when you boot the device using PXE or Boot CD, and run the zisedit command with the following settings, the network adapter is not visible in the network connections when you log into the device:
Set the DHCP and DHCP6 values to off.
Change the IPv4 and IPv6 values.
Workaround: Configure the IPv4 and IPv6 values separately.
On a SLES 11 device, if a network is configured using NetworkManager, the Client IP address Network service might not match with the IPv6 DHCP address. Hence, location and network environment detection fails.
Workaround: Configure the network using the ifup method.
Java 8 Applications require the IPv4 stack to be configured on a Windows device. Hence, ZENworks Java applications such as ZCC Helper might not work unless IPv4 is installed.
Workaround: Configure the IPv4 stack in addition to the IPv6 stack.
For more information, refer to the following links:
While changing the external Certificate Authority, if the new certificate file includes the certificate chain in a wrong order, then certificate validation fails. For example, instead of Server > SubCA > RootCA, if the chain is in the following order: SubCA > Server > RootCA., the certificate will be considered as invalid.
Workaround: Re-create the server certificate chain (with certificates in the specified order) using your preferred method. One of the simplest ways of doing it as follows:
Save each certificate as a separate file in the base64 format.
Open each certificate in a text editor. The content will be similar to the content below:
-----BEGIN CERTIFICATE----- <cert data> -----END CERTIFICATE-----
Create a new file and name it as server.cer.
Copy the text from each certificate file into the server.cer file so that the certificates are all in one file, in the following order:
-----BEGIN CERTIFICATE----- <Server cert data> -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- <SubCA cert data> -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- <RootCA cert data> -----END CERTIFICATE-----
Save the server.cer file.
Use the server.cer file as the new certificate and complete the steps to change the external Certificate Authority (CA).
When you open pgadmin3 on a SLES device, one of the following errors might be displayed:
pgadmin3: error while loading shared libraries: libiconv.so.2: cannot open shared object file: No such file or directory
./pgadmin3: symbol lookup error: /usr/lib64/libgdk-x11-2.0.so.0: undefined symbol: pango_font_map_create_context
Workaround: Execute the following command in the terminal before opening pgadmin3:
export LD_LIBRARY_PATH="/usr/local/lib64:/usr/local/lib:/lib64:/lib:/usr/lib64:/usr/lib:/opt/novell/zenworks/share/pgsql/lib:/opt/novell/zenworks/share/pgsql/pgAdmin3/lib:$LD_LIBRARY_PATH"
Bundles configured with the Install Network MSI or Create Directory action from DFS share, fail with the WNetAddConnection error.
Workaround: None.
While configuring the Install Network MSI action, use the UNC path instead of DFS share.
When an email account is remotely configured on an iOS device using a Mobile Email Policy, then the prompt to enter the email account password might not be displayed.
Workaround: Manually specify the password by navigating to the Settings menu on the device.
On a managed device, when cache is cleared and the device is restarted, the agent reads server URLs from the initial-web-service file. If the server URL contains a host name which resolves to an IPv6 address, then the SSL host name verification fails. Hence, the older agents might not be registered.
Workaround: Manually add the IPv4-based URL to the initial-web-service file and then refresh the older agent.
Registering an older agent using an IPv6 address of ZENworks server may succeed, however, some agent features might not work as expected.
Workaround: Unregister the agent, and then register it using an IPv4 address of the ZENworks server. Avoid registering older agents using an IPv6 address.
If you create a ZECP policy to hide the ZENworks tray icon and then you assign the policy to a device, when you reboot the device, ZAPP is launched automatically.
Workaround: Delete the ZAPP registry key:
Open the Registry Editor.
Go to
For 32-bit: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
For 64-bit: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Delete the ZAPP registry key.
On a Windows device, the ZENworks Agent cannot connect with open source viewers such as RealVNC, TightVNC and UltraVNC using an IPv6 address.
Workaround: To manage Windows devices using IPv6 addresses, use IPv6 compatible open source VNC viewers. Open source VNC viewers can be used to communicate with managed devices using IPv4 addresses.
When you take an image of an RHEL 7 device with SELinux enabled, the device boots in the maintenance mode after restoring the image.
Workaround: Before taking the image, disable SELINUX:
Go to the /etc/selinux folder.
In the config file, set the SELINUX value as disabled.
Restart the device.
When you assign the MDT Deployment bundle to re-install the operating system on a device that already has an operating system, it results in an infinite loop. On PXE boot, the device picks up the same MDT bundle every time. This issue occurs because the Microsoft Deployment Toolkit (MDT) wipes out the ZENworks Image Safe Data (ZISD) when preparing the disk to re-install the operating system on the device. Hence, the Imaging Server does not know the status of the imaging work assigned to the device and it is never cleared.
Workaround: Perform either of the following methods:
Customize the corresponding MDT Deployment Share which the MDT WIM uploaded in the bundle contacts on booting. Use the ISDTool.exe to clear the MBR:
Download the 32-bit ISDTool.exe from the ZENworks Download page (https://zenworks_server_IP_address:port/zenworks-setup) under Imaging Tools. Place it in the MDT Deployment Share under the /Tools/x86 folder.
Download the 64-bit ISDTool.exe from the ZENworks Download page (https://zenworks_server_IP_address:port/zenworks-setup) under Imaging Tools. Place it in the MDT Deployment Share under the /Tools/x64 folder.
Open the ZTIDiskpart.wsf script file present in the MDT Deployment Share under the Scripts folder and insert the following lines just above the Open an instance for diskpart.exe, and dynamically pipe the commands to the program line:
Dim sampCmd Dim aScriptDir Dim aArchitecture aScriptDir = oFSO.GetParentFolderName(WScript.ScriptFullName) aArchitecture = oEnvironment.Item("Architecture") sampCmd = aScriptDir & "\..\tools\" & aArchitecture & "\ISDTool.exe mdt cleandisk " & iDiskIndex oShell.Exec(sampCmd)
When the device boots the MDT WIM and contacts the above customized MDT Deployment Share, the script prevents MDT from wiping out the ZISD data,
Clear the MBR using an Imaging Script Preboot bundle before applying the MDT Deployment bundle on the device:
Create an Imaging Script Preboot bundle in ZENworks. Add the following command as the Script Text:
dd if=/dev/zero of=/dev/sdX count=1 bs=512
Where /dev/sdX is the disk; X can be a value such as a, b or c.
Apply the Imaging Script Preboot bundle on the device.
Apply the required MDT Deployment bundle on the device.
IMPORTANT:Exercise extreme caution when using this option. The above dd command clears the MBR. After running this command, the operating system will not boot. Hence, the command should be run only before re-installing the operating system on the device.
When you restore an image of a Windows device with Windows 10 Creator update using the Legacy NTFS driver, the restored device might not boot the operating system.
Workaround: Perform any one of the following:
Take and restore an image of a device using Tuxera driver.
Take and restore an image of a device in .zmg format using WinPE
When you open the Terminal and File Explorer tile in ZENworks Appliance using an IPv6 address, a blank page is displayed in the Internet Explorer 11 browser.
Workaround: Open the ZENworks Appliance using literal IPv6 addresses in UNC path names.
For example, 2001:db8::ff00:42:8329 can be written as 2001:db8::ff00:42:8329.ipv6-literal.net
If you have applied the April 2019 Appliance Security Patches and then you try to upgrade a ZENworks 17.x appliance to a later version, some of the symbolic links (symlinks) such as /opt/novell/zenworks/lib32 and /opt/novell/zenworks/lib64 are replaced by new folders and hence the update fails.
Workaround: Apply the FTF that is available in bug 1134324 and then run the update again.
This Readme lists the issues specific to ZENworks 2017 Update 1 release. For all other ZENworks 2017 documentation, see the ZENworks 2017 documentation website.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.novell.com/company/legal/.
Copyright © 2017 Micro Focus Software Inc. All Rights Reserved.