2.2 Replacing an Existing Primary Server with a New Primary Server

NOTE:Replacing a Windows Server with an Appliance Server is not supported. However, a Linux server can be replaced with an Appliance Server.

If you have only one Primary Server in the Management Zone and if you want to replace the device hosting the Primary Server with a new device that has the same host name and IP address as the old device, you must move the Primary Server to the new device.

Ensure that the version on the new server and the existing Primary Server is ZENworks 2020 Update 1.

Ensure that the following settings are the same as that of the old Primary Server:

IP address and DNS name, Total RAM, Installation drive and path, ZENworks Ports, Management Zone name, Database Names (for both ZENworks and Audit Databases)

For MDM features like Mobile device communication, Apple VPP and Android Enterprise Subscription, Push Notification Services, etc. to work seamlessly after ZENWorks Server restore, it is mandatory that the new ZENworks Server’s hostname and IP must be the same as that of the backed up ZENworks Server; and the hostname must be resolvable to the IP address configured.

NOTE:If you want to replace more than one Primary Server, you need to install the same number of servers and replace each server on a one to one basis, either simultaneously or sequentially. For faster deployment, all servers can be deployed to a single temporary zone.

IMPORTANT:

  • If you have two Primary Servers (PS1 and PS2) in the zone and both are configured as MDM Servers, then if PS1 is removed/deleted, then all the mobile devices enrolled to PS1 should be re-enrolled to PS2.

  • If you are replacing a Primary Server (PS1) with another Primary Server (DR1) with the same DNS name. If PS1 is configured as an MDM server, then even DR1 becomes an MDM server, as DR1 is equivalent to PS1. Hence, all mobile devices enrolled to PS1 work seamlessly with DR1.

  1. Take a reliable backup of the existing ZENworks Server.

    For detailed information on how to take a backup of the ZENworks Server, see Section 1.0, Backing Up and Restoring the ZENworks Server and Certificate Authority.

  2. Take a backup of the novell-tftp.conf and novell-proxydhcp.conf files from /etc/opt/novell on Linux and ZENWORKS_HOME\conf\preboot on Windows.

  3. (Conditional) Take a reliable backup of the certificate authority of the Primary Server.

    For detailed information on how to take a backup of the certificate authority, see Section 1.3, Backing Up the Certificate Authority.

    During the ZENworks Server backup, certificates are backed up for Primary Servers having an internal Certificate Authority and the same network identity (IP, FQDN, and Cert). Also, during the ZENworks Server restore, the Certificate Authority is restored.

  4. (Conditional) If Zookeeper is enabled, take a backup of the ZooKeeper folder available at /var/opt/novell/zenworks/zookeeper.

  5. (Conditional) If Kafka is enabled, then take a backup of the following files:

    • Kafka-data available at /var/opt/novell/zenworks/kafka-data.

    • zenCaCertStore and zenCacertConfig.xml available at /etc/opt/novell/zenworks/security.

    • (Conditional) If you have edited the connector-configs.xml or the stream-processor-config.xml available at /etc/opt/novell/zenworks, then take a backup of these files.

  6. (Conditional) If Vertica is enabled, then take a back up of the database files available at /vastorage/home/dbadmin/zenworks and the config file available at /opt/vertica/config/admintools.conf.

  7. (Conditional) Take a reliable backup of the database in any of the following scenarios:

    • You are using an internal ZENworks database.

    • You are using an external database installed on the device hosting the Primary Server and you do not plan to use the device after uninstalling the Primary Server.

    For detailed information on how to take a backup of an internal database, see the Backing up an Embedded PostgreSQL Database on One Primary Server and Restoring it on another Primary Server in the ZENworks Database Management Reference.

    To take a backup of an external database, see the documentation for the database.

  8. Stop all the ZENworks services on the Primary Server.

    For detailed information on how to stop the ZENworks services on Windows, see Stopping the ZENworks Services in the ZENworks Primary Server and Satellite Reference. For detailed information on how to stop the ZENworks services on Linux, see Stopping the ZENworks Services in the ZENworks Primary Server and Satellite Reference.

  9. Take a reliable backup of the content-repo directory of the Primary Server.

    The content-repo directory is located by default in the directory on Windows and in the /var/opt/novell/zenworks/ on Linux.

    Ensure that the images directory located within the content-repo directory has been successfully backed up.

  10. (Optional) If there are any TFTP customizations related to imaging, then back up the TFTP files. The tftp directory is located in the /srv/ folder on Linux and in %ZENWORKS_HOME%\share\ on Windows.

  11. Disconnect the device from the network.

  12. To restore on a new Primary Server, ensure that the total RAM allocated in the new Primary Server is the same as that in the existing Primary Server. For a Primary Server hosted in the virtual environment, you need to reserve the allocated memory.

  13. Install ZENworks 2020 on the new server with the following settings that are same as that of the old Primary Server:

    • Installation drive and path.

    • ZENworks Ports

    • Management Zone name

    For detailed information on how to install ZENworks, see Installing a ZENworks Primary Server on Windows in the ZENworks Server Installation.

    NOTE:Install the new server to a temporary zone and not to the existing production zone.

    The new server can be installed with any database engine (preferably the same database engine as that in the production zone, that is, if the production zone is using MSSQL, then install the new server with MSSQL in the temporary zone). After the existing Primary Server is replaced with the new server, the new server will start using the actual database in the production zone.

  14. Do the following on the new Primary Server:

    1. Restore the backed-up ZENworks Server.

      For detailed information on how to restore the ZENworks Server, see Section 1.0, Backing Up and Restoring the ZENworks Server and Certificate Authority.

    2. Restore the files and , which were backed up in Step 2, to on Linux and on Windows.

    3. Run the following commands on ZENworks server, after restoring the backed-up ZENworks Server:

    4. (Conditional) Restore the backed-up database.

      For detailed information on how to take a backup of an internal database, see the Backing up an Embedded PostgreSQL Database on One Primary Server and Restoring it on another Primary Server in the ZENworks Database Management Reference.

    5. (Conditional) If you are restoring on a Linux server, then go to /usr/lib64 and execute the ln -s libhd.so.21 libhd.so.15 command.

    6. (Conditional) Restore the backed up ZooKeeper folder at /var/opt/novell/zenworks/zookeeper and ensure that the permission of this folder is set to ZENworks.

    7. (Conditional) To restore Vertica in the new server, perform the following steps:

      1. Run the following command and provide GUID, DNS, or the path of the new server:

        zman server-role-vertica-prepare-server
      2. Run the command su dbadmin to switch user to dbadmin.

      3. Install Vertica on the new server by executing the following commands:

        • sudo /opt/vertica/sbin/install_vertica --record-config vertica-install.conf --license CE --accept-eula --dba-user-password <dbadmin_password> --hosts <DNS-of-machine> -l /vastorage/home/dbadmin --failure-threshold FAIL
        • sudo /opt/vertica/sbin/install_vertica --config-file vertica-install.conf
      4. Restore the backed up database files to the path /vastorage/home/dbadmin/zenworks and the config file to the path /opt/vertica/config/admintools.conf. Ensure that the permission of these files are set to dbadmin:verticadba.

      5. Run the following command:

        ssh-keygen -R <ip of replacing host> -f /vastorage//home/dbadmin/.ssh/known_hosts
      6. (Conditional) If Vertica is running as a cluster, enable passwordless ssh amongst the other servers in the zone by running the command ssh-copy-id dbadmin@<ip of the machine that we are replacing> from another Vertica server in the cluster. Subsequently, stop the Vertica service on all other servers in the Vertica cluster and go to , to start the database from any other server in the cluster.

      7. (Conditional) If the IP address of the new server is different from that of the older server, then run the following command in the older server.

        1. Login as dbadmin (su dbadmin)

        2. Run the following command where the content of the ip.txt file should be <old ip> <new ip>:

          admintools -t re_ip -f /tmp/ip.txt
      8. Run the following command and wait for the database to start:

        admintools -t start_db –d zenworks
    8. If kafka is configured, enable kafka services by running the following command: systemctl enable <Kafka Service Name>;

      Kafka Service Name

      • microfocus-zenkafka.service

      • microfocus-zenkafka-schema-registry.service

      • microfocus-zenkafka-connect.service

    9. If you are restoring on a Linux server, run the following:

      1. novell-zenworks-configure -c MergeTruststore -Z

      2. novell-zenworks-configure -c EnableJMX

      3. novell-zenworks-configure -c ZenProbe

      4. novell-zenworks-configure -c Start. Select the restart option to restart the services.

      1. microfocus-zenworks-configure -c MergeTruststore -Z

        (Conditional) If microfocus-zenworks-configure -c MergeTruststore -Z is executed on a Linux server, run the microfocus-zenworks-configure -c UpdateTrustStorePasswordConfigureAction command, and then run the permission.sh file available at /opt/microfocus/zenworks/bin/.

      2. microfocus-zenworks-configure -c UpdateTrustStorePasswordConfigureAction

      3. microfocus-zenworks-configure -c GenerateOSPProperties

      4. microfocus-zenworks-configure -c UpdateJMXOptions

      5. microfocus-zenworks-configure -c EnableJMX

      6. microfocus-zenworks-configure -c ZenProbe

      7. Run the permissions.sh file available at /opt/microfocus/zenworks/bin/.

      8. microfocus-zenworks-configure -c Start: Select the restart option to restart the services.

    10. If you are restoring on a Windows Server, run the following:

      1. microfocus-zenworks-configure -c MergeTruststore -Z

      2. microfocus-zenworks-configure -c EnableJMX

      3. microfocus-zenworks-configure -c GenerateOSPProperties

      4. microfocus-zenworks-configure -c ZenProbe

      5. microfocus-zenworks-configure -c Start: Select the restart option to restart the services.

    11. (Conditional) If ZCC (on the new server) Diagnostics fails to connect, then execute the following commands in the order listed below:

      1. novell-zenworks-configure -c MergeTruststore -Z

      2. novell-zenworks-configure -c EnableJMX

      3. novell-zenworks-configure -c ZenProbe

      4. novell-zenworks-configure -c Start. Select the restart option to restart the services.

    12. Re-create all the default and custom deployment packages.

      Default Deployment Packages: At the server’s command prompt, enter the following command:

      novell-zenworks-configure -c CreateExtractorPacks -Z

      microfocus-zenworks-configure -c CreateExtractorPacks -Z

      IMPORTANT:Ensure that you do not run the zman surp command instead of novell-zenworks-configure -Z -c CreateExtractorPacksConfigureAction to rebuild deployment packages. The command novell-zenworks-configure -Z -c CreateExtractorPacksConfigureAction uses a different method to rebuild deployment packages. For more information, see Rebuilding the Default Packages in ZENworks Discovery, Deployment, and Retirement Reference.

      IMPORTANT:Ensure that you do not run the zman surp command instead of microfocus-zenworks-configure -Z -c CreateExtractorPacksConfigureAction to rebuild deployment packages. The commandmicrofocus-zenworks-configure -Z -c CreateExtractorPacksConfigureAction uses a different method to rebuild deployment packages. For more information, see Rebuilding the Default Packages in ZENworks Discovery, Deployment, and Retirement Reference.

      Custom Deployment Packages: At the server’s command prompt, enter the following command:

      novell-zenworks-configure -c RebuildCustomPacks -Z

      To avoid any errors while running this command, ensure that the custom packages are available in the new server at the following locations before you run the command:

      For Linux: /opt/novell/zenworks/install/downloads/custom

      For Windows: %zenworks_home%\install\downloads\custom

    13. Copy all the contents of the backed-up content-repo directory to the %ZENWORKS_HOME%\work\ directory on Windows or to the/var/opt/novell/zenworks/ /var/opt/microfocus/zenworks/ directory on Linux. If you have any issues in copying content-repo directory in Linux then run permissions.sh command.

      (Optional) Also, copy the backed-up TFTP files to the second Primary Server. The tftp directory is located in the folder /srv/ on Linux and in the folder %ZENWORKS_HOME%\share\ on Windows.

    14. Run permissions.sh command.

    15. (Conditional) If Antimalware is configured, run the following configure actions:

      • microfocus-zenworks-configure -c ZENServicesFirewallConfigureAction -Dservice=antimalware -Doperation=ADD

      • microfocus-zenworks-configure -c AntimalwareServiceConfigureAction -Dam.service.action=start

  15. (Conditional) Execute the zac zesm-ref command to reset the ZENworks Endpoint Security Management cache on the managed devices.

  16. Ensure that the new server is running correctly. Subsequently, uninstall ZENworks 2020 from the old device. For detailed information on how to uninstall ZENworks 2020, see ZENworks Uninstall Guide.

WARNING:After the new Primary Server starts running, you must disconnect the old Primary Server from the network and uninstall ZENworks, or disable ZENworks services so that it cannot register back to the zone.