ZENworks 11 SP2 (11.2.4) Readme

October 2013

The information in this Readme pertains to the update for Novell ZENworks 11 SP2 (11.2.4).

1.0 Important Reasons to Update to ZENworks 11.2.4

Configuration Management

  • Support for Firefox 19.x to 22.x is introduced in this release.

Endpoint Security Management

  • The Data Encryption policy is supported on Windows 8 devices.

  • Policy handling has been enhanced to ensure policy enforcement on device startup. In previous versions, Endpoint Security policies could randomly fail on device startup because of timing issues related to Windows operations and CPU speeds that affect how soon the ZESService module is started. In 11.2.4, a caching mechanism has been added to enforce the Endpoint Security policies until the ZESService module starts and enforces the current Endpoint Security policies.

Full Disk Encryption

  • The Disk Encryption policy is supported on Windows 8 devices that use standard BIOS. Windows 8 devices that use UEFI are not supported.

  • Policy handling has been enhanced to ensure policy enforcement on device startup. In previous versions, the Disk Encryption policy could randomly fail on device startup because of timing issues related to Windows internals and CPU speeds that affect how soon the ZESService module is started. In 11.2.4, a caching mechanism has been added to persist the previously enforced Disk Encryption policy until the ZESService module starts and enforces the current policy.

Imaging

  • Imaging of Windows 8 hardware with UEFI firmware and Secure boot has been introduced.

  • WADK Imaging update is included to support Windows 8 hardware.

2.0 Planning to Deploy ZENworks 11.2.4

Use the following guidelines to plan for the deployment of ZENworks 11.2.4 in your Management Zone:

  • Prior to installing the System Update, ensure that you have adequate free disk space in the following locations:

    Location

    Description

    Disk Space

    Windows: %zenworks_home%\install\downloads

    Linux: opt/novell/zenworks/install/downloads

    In the Downloads folder to maintain agent packages.

    3 GB

    Windows: %zenworks_home%\work\content-repo

    Linux: /var/opt/novell/zenworks/content-repo

    In the content-repo folder to import the zip file to the content system.

    3 GB

    Agent Cache

    To download the applicable System Update contents that are required to update the ZENworks server.

    1.5 GB

    Location where the System Update file is copied.

    NOTE:This is only applicable for the ZENworks Server that is used to import the System Update zip file.

    To store the downloaded System Update zip file.

    3 GB

  • You must deploy ZENworks 11.2.4 first to the Primary Servers, then to Satellites, and finally to managed devices. Do not deploy this update to managed devices and Satellites (or deploy new 11.2.4 Agents in the zone) until all Primary Servers in the zone have been upgraded to 11.2.4.

    NOTE:Agents might receive inconsistent data from the zone until all Primary Servers are upgraded. Hence, this part of the process should take place in as short a time as possible ideally, within a few minutes of each other.

  • You can directly deploy ZENworks 11.2.4 to managed devices in the Zone only if the managed devices have been upgraded to ZENworks 10.3.0 or later.

    The system reboots once after you upgrade to ZENworks 11.2.4. However, a double reboot will be required in the following scenarios:

    Table 1 Double Reboot Scenarios

    Scenario

    ZENworks Endpoint Security

    Full Disk Encryption

    Location Services

    Client Self Defence

    Upgrade from 10.x to 11.2.4

    Disabled

    Disabled

    Lite

    Enabled

    Fresh Install of 11.2.4

    Disabled

    Disabled

    Lite

    Enabled

    Fresh Install of 11.2.4

    Disabled

    Disabled

    Full

    Enabled

    Fresh Install of 11.2.4

    Disabled

    Disabled

    Full

    Disabled

    IMPORTANT:: All Primary Servers or Satellites running previously supported versions prior to 11.2.0 should first be upgraded to ZENworks 11.2.0 before deploying the ZENworks 11.2.4 update.

Table 2 ZENworks Cumulative Agent Update to 11.2.4: Supported Paths

Managed Device Type

Operating System

Supported Versions

Unsupported Versions

Primary Server

Windows/Linux

v11.2 and later versions

Any version prior to 11.2

Satellite Server

Windows/Linux/Mac

v11.2 and later versions

Any version prior to 11.2

Managed Device

Windows

v10.3.0 and later versions

Any version prior to 10.3

Linux

v11.0 and later versions

NA

Mac

v11.2 and later versions

NA

3.0 Downloading and Deploying ZENworks 11.2.4

For instructions on downloading the update, see the ZCM 11.2.4 upgrade manual import file. To deploy ZENworks 11.2.4 as an update, see the ZENworks 11 System Updates Reference.

NOTE:The system update is not available via the Novell Customer Center (NCC) server due to issues related with the file size. For more information, see TID 7010390 in the Novell Support Knowledgebase. You need to download the update from Novell Patch Finder.

For information on how to install ZENworks 11 SP2, refer to the ZENworks 11 SP2 Upgrade Guide.

For administrative tasks, see the Novell ZENworks documentation Web site.

IMPORTANT:Ensure that you read Section 2.0, Planning to Deploy ZENworks 11.2.4 before you download and deploy the 11.2.4 update.

After you download the ZENworks_11.2.4_Update.zip file, we strongly recommend that you compare the MD5 checksum for the file with the one shown on the Downloads page before you deploy the update.

Refer to the following table to understand the different supported versions for a ZENworks update:

Table 3 ZENworks Support Matrix

Managed Device

Satellite Servers

Primary Servers

v10.2.2

v10.2.2, v10.3, v10.3.1, v10.3.2, v10.3.3, v10.3.4, v11.0, v11.1, v11.2, v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4

v11.2.4

v10.3

v10.3, v10.3.1, v10.3.2, v10.3.3, v10.3.4, v11.0, v11.1, v11.2, v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4

v11.2.4

v10.3.1

v10.3.1, v10.3.2, v10.3.3, v10.3.4, v11.0, v11.1, v11.2,v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4

v11.2.4

v10.3.2

v10.3.2, v10.3.3, v10.3.4, v11.0, v11.1, v11.2, v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4

v11.2.4

v10.3.3

v10.3.3, v10.3.4, v11.0, v11.1, v11.2, v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4

v11.2.4

v10.3.4

v10.3.4, v11.0, v11.1, v11.2,v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4

v11.2.4

v11.0

v11.0, v11.1, v11.2, v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4

v11.2.4

v11.1

v11.1, v11.2,v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4

v11.2.4

v11.2

v11.2, v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4

v11.2.4

v11.2 MU1

v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4

v11.2.4

v11.2 MU2

v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4

v11.2.4

v11.2.1

v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4

v11.2.4

v11.2.1 MU1

v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4

v11.2.4

v11.2.1 MU2

v11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4

v11.2.4

v11.2.2

v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4

v11.2.4

v11.2.2 MU1

v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4

v11.2.4

v11.2.2 MU2

v11.2.2 MU2, v11.2.3a, v11.2.4

v11.2.4

v11.2.3a MU1

v11.2.3a MU1, v11.2.3a, v11.2.4

v11.2.4

v11.2.4

v11.2.3a MU1, v11.2.3a, v11.2.4

v11.2.4

4.0 What’s New

ZENworks 11.2.4 includes the following new or enhanced features:

4.1 Support for New Platforms

In ZENworks 11.2.4, support for the following new platforms has been tested:

  • SLES 11 SP3 and SLED 11 SP3

  • RHEL 6.4 (server and managed device)

  • Mac 10.8.3 and 10.8.4

  • Mac 10.8.5 (not extensively tested)

  • SLES 11 SP3 for VMware

4.2 Administration Browser Support

  • Support for Firefox 19.x to 22.x versions added in this release.

    NOTE:ZENworks 11.2.4 supports Firefox 17.x to 22.x and Firefox ESR 17.x. Firefox versions below 17.x are not supported.

4.3 Support for New Novell Client

  • Novell Client 2 SP3 IR2

5.0 Issues Resolved by Version 11.2.4

Some of the issues identified in the initial version of ZENworks 11.2 have been resolved with this release. For a list of the resolved issues, see TID 7012027 in the Novell Support Knowledgebase.

6.0 Continuing Issues in ZENworks 11.2.4

Some of the issues that were discovered in the original shipping version of ZENworks 11 SP2 have not yet been resolved. For continuing issues, review the following Readmes:

The Readmes have been updated to indicate which issues are fixed by version 11.2.4.

7.0 Known Issues in Version 11.2.4

ZENworks 11.2.4 includes the following known issues:

7.1 System Upgrade Issue

7.1.1 Upgrading from Windows 7 to Windows 8 is not supported on devices that use Data Encryption or Disk Encryption policies

Upgrading a Windows 7 device to Windows 8 is not supported if the device has a ZENworks Endpoint Security Management Data Encryption policy or ZENworks Full Disk Encryption policy applied. The upgrade can place the device into an unknown state.

Workaround: Before upgrading the device to Windows 8, remove the Data Encryption and Disk Encryption policies from the device. Ensure that you give the device sufficient time to decrypt all encrypted files and volumes.

For information about removing a Data Encryption policy, see Removal Best Practices in the ZENworks 11 SP2 Endpoint Security Policies Reference.

For information about removing a Disk Encryption policy, see Removal Best Practices in the ZENworks 11 SP2 Full Disk Encryption Policy Reference.

7.1.2 System update progress is not visible on Windows 8 and Windows 2012 devices

When you perform a system update on a Windows 8 or Windows 2012 device, the system update progress is not displayed as a notification in the Start screen.

Workaround: None

7.1.3 System update might fail on a Windows 7 agent

A system update fails on a Windows 7 agent when both Full Disk Encryption (FDE) and ZENworks Endpoint Security Management (ZESM) are uninstalled from the server, and an agent update is initialized from 11.2.x to 11.2.4.

Workaround: None

7.1.4 System update fails on a Windows 2003 agent

A system update on a Windows 2003 agent, with default settings, fails when an agent update is initialized from 10.3.4 to 11.2.4.

Workaround: Assign the MS Hot Patch before assigning the system update to the Windows 2003 managed devices.

7.1.5 During the System Update the System Update hangs

On a Windows operating system where ZENworks Reporting Server (ZRS) is installed, it has been observed that the CMS.exe from ZRS consumes most of the CPU memory and causes the system update to hang.

Workaround: Stop BOE120MySQL and the Server Intelligence Agent (ZRS) services. After the system update is complete, restart the ZRS services and run the novell-zenworks-configure -c UpdateBOE command.

7.1.6 System Update fails with an MSI error

During the upgrade of a ZENworks agent to version 11.2.4, MSI packages might fail with an MSI error 1619. The following message is displayed:

This installation package could not be opened.

Workaround: Redeploy the System Update to the device.

For more information, see https://bugzilla.novell.com/index.cgiTID 7012125 in Novell Technical Support.

7.1.7 Unable to use the zman sui command to import the ZENworks 11.2.4 system update to a ZENworks Server, on an RHEL-5.x Server

On an RHEL-5.x server, if the size of the system update zip file is more than 2 GB, unzipping does not work, and you cannot import the system update by using the zman sui command.

Workaround: Perform the following steps:

  1. Navigate to the Red Hat vvitek directory.

  2. Install unzip-5.52-3.0.bz497482.el5_7.i386.rpm on the RHEL 5.x server.

  3. Run the rpm -Uvh unzip-5.52-3.0.bz497482.el5_7.i386.rpm command.

  4. Run the zman sui <zip file path> command.

7.1.8 A “ZESUser has stopped working" message is displayed during a system update to ZENworks 11.2.4

When you upgrade the ZENworks agent to version 11.2.4, a Windows popup message may appear, indicating that "ZESUser has stopped working".

Workaround. This issue can be safely ignored. For more information, see TID 7013422 in Novell Technical Support.

7.1.9 Update of the ZENworks agent to version 11.2.4 "hangs" at 38%

When you upgrade a 32-bit device to ZENworks 11.2.4, the system hangs at 38%.

Workaround. This is an expected behavior on some slower devices, and does not indicate that anything is wrong with the update. For more information, see TID 7013444 in Novell Technical Support.

7.2 Operational Issues

7.2.1 Endpoint Security Management

7.2.1.1 Location Awareness Lite is not enabled on existing devices

Prior to 11.2.3a, the Endpoint Security drivers were installed with the ZENworks Adaptive Agent even if ZENworks Endpoint Security Management was not licensed in the zone or configured for installation to devices. The drivers were installed to support the agent’s location awareness functionality.

Starting with 11.2.3a, the drivers are installed on new devices only if 1) full Location Awareness is being used, 2) agent Self Defense is enabled, or 3) ZENworks Endpoint Security Management is installed.

If you are upgrading a device to 11.2.4 from 11.2.2 (or an older version) and the device does not meet one of these three conditions, the Endpoint Security drivers are removed. Some of the drivers are removed after the first device reboot and the others are removed after the second. Until the second reboot occurs, the device does not use Location Awareness Lite mode.

7.2.2 Full Data Encryption

7.2.2.1 Encryption of Removable Storage Devices fails on Windows XP SP2 devices

On Windows XP SP2 (or older) devices that have been assigned a Data Encryption policy with removable storage device (RSD) encryption enabled, the RSDs are not encrypted upon insertion. Because they are not encrypted, the policy blocks them from being used. This happens because the encryption driver does not support Windows XP versions older than SP3.

Workaround: Upgrade the device’s operating system to Windows XP SP3.

For more information, see TID 7013144 in Novell Technical Support.

7.2.3 Patch Management

7.2.3.1 Patch Management Scanning requires more scan time

The improved Patch Management Scanning feature requires an additional 10 to 15 MB of content, and the scan time is increased by 2 to 5 minutes. This impacts all Windows versions, except Windows XP.

Workaround: None

7.2.4 Location

7.2.4.1 The Startup location is not effective on Windows 8 devices after Fast Boot

When a Windows 8 machine is shut down, Fast Boot is triggered by default. As a result, the ZENworks Agent does not boot into the configured startup location and comes up with Closest Server Rules of the last known location, which might not be reachable.

Workaround: Perform a full shut down on the device by running the shutdown /s /f /t 000 command. The ZENworks Agent boots into the configured startup location when it restarts.

7.2.4.2 Satellite device with a startup location defined does not replicate content after it is upgraded to ZENworks 11.2.4

A Satellite device has a startup location defined that does not have any Closest Server Rule. At the end of the startup period, the Satellite does not use the correct calculated location, and cannot replicate content.

Workaround: Configure the Satellite device to not use a startup location, and refresh or restart the device.

For more information, see TID 7011928 in Novell Technical Support.

7.2.4.3 Agent gets stuck in the Startup Location during upgrade

This issue occurs due to a probable corruption in the ZESM store.

Workaround: Do the following:

  1. Stop the agent service.

  2. Delete the content in the %zenworks_home%\cache folder.

  3. Start the agent service.

7.2.5 Login

7.2.5.1 Seamless login is not supported on Windows XP devices in a VMware VDI environment

Seamless login is supported on Windows 7 and Windows 8 but not on Windows XP managed devices in a VMware VDI environment.

Workaround: None

7.2.6 Installation

7.2.6.1 Install Snooze Permission Prompt options are not displayed in the Metro view of a Windows 8 device

When you create a deployment task for a Window 8 device, in the Metro view, the install prompt message is not displayed. The agent installation is triggered after the installation prompt times out, without any prior notification. When the permission prompt times out and the agent install starts, if you switch to the Classic view, the pre-agent install status icon also crashes and the agent installation status is not seen either in the Classic or the Metro view.

Workaround: None. The prompt is displayed if you are in the Windows 8 Classic view.

7.2.6.2 The bootcd_tntfs.iso file creation fails on RHEL Servers with the tntfs.zip file

When you upload the tntfs.zip file on ZENworks Server (11.2.4) and replicate it on all Primary and Satellite Servers, the bootcd_tntfs.iso file creation fails on RHEL devices. This is because the genisoimage RPM file is not installed on RHEL Servers.

Workaround: Install the latest genisoimage RPM (genisoimage-1.1.9-11.e16.x86_64.rpm) file on RHEL Servers.

7.2.6.3 In ZENworks Control Center, the Device Details Page Shows that the Device Cannot Be Reached when IPv6 is configured on the device

Workaround: Ensure that the IPv6 address is disabled on ZENworks Servers.

7.2.6.4 Unable to install the new add-on for ZENworks 11.2.4 with an IE browser

When you are installing the new add-on for ZENworks 11.2.4 with an IE browser, a pop-up that prompts to install the plug-in is displayed constantly with the following message:

An older version of ZENworks File Upload ActiveX control is installed.

Workaround: Ensure that the older add-on is deleted to allow the new plug-ins in the browser.

7.2.6.5 Agent uninstall fails on a Windows 7 SP1 64-bit device

Agent uninstall fails as there is an error during the unregistration process.

Workaround: Manually delete the device from the management zone, there are chances that the device is retained in the ZENworks Control Center even after the agent is uninstalled and rebooted.

7.2.7 Configuration Policies

7.2.7.1 In Windows group policy some of the Computer Configuration settings are not supported

In Windows group policy, the following Computer Configuration settings in Computer Configuration/Windows/Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies - Local Group Policy Object are not supported: Account Logon, Account Management, Detailed Tracking, DS Access, Logon/Logoff, Object Access, Policy Change, Privilege Use, System, and, Global Object Access Auditing. This issue is applicable for devices with operating system Windows 7 and above.

Workaround: None

7.2.7.2 A DLU policy, Windows Group policy, and Roaming Profile policy cannot be used on a device that has Citrix XenApp 6.5 installed

A Dynamic Local User (DLU) policy, Windows Group policy, and Roaming Profile policy cannot be used on a device that has Citrix XenApp 6.5 installed because when you launch the Citrix session through a browser, the Novell client login is not involved.

Workaround: None

7.2.8 Imaging

7.2.8.1 Imaging operations fail on an agent if there is a change in the DNS Host name or IP address of an Imaging Satellite Server

Workaround: Restart all Imaging services on the Satellite server before you perform any Imaging operation on the agent.

7.2.8.2 The Take Image operation by using the img command fails on a UEFI device

The Take Image operation fails on a Windows UEFI device if you use the img command and set the part parameter to the local partition. This occurs when you use a partition number greater than 4 and the Cannot read/write archive from inside extended partition message appears. The command is as follows:

img -ml imagename.zmg -P=partition number OR img -ml imagename.zmg -part=partition number

Workaround: Mount the partition on the folder manually and then execute the img -ml /folder_to store_image/imagename.zmg command.

8.0 Legal Notices

Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2013 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

For Novell trademarks, see the Novell Trademark and Service Mark list.

All third-party trademarks are the property of their respective owners.