Windows 8.1 Update for ZENworks (11 SP3) Readme

March 2014

The information in this Readme pertains to the Novell Windows 8.1 Update for ZENworks (11 SP3) release.

1.0 What’s New in Windows 8.1 Update for ZENworks (11 SP3)

This release includes the following:

  • Support for the following new platforms as Satellite Server and managed devices has been tested:

    • Microsoft Windows 8.1 Enterprise

    • Microsoft Windows 8.1 Pro

    • Microsoft Windows Embedded 8.1 Industry Pro

  • Support for Firefox versions 26.0 and 27.0 (including any patches) on Windows and Linux devices.

2.0 Planning to Deploy Windows 8.1 Update for ZENworks (11 SP3)

Use the following guidelines to plan for the upgrade to ZENworks 11 SP3 in your Management Zone:

  • You must first upgrade the Primary Servers, then update the Satellite Servers, and finally the managed devices to ZENworks 11 SP3. Do not upgrade the managed devices and Satellite Servers (or add new 11 SP3 Agents in the zone) until all Primary Servers in the zone have been upgraded to 11SP3.

    NOTE:Agents might receive inconsistent data from the zone until all Primary Servers are upgraded. Therefore, this part of the process should take place in as short a time as possible - ideally, immediately after the first Primary Server is upgraded.

  • If the managed devices have been updated to ZENworks 10.3.4 or later, you can directly update the managed devices in the zone to ZENworks 11 SP3.

    The system reboots once after you upgrade to ZENworks 11 SP3. However, a double reboot will be required in the following scenarios:

    Table 1 Double Reboot Scenarios

    Scenario

    ZENworks Endpoint Security

    Full Disk Encryption

    Location Services

    Client Self Defense

    Upgrade from 10.3.4 to 11 SP3

    Disabled

    Disabled

    Lite

    Enabled

    Fresh Install of 11 SP3

    Disabled

    Disabled

    Lite

    Enabled

    Fresh Install of 11 SP3

    Disabled

    Disabled

    Full

    Enabled

    IMPORTANT:All Primary Servers running ZENworks 11.1.0a or earlier should first be upgraded to ZENworks 11.2.0 before upgrading them to ZENworks 11.3. Satellite Servers and managed devices should be updated to 10.3.4 before updating them to ZENworks 11 SP3.

Table 2 ZENworks Cumulative Agent Update for ZENworks (11 SP3): Supported Paths

Device Type

Operating System

Supported Versions

Unsupported Versions

Primary Server

Windows/Linux

v11.3

Any version prior to 11.3

Satellite Server

Windows

v10.3.4 and later versions

Any version prior to 10.3.4

 

Linux

v10.3.4 and later versions

Any version prior to 10.3.4

 

Mac

v11.2.0 and later versions

Any version prior to 11.2.0

Managed Device

Windows

v10.3.4 and later versions

Any version prior to 10.3.4

Linux

v11.0 and later versions

NA

Mac

v11.2 and later versions

NA

For information on how to upgrade to ZENworks 11 SP3, refer to the ZENworks 11 SP3 Upgrade Guide..

3.0 Downloading and Deploying the Windows 8.1 Update for ZENworks (11 SP3)

For instructions on downloading the update, see the ZCM 11.2.4 upgrade manual import file. To deploy Windows 8.1 Update for ZENworks (11 SP3) as an update, see the ZENworks 11 SP3 System Updates Reference.

The system update is available via the Novell Customer Center (NCC) serverhttp://download.novell.com/patch/finder/#familyId=18962&productId=51205 for more information see, Downloading Updates in the ZENworks 11 SP3 System Updates Reference.

For administrative tasks, see the Novell ZENworks documentation Web site.

After you download the ZENworks_11.3.0_Windows8.1_Update.zip file, we strongly recommend that you compare the MD5 checksum for the file with the one shown on the Downloads page before you deploy the update.

Refer to the following table to understand the different supported versions for a Windows 8.1 Update for ZENworks (11 SP3):

Table 3 ZENworks Support Matrix

Managed Device

Satellite Servers

Primary Servers

v10.3.4

v10.3.4, v11.0, v11.1, v11.2,v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4, v11.2.4 MU1,v11.3.0, v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

v11.0

v11.0, v11.1, v11.2, v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4, v11.2.4 MU1,v11.3.0, v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

v11.1

v11.1, v11.2,v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4,v11.2.4 MU1,v11.3.0, v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

v11.2

v11.2, v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4,v11.2.4 MU1,v11.3.0, v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

v11.2 MU1

v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4,v11.2.4 MU1,v11.3.0, v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

v11.2 MU2

v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4,v11.2.4 MU1,v11.3.0, v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

v11.2.1

v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4,v11.2.4 MU1,v11.3.0, v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

v11.2.1 MU1

v11.2.1 MU1, v 11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4,v11.2.4 MU1,v11.3.0, v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

v11.2.1 MU2

v11.2.1 MU2, v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4,v11.2.4 MU1,v11.3.0,v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

v11.2.2

v11.2.2, v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4,v11.2.4 MU1,v11.3.0, v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

v11.2.2 MU1

v11.2.2 MU1, v11.2.2 MU2, v11.2.3a, v11.2.3a MU1, v11.2.4,v11.2.4 MU1,v11.3.0, v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

v11.2.2 MU2

v11.2.2 MU2, v11.2.3a, v11.2.4,v11.2.4 MU1,v11.3.0, v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

v11.2.3

v11.2.3, v11.2.3a, v11.2.3a MU1, v11.2.4,v11.2.4 MU1,v11.3.0, v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

v11.2.3a MU1

v11.2.3a MU1, v11.2.3a, v11.2.4,v11.2.4 MU1,v11.3.0, v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

v11.2.4

v11.2.4,v11.2.4 MU1,v11.3.0, v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

v11.2.4 MU1

v11.2.4 MU1,v11.3.0, v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

v11.3.0

v11.3.0, v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

v11.3.0 Windows 8.1 Update

4.0 Known Issues in Windows 8.1 Update for ZENworks (11 SP3)

This section contains information about issues that might occur while you work with Windows 8.1 Update for ZENworks (11 SP3):

4.1 System Update status is not accessible in ZENworks Control Center

While updating a server from ZENworks 11 SP3 to Windows 8.1 Update for ZENworks (11 SP3), during the Pre-global actions phase, the System Update deployment status is not accessible through ZENworks Control Center. This is because the ZENServer and ZENLoader services on this Primary Server are stopped during the Pre-global actions phase.

Workaround: Allow the Pre-global actions phase to complete, and then re-log into ZENworks Control Center. The progress of the Pre-global actions can be monitored using the loader-messages.log file.

4.2 Picture Password and Smart Card authentication will not work when the operating system is upgraded from Windows 8 to Windows 8.1

After a machine is updated to Windows 8.1 Update for ZENworks (11 SP3), if you perform an operating system upgrade from Windows 8 to Windows 8.1, it will impact the behavior of Picture Password and Smart Card authentication.

Workaround: After the operating system is upgraded, ensure that the registry keys listed in the TID 7014805 are present in the device with the specified settings. If the registry keys are not present, add them.

4.3 Operating system upgrades are not supported on devices using Endpoint Security, Full Disk Encryption, Location Awareness, or Agent Self Defense

Upgrading the Windows operating system is not supported on a device that meets any of the following conditions:

  • Endpoint Security is installed.

  • Full Disk Encryption is installed.

  • Location Awareness (full) is enabled.

  • Agent Self Defense is enabled.

Specifically, the following operating system upgrades are not supported:

  • Windows XP to Windows Vista, Windows 7, Windows 8, or Windows 8.1

  • Windows Vista to Windows 7, Windows 8, or Windows 8.1

  • Windows 7 to Windows 8 or Windows 8.1

  • Windows 8 to Windows 8.1

Updating an operating system version to a service pack of the same version (for example, Windows 7 to Windows 7 SP1) is supported, with the exception of Window 8 to Windows 8.1.

Workaround: To successfully upgrade the operating system of a device that meets any of the conditions listed above, do the following:

  1. Remove the Endpoint Security policies and Full Disk Encryption policy from the device.

    If a Data Encryption policy or Disk Encryption policy was applied to the device, ensure that you give the device sufficient time to decrypt all encrypted files and volumes.

    For information about removing Endpoint Security policies, see Removal Best Practices in the ZENworks 11 SP3 Endpoint Security Policies Reference.

    For information about removing a Full Disk Encryption policy, see Removal Best Practices in the ZENworks 11 SP3 Full Disk Encryption Policy Reference.

  2. Uninstall Endpoint Security and Full Disk Encryption from the device.

    For information about uninstalling Endpoint Security, see Enabling and Disabling the Endpoint Security Agent in the ZENworks 11 SP3 Endpoint Security Agent Reference.

    For information about uninstalling Full Disk Encryption, see Uninstalling the Full Disk Encryption Agent in the ZENworks 11 SP3 Full Disk Encryption Agent Reference.

  3. Change the Location Awareness mode to Location Awareness Lite for the device.

    For information, see Configuring the Location Awareness Mode in the ZENworks 11 SP3 Location Awareness Reference.

  4. Disable Agent Self Defense for the device.

    For information, see Configuring the Agent Security in the ZENworks 11 SP3 Discovery, Deployment, and Retirement Reference.

  5. Reboot the device.

  6. Upgrade the device operating system.

  7. Reinstall Endpoint Security and Full Disk Encryption to the device and reapply the policies.

  8. Change the Location Awareness mode to Location Awareness.

  9. Enable Agent Self Defense.

4.4 Limited support for Full Disk Encryption pre-boot authentication on Windows 8.1 32-bit devices

ZENworks Full Disk Encryption provides limited pre-boot authentication (PBA) support for Windows 8.1 32-bit devices. In some cases, the soft reboot from the PBA to the Windows operating system fails, causing the device to become unbootable.

We strongly recommend testing deployment on all target device models before deploying to any production devices. If pre-boot authentication fails on a device, you can try the modification explained below. If the modification does not work, the device is not supported at this time.

Modification: Edit the DMI file in the Disk Encryption policy to add a hardware configuration entry for the specific device. Include the following parameter in the entry: KERNEL_PARAM=pci=snb-enable-ahci-to-legacy. Reapply the policy to the device.

For more information about modifying the DMI file, see Configure Pre-Boot Authentication - Hardware Compatibility in the ZENworks 11 SP3 Full Disk Encryption Policy Reference.

4.5 Lenovo Tablet PCs with Windows 8 or Windows 8.1 operating systems may crash after the agent installation

Lenovo Tablet PCs that have Windows 8 or Windows 8.1 operating systems may crash while trying to register to the Management Zone after the agent installation.

IMPORTANT:We strongly recommend to test the deployment on all target device models before deploying to any production devices.

Workaround: None

5.0 Legal Notices

Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the Novell International Trade Services web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2014 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

For Novell trademarks, see the Novell Trademark and Service Mark list.

All third-party trademarks are the property of their respective owners.