3.2 Changing the DNS Name or the IP Address and DNS Name of a Primary Server after Installing ZENworks 11 SP3

If you want to change only the DNS name or if you want to change both the IP address and DNS name of the Primary Server after installing ZENworks 11 SP3, and if the certificate’s CN has fully qualified DNS configured, use the following steps to change only the DNS name or to change both the IP address and DNS name of the Primary Server.

NOTE:This scenario has been tested only on the Windows Primary Server and the embedded Sybase database. In this setup, the DNS and DHCP servers are configured on the same device.

The following two scenarios are supported:

3.2.1 Scenario for a zone configured with external certificate

  1. Take a reliable backup of the following on all the Primary Servers in the Management Zone:

  2. Create a certificate signing request (CSR) by providing the host name of the Primary Server as the subject.

    For more information on how to create a CSR, for Windows, see Creating an External Certificate and for Linux, see Creating an External Certificate.

  3. At the console prompt of a Primary Server, run the following command:

    zman sacert Path_of_the_Primary_Server_in_ZENworks_Control_Center Path_of_Primary_Server_Certificate

    For more information about zman, view the zman man page (man zman) on the device or see the ZENworks 11 SP3 Command Line Utilities Reference.

    This adds the certificate of the Primary Server that you specified in the command to the ZENworks database and certificate store.

    NOTE:You must run the command for each device whose certificate you want to replace.

  4. Refresh all the devices, including the Primary Servers, in the zone.

    The Primary Server certificates that were imported in Step 3 are sent to the devices as configuration data.

  5. Enforce the new certificates on the zone by running the following command on any Primary Server whose DNS name is changed:

    novell-zenworks-configure -c SSL -Z

    Follow the prompts.

    Restart ZENworks services by using the novell-zenworks-configure -c Start command and select the Restart option.

  6. (Optional) Import the root certificate of the new certificate authority into the trusted store on all the devices in the zone through the zac cert-info command. You can choose to execute the command in one of the following ways:

  7. If the database is located on the Primary Server whose IP address you changed.

    1. Change the database server address on all the second Primary Servers. On all the second Primary Servers, change the value of database server address in the ZENworks_Installation_Directory\Novell\ZENworks\conf\datamodel\zdm.xml to point to the new IP address of the first Primary Server.

    2. Change the audit database server address on all the second Primary Servers. On all the second Primary Servers, change the value of audit database server address in the ZENworks_Installation_Directory\Novell\ZENworks\conf\datamodel\zenaudit.xml to point to the new IP address of the first Primary Server.

  8. Restart all the ZENworks services on all the Primary Servers in the zone by running the following command at the console prompt of each Primary Server in the zone:

    novell-zenworks-configure -c Start

    By default, all the services are selected. You must select Restart as the Action.

  9. Refresh all the Primary Server Agents, so that the new IP and DNS name of the first Primary Server will be updated on the other servers. Run the following commands:

    zac retr -u zone_administrator_username -p zone_administrator_password

    zac ref bypasscache

  10. On the first Primary Server, run the following command zac ref bypasscache

    The first Primary Server agent contacts the second Primary Server (Closest Server Rules) and gets the updated details of its new IP and Hostname.

  11. Restart all the ZENworks Adaptive Agents.

  12. Restart the Proxy DHCP services on all the Satellites.

  13. Refresh all the devices in the zone.

    If any device is not reachable during the refresh, you must first establish a connection with the device, then run the following command at the console prompt of each device to reestablish the trust between the device and the zone:

    zac retr -u zone_administrator_username -p zone_administrator_password

  14. Configure the Satellites with the new external certificates by entering the following command at the console prompt of each Satellite in the zone:

    zac iac -pk private-key.der -c signed-server_certificate.der -ca signing-authority-public-certificate.der -ks keystore.jks -ksp keystore-pass-phrase -a signed-cert-alias -ks signed-cert-passphrase -u username -p password -rc

    For more information about zac, view the zac man page (man zac) on the device or see the ZENworks 11 SP3 Command Line Utilities Reference.

  15. Re-create all the default and custom deployment packages for all the Primary Servers:

    • Default Deployment Packages: At the console prompt of each Primary Server in the zone, enter the following command:

      novell-zenworks-configure -c CreateExtractorPacks -Z

    • Custom Deployment Packages: At the console prompt of each Primary Server in the zone, enter the following command:

      novell-zenworks- configure -c RebuildCustomPacks -Z

  16. (Conditional) If your zone includes Intel AMT devices, unprovision and provision the devices.

    For more information about unprovisioning and provisioning Intel AMT devices, see Configuring Intel AMT Devices in Enterprise Mode in the ZENworks 11 SP3 Out-of-Band Management Reference.

  17. (Conditional) If Multizone is configured with this server (whose IP address and DNS name is changed) as Publisher, then after replacing the First Primary Server with the Second Primary Server, update the new IP address and DNS name of this server for all its Subscribers. Perform the following to update the new IP address and DNS name:

    1. Log in to ZENworks Control Center (ZCC) of subscribers.

    2. Navigate to Subscribe And Share > Subscriptions > <subscription_name> > Remote Server > Base URL>Edit.

    3. Update the IP address or Hostname with new IP address or Hostname of the Primary Server (Publisher).

    To update the new certificate:

    1. Navigate to Subscribe And Share > Subscriptions > <subscription_name> > Remote Server > Update Certificate.

    2. Update the certificate.

NOTE:When you change the IP address or DNS name of the ZENworks Primary Server on which a ZENworks Reporting is installed, you need not perform any additional steps to ensure that the ZENworks Reporting functions properly. However, if the database is also residing on the ZENworks Primary Server, then you must run ZENworks Reporting Configuration Tool, to point to the new IP address of the Database.

For more information, see ZENworks Reporting Configuration Tool in the ZENworks Reporting 5 System Reference.

3.2.2 Scenario for a zone configured with internal certificate

If you want to change only the DNS name or if you want to change both the IP address and the DNS name of the Primary Server after installing ZENworks 11 SP3, and if the certificates CN has fully qualified DNS configured, perform the following steps to change only the DNS name or to change both the IP address and the DNS name of the Primary Server.

  1. Take a reliable backup of the following on all the Primary Servers in the Management Zone:

  2. Enforce the new certificates on the zone by running the following command on any Primary Server whose DNS name is changed:

    novell-zenworks-configure -c SSL -Z

    Follow the prompts, then remint only the server certificate not the CA certificate.

    Restart ZENworks services by using the novell-zenworks-configure -c Start command and select the Restart option.

  3. If the database is located on the Primary Server whose IP address you changed.

    1. Change the database server address on all the second Primary Servers. On all the second Primary Servers, change the value of database server address in the ZENworks_Installation_Directory\Novell\ZENworks\conf\datamodel\zdm.xml to point to the new IP address of the first Primary Server.

    2. Change the audit database server address on all the second Primary Servers. On all the second Primary Servers, change the value of audit database server address in the ZENworks_Installation_Directory\Novell\ZENworks\conf\datamodel\zenaudit.xml to point to the new IP address of the first Primary Server.

  4. Refresh all the Primary Server Agents, so that the new IP and DNS name of the first Primary Server will be updated on the other servers. Run the following commands:

    zac retr -u zone_administrator_username -p zone_administrator_password

    zac ref bypasscache

  5. On the first Primary Server, run the following command zac ref bypasscache

    The first Primary Server agent contacts the second Primary Server (Closest Server Rules) and gets the updated details of its new IP and Hostname.

  6. Restart all the ZENworks Adaptive Agents.

  7. Restart the Proxy DHCP services on all the Satellites.

  8. Restart all the ZENworks services on all the Primary Servers in the zone by running the following command at the console prompt of each Primary Server in the zone:

    novell-zenworks-configure -c Start

    By default, all the services are selected. You must select Restart as the Action.

  9. Refresh all the devices in the zone.

    If any device is not reachable during the refresh, you must first establish a connection with the device, then run the following command at the console prompt of each device to reestablish the trust between the device and the zone:

    zac retr -u zone_administrator_username -p zone_administrator_password

  10. Configure the Authentication Satellites with the new certificates by entering the following command at the Satellite's prompt:

    On Windows: zac authentication server reconfigure (asr) -t all

    On Linux: zac remint-satellite-cert (rsc)

  11. Re-create all the default and custom deployment packages for all the Primary Servers.

    Default deployment packages:

    At the console prompt of each Primary Server in the zone, enter the following command:

    novell-zenworks-configure -c CreateExtractorPacks -Z

    Custom deployment packages:

    At the prompt of each Primary Server in the zone, enter the following command:

    novell-zenworks- configure -c RebuildCustomPacks -Z

  12. (Conditional) If your zone includes Intel AMT devices, unprovision and provision the devices.

    For more information about unprovisioning and provisioning Intel AMT devices, see Configuring Intel AMT Devices in Enterprise Mode in the ZENworks 11 SP3 Out-of-Band Management Reference.

  13. (Conditional) If Multizone is configured with this server (whose IP address and DNS name is changed) as Publisher, then after replacing the First Primary Server with the Second Primary Server, update the new IP address and DNS name of this server for all its Subscribers. Perform the following to update the new IP address and DNS name:

    1. Log in to ZENworks Control Center (ZCC) of subscribers.

    2. Navigate to Subscribe And Share > Subscriptions > <subscription_name> > Remote Server > Base URL>Edit.

    3. Update the IP address or Hostname with new IP address or Hostname of the Primary Server (Publisher).

    To update the new certificate:

    1. Navigate to Subscribe And Share > Subscriptions > <subscription_name> > Remote Server > Update Certificate.

    2. Update the certificate.

NOTE:When you change the IP address or DNS name of the ZENworks Primary Server on which a ZENworks Reporting is installed, you need not perform any additional steps to ensure that the ZENworks Reporting functions properly. However, if the database is also residing on the ZENworks Primary Server, then you must run ZENworks Reporting Configuration Tool, to point to the new IP address of the Database.

For more information, see ZENworks Reporting Configuration Tool in the ZENworks Reporting 5 System Reference.