The information in this Readme pertains to the 11.4.2 system update for ZENworks 11 SP4.
Some of the important issues that were observed in previous releases and are fixed in this release are:
Delays in logging into managed devices when the FDE license has expired, is addressed.
On Windows devices, issues with JRE due to which ZEUS service does not launch, are addressed.
XPath Injection security vulnerabilities on ZENworks Primary Servers and Authentication Satellite Servers, are addressed.
Failure to create SUSE subscription through a web service on some Linux Primary Servers, is addressed.
The inability of Authentication Satellite Servers to add certificates using the zac iac command after upgrading to 11.4.1, when the zone certificate authority is set to subordinate CA, is addressed.
Logged-in user information that was not cleared from ZCC even after the user was logged out, is addressed.
Five new reports are now available for Patch Management: DAU Status, Device Status, Overall Patch Percentage, Patch Percentage by Folder, and Unpatched Patches by Device.
High patch volume in patch policies decreasing server response time, is addressed.
Slow response time on patch vulnerability detection from clients, is addressed.
Old patch bundles using excessive disk space, is addressed.
For information on newly supported platforms and other enhancements, see What’s New in 11.4.2 in the ZENworks 11 SP4 What’s New Reference guide.
Use the following guidelines to plan for the deployment of ZENworks 11.4.2 in your Management Zone:
Apply the pre-requisite update “Post 11SP4 Update Prereq” to the ZENworks 11 SP4 servers before upgrading to ZENworks 11.4.2. However, if the server is already upgraded to the ZENworks 11.4.1 version, then this pre-requisite update need not be applied.
If you are using Full Disk Encryption on OPAL drives in native hardware-encryption mode (no software encryption applied), you MUST remove the Disk Encryption policy from those managed devices before you update them to ZENworks 11.4.2.
If you are using software encryption with OPAL drives (via the Enable software encryption of OPAL compliant self-encrypting drives setting in the policy), you DO NOT need to remove the policy before updating the managed devices.
The system reboots once after you upgrade to ZENworks 11.4.2. The reboot is applicable only for Windows devices. However, a double reboot is required in the following scenarios:
Table 1 Double Reboot Scenarios
|
Scenario |
ZENworks Endpoint Security |
Full Disk Encryption |
Location Services |
Client Self Defense |
|---|---|---|---|---|
|
Upgrade from 10.3.4 or above to 11.4.2 |
Disabled |
Disabled |
Lite |
Enabled |
|
Fresh Install of 11.4.2 |
Disabled |
Disabled |
Lite / Full |
Enabled |
IMPORTANT:Any managed device running versions prior to 10.3.4 must first be upgraded to ZENworks 10.3.4 or a subsequent version. The system reboots after the upgrade to ZENworks 10.3.4 and then reboots again when the 11.4.2 update is deployed.
Table 2 ZENworks Cumulative Agent Update to 11.4.2: Supported Paths
|
Managed Device Type |
Operating System |
Supported Versions |
Unsupported Versions |
|---|---|---|---|
|
Primary Server |
Windows/Linux |
v11.4.x |
Any version prior to v11.4.x |
|
Satellite Server |
Windows/Linux/Mac |
v10.3.4 and subsequent versions |
Any version prior to v10.3.4 |
|
Managed Device |
Windows |
v10.3.4 and subsequent versions |
Any version prior to v10.3.4 |
|
Linux |
v11.0 and subsequent versions |
NA |
|
|
Mac |
v11.2 and subsequent versions |
NA |
Prior to installing the System Update, ensure that you have adequate free disk space in the following locations:
|
Location |
Description |
Disk Space |
|---|---|---|
|
Windows: %zenworks_home%\install\downloads Linux: opt/novell/zenworks/install/downloads |
To maintain agent packages. |
4 GB |
|
Windows: %zenworks_home%\work\content-repo Linux: /var/opt/novell/zenworks/content-repo |
To import the zip file to the content system. |
4 GB |
|
Agent Cache |
To download the applicable System Update contents that are required to update the ZENworks server. |
1.5 GB |
|
Location where the System Update file is copied. This is only applicable for the ZENworks Server that is used to import the System Update zip file |
To store the downloaded System Update zip file. |
4 GB |
You must deploy version 11.4.2 first to the Primary Servers, then to the Satellite Servers, and finally to the managed devices. Do not deploy this update to managed devices and Satellite Servers (or deploy new 11.4.2 Agents in the zone) until all Primary Servers in the zone have been upgraded to 11.4.2.
NOTE:When the agents start communicating with the ZENworks servers before the Primary Servers are upgraded, the agents receive inconsistent data that might impact the zone. Therefore, the Primary Servers should be upgraded within a short duration, ideally within few minutes of each other.
The Update For ZENworks 11 SP4 (11.4.2) supercedes ZENworks 11.4.1.
You can directly deploy ZENworks 11.4.2 to Satellite Servers and managed devices that have ZENworks 10.3.4 or a subsequent version installed.
For instructions on downloading and deploying version 11.4.2 as an update, see the ZENworks 11 SP4 System Updates Reference.
If your Management Zone consists of Primary Servers with a version prior to ZENworks 11 SP4, you can deploy ZENworks 11.4.2 to these Primary Servers only after all of them have been upgraded to ZENworks 11 SP4 and the “Post 11SP4 Update Prereq” has been applied to all these servers. For instructions, see the ZENworks 11 SP4 Upgrade Guide.
NOTE:If the ZENworks 11.4.1 version is already deployed on the primary servers, then the pre-requisite update need not be applied to deploy ZENworks 11.4.2 on the primary server.
For information about the Post 11SP4 Update Prereq, see Post ZENworks 11 SP4 Update Prerequisites.
For administrative tasks, see the Novell ZENworks documentation website.
IMPORTANT:Do not update the Remote Management (RM) viewer until all the Join Proxy Satellite Servers are updated in the zone. To perform Remote Management through Join Proxy, you need to ensure that the RM viewer version and the Join Proxy version are the same.
Ensure that you read Section 2.0, Planning to Deploy Version 11.4.2 before you download and deploy the 11.4.2 update.
This update requires schema changes to be made to the database. Only one Primary Server should have its services running during the initial patch installation so that other Primary Servers do not try to access the tables being changed in the database.
After the Master or dedicated Primary Server has been updated, the remaining servers can start their services and apply the update simultaneously.
For the list of supported Managed Device and Satellite Server versions in a Management Zone with 11.4.2, see Managed Device and Satellite Version Support Matrix.
Some of the issues identified in the initial release of ZENworks 11 SP4 have been resolved with this release. For a list of the resolved issues, see TID 7017469 in the Novell Support Knowledgebase.
Some of the issues that were discovered in previous versions of ZENworks 11 SP4 have not yet been resolved. Review the following Readme documents for more information:
For the first time when you assign ZENworks 11.4.x to a Primary Server that is newly added to the zone an error message is displayed.
Workaround: Redeploy the update.
When the novell-zenworks-xplat-uninstall script is used to uninstall the ZENworks Adaptive Agent on a Linux device, it does not delete the contents of the /var/opt/novell/zenworks folder.
Workaround: Manually delete the /var/opt/novell/zenworks folder before re-installing the ZENworks Adaptive Agent on the given Linux device.
When a zone is baselined with the 11.4 prereq and the 11.4.x system updates and then you install a 11.4 Primary Server in the zone, these updates will automatically be assigned to the 11.4 Primary Server and they will be installed in parallel. As the 11.4 prereq update has not yet completed, the 11.4.x system update might fail with the following error: The update failed because the pre-requisite update, (Post 11SP4 Update Prereq), failed to apply. Check the status of that update for details.
Workaround: Wait for the 11.4 prereq to get completed and then reassign the 11.4.x system update to the newly added Primary Server.
When you update ZENWorks to 11.4.2 and upload the Tuxera driver, the following error message is shown:
Checksum of the uploaded Tuxera NTFS driver file does not match with the expected checksum in the NTFSDriver.conf file.
Workaround: Log out and log into ZCC and re-upload the Tuxera driver.
When you upgrade the operating system to SUSE 12 SP1, the ZENworks Adaptive Agent page appears blank.
Workaround:
After upgrading the operating system, perform the following actions:
Stop the agent service by running the systemctl stop novell-zenworks-xplatzmd.service command.
Navigate to the /opt/novell/zenworks/zmd/java/lib/configuration directory and manually delete the following folders:
org.eclipse.core.runtime
org.eclipse.osgi
Start the agent service by running the systemctl start novell-zenworks-xplatzmd.service command.
If your Primary Server is a SLES 12 device, any modifications to the pxemenu.txt file will be lost while upgrading to ZENworks 11.4 prerequisite, or 11.4.x.
The pxemenu.txt file is located at:
\srv\tftp\pxemenu.txt
\srv\tftp\efi\x86_64\pxemenu.txt
\srv\tftp\efi\ia32\pxemenu.txt
Workaround: Before upgrading ZENworks, back up the pxemenu.txt file.
After you perform a system update on a Macintosh device, the ZEN icon might not be displayed in the system tray.
Workaround: Log out and log into the device.
When you upgrade the Primary Server to ZENworks 11.4.2, and perform a refresh (manual or scheduled), or run the zac su command on the Linux and Mac IOA devices, the IOA devices are not updated to 11.4.2.
Workaround: None. For more information, see TID 7017601 in the Novell Support Knowledgebase.
While running a 11.4.2 system update on a Windows Primary Server, preglobal actions might fail to run due to which the system update will not complete.
Workaround: For more information, see TID 7017603 in the Novell Support Knowledgebase.
When you have a parent and a child bundle with system variables in the Master Zone, if you share or replicate only the parent bundle, the replication status in the Master Zone displays an unresolved issue, which is part of the child bundle.
Workaround:
Perform any of the following:
Recreate the subscription.
Make any changes in the parent bundle in the Master Zone and rerun the subscription process.
Select the child bundle along with the parent bundle and rerun the subscription process.
When you add a shared content repo for two or more Primary Servers in a zone and then you manually run the CheckContentSystem configure action to sync the database with the content repo, the content might not be available for the servers.
Workaround: None. The Primary Servers will get access to the content in the shared content repo when the loader module syncs the data during the next refresh.
The login credentials for ZENworks Control Center (ZCC) are case sensitive when using an Oracle database. For example, in the username field, instead of entering 'Administrator', if you enter 'administrator', the login fails.
Workaround: In the searchconfig.xml file, change the value of the CaseInsensitiveAdminSearch parameter from false to true. This file can be accessed from the following location:
Windows: %ZENWORKS_HOME%\conf\datamodel\search
Linux: /etc/opt/novell/zenworks/datamodel/search/
When you run the uninstall action set for a bundle with the reboot action included, after the reboot is completed you will be prompted again to confirm if you want to uninstall the bundle.
Workaround: None. Click Yes to confirm that you want to uninstall the bundle.
You cannot edit a group policy in a Firefox version 40 or later web browser.
Workaround: Close the Firefox instance and then edit the policy using Internet Explorer.
When you install the Group Policy helper extension on Firefox 43 and above, the helper extension is in a disabled state.
Workaround:
To enable the Group Policy helper extension:
Type about:config in the address bar.
The following message is displayed:
Changing these advanced settings can be harmful to the stability, security and performance of this application. You should only continue if you are sure of what you are doing.
Click I’ll be careful, I promise!
In the search field, type xpinstall.signatures.required and double-click the Preference Name to set the value to false.
Restart the browser.
When you assign a bundle to a SLES 12 or SLED 12 device, though the Zicon is visible on the device, the ToolTip message is blacked out. This issue is related to the third-party Eclipse SWT package.
Workaround: None.
During the promotion of an agent as an Authentication Satellite Server, the status might be displayed incorrectly in Zicon. For example, the status might be displayed as Disabled even though it is enabled.
Workaround: Refresh the agent.
As a part of the Patch Policy enhancement, the Patch Policies are precomputed and its results are compressed and stored in the database. If a Sandbox version of a Patch Policy exists before the 11.4.2 system update, then after the system update, the Patch Policy is computed and its results are compressed and stored in the database only for the Sandbox version and not for the published version.
Workaround: On 11.4.2 Primary Server, run the zman bac command with the published version of the Patch Policy bundle GUID, to allow the computation. The Patch Policy bundle GUID can be obtained from ZCC. You need not repeat this step if the Patch Policy is published later.
When you perform a remote management operation on a 11.3.x managed device, the following error might be displayed: Communication error: some other applications are running on the specific port. This error occurs when you perform the switch user operation in a remote control session and the nzrWinVNC.exe process is down or multiple processes with the same name are running.
Workaround: Restart Novell ZENworks Remote Management Service on the managed device.
NOTE:Upgrading the agent version to 11.4 or higher will resolve the issue.
The Suppress Desktop Wallpaper setting for remote management operations will not function on Windows 8 or subsequent platforms when a group policy with the Desktop Wallpaper setting configured is assigned to the device.
Workaround: None (This is a Microsoft Windows limitation).
ZENworks File Upload and Remote Management Viewer plug-ins are not available under Add-ons page in the 64-bit Firefox 43 and later (including ESR) browsers, even though they are installed on the browsers.
Workaround: None. We recommend you to use a 32-bit browser instead of 64-bit browser.
When you configure a ZENworks Group Policy Object (GPO) with desktop wallpaper as enabled and assign it to a Windows 7 managed device, the wallpaper is not applied.
Workaround: Clear the Suppress Wallpaper option:
In ZENworks Control Center, navigate to Configuration > Device Management > Remote Management > Performance Settings During Remote Session, and clear the Suppress Wallpaper check box.
The default version of OpenSSL in SLES 10 SP3 or SP4 servers breaks the communication with the 11.4.2 Primary Servers.
Workaround: None. For more information, see TID 7017532 in the Novell Support Knowledgebase.
On Windows 10 devices (without ZENworks agent), without performing a Sysprep, when you restore an image and then reboot the device, the Windows start menu and few other Windows features like Cortana and Metro applications might not work.
NOTE: If you are taking an image without Sysprep, refer the Prerequisites for taking an Image on Windows 10 without Sysprep section in the ZENworks 11 SP4 Preboot Services and Imaging Reference.
Workaround: None.
When you promote a device to a Satellite Server with multiple roles, including the Imaging role, the promotion might fail. This is because the installation of the Imaging role packages are not synchronized with those of the Join Proxy or Authentication role packages.
Workaround: Promote the Imaging role separately. Do not combine it with the promotion of other roles.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy and FIPS compliance, see https://www.novell.com/company/legal/.
Copyright © 2016 Novell, Inc. All Rights Reserved.