ZENServer is configured to use ports 80 and 443. If these ports are required for other applications, then the ZENServer ports need to be reconfigured to 81 and 444. Using the information in this chapter, you can change the ZENServer port number.
IMPORTANT: Before starting this process, ensure that you take a backup of the configuration files, certificates and the database.
During this process, the Primary Server will be down. Therefore, it is recommended to have an alternate Primary Server in the zone so that the managed devices will be able to connect to that server for any activity involving servers.
NOTE:The following actions should be performed in the same order.
Upgrade the port number on the agent machine:
Stop the agent service.
Update the initial-web-service file on the server with the correct port number. The initial-web-service file can be accessed from the following location:
Linux Managed Devices: /etc/opt/novell/zenworks/initial-web-service
Windows Managed Devices: %ZENWORKS_HOME%/conf/initial-web-service
Remove the cache folder.
Update the port number on the server. The server.xml file can be accessed from the following location:
Stop the zenworks services by using the novell-zenworks-configure -c Start command.
NOTE:If the database is Embedded Sybase, then do not stop the ZENworks services.
Open the server.xml file in a text editor and go to the Service section. In this section, look for the Connector subsection in which the value of the port is the same as the previous https port value and the scheme is https. Update the port to the https port that you want to configure. It should have a line similar to <!-- Define a SSL HTTP/1.1 Connector on port 443 -->
In the Service section in which the Connector port value is the same as the previous http port, update the port value to the desired http port and change the redirectPort attribute to the https port that is configured in the previous step. It should have a line similar to <!-- Define a non-SSL HTTP/1.1 Connector on port 80 --> above it.
In the Service section, in which the connector port value is the same as the previous AJP port and the protocol is something like AJP/1.3, update the port value to the desired AJP port and change the redirectPort to the https port that was configured previously. It should have a line similar to <!-- Define an AJP 1.3 Connector on port 8009 -->
NOTE:On Linux, at the end, ensure that the permissions of server.xml are intact. Permissions should be -rw-r--r--, and ownership should be zenworks:zenworks. If you are unsure, it is recommended to run permissions.sh at the command prompt.
Open an SQL console to execute the following SQL queries:
For Embedded Sybase, use the dbisql utility, which is available on Linux in the /opt/novell/zenworks/share/sybase/bin32s location and on Windows in the ZENWORKS_HOME/share/sybase/bin32s location.
For MSSQL and Sybase, update zzenserver set Port = <NEW_HTTP_PORT> where zuid = 0x<SERVER_GUID> and update zzenserver set SSLPort = <NEW_HTTPS_PORT> where zuid = 0x<SERVER_GUID>
For Oracle , update zzenserver set Port = <NEW_HTTP_PORT> where zuid = HEXTORAW('<SERVER_GUID>') and update zzenserver set SSLPort = <NEW_HTTPS_PORT> where zuid = HEXTORAW('<SERVER_GUID>)
Update the initial-web-service, file on the server with the latest https port number:
If you have a firewall enabled, update it with the new port numbers.
Restart the ZENworks services using the novell-zenworks-configure -c Start command (select the option next to Restart).
Execute the zman lrr -f command to re-calculate the closest server rules.
Re-build deployment packages using the novell-zenworks-configure -c CreateExtractorPacks -Z command.
NOTE:Ensure that the new port that is configured is provided along with zman as it uses the default port. (use zman <command> --port=<new port>). The zuid can be found in the following location:
On Windows: ZENWORKS_HOME/conf/DeviceGuid
On Linux: /etc/opt/novell/zenworks/DeviceGuid
Start the agent service. Use the /etc/init.d/novell-zenworks-xplatzmd start --clean command for Linux devices.
Points to be considered if the updating agents are going to be automated:
If the zone has multiple Primary Servers, the steps listed above are optional. Because, when the device tries to connect to the server, it will be marked as bad as it is not reachable. Till the next refresh happens, it will use another server in the zone based on the configured closest server rules. When the next refresh happens on the agent, it will get the updated server list which will have the updated information and the agent will be updated with the new details.
In the case of a single Primary Server, when the agent comes up, the server will be marked as bad. To avoid this, delay the execution of the zac cc command and the agent restart. After the policy has been applied on the device, the server port has to be changed and then the agent service has to be restarted. A time delay can be added to execute the zac cc command and restart the agent.
Also, the initial-web-service file needs to be modified ONLY on the devices registered to the Primary Server whose port number has been changed. Grep the contents of initial-web-service and make sure whether it has the current server's ip or hostname in it and then proceed.