Installing Desktop Management Services to a Single Windows 2000 Server

Use the following high-level procedure for installing the necessary components to run ZENworks Desktop Management on a single Windows 2000/2003 server:

  1. Install eDirectory. This also requires the following complementary software:

    • Novell eDirectory must be licensed. You can download the files you need for the eDirectory 8.7.x evaluation license from the Novell eDirectory 8.7.x Evaluation License Download Web site. Novell eDirectory 8.7.3 on the Novell ZENworks 6.5 Companion 1 CD includes a licensing wizard that prompts for these files during eDirectory installation.
    • Novell Client 4.9 Support Pack 1a (or later) installed
    • ConsoleOne® 1.3.6 installed

    IMPORTANT:  If you install the Novell ClientTM on a Windows 2000/2003 server, then install the Middle Tier Server on the same machine, then uninstall the Novell Client from this server, the Middle Tier Server will fail. The client uninstall program removes important files needed by the ZENworks Middle Tier Server.

    In this same software combination scenario, if you subsequently upgrade the client to 4.9 SP2, a different version of nicm.sys will be installed. If you do not use the nicm.sys included in ZENworks 6.5 Middle Tier Server, the Middle Tier Server will fail.

    To work around this issue, you have two options:

    1) Save the nicm.sys file included in the ZENworks 6.5 Middle Tier Server installation prior to the client upgrade and then recopy after the client upgrade (this could also be accomplished by reinstalling the Middle Tier after the client upgrade).
    2) After the client upgrade, download nicm.sys from TID 10093371 in the Novell Support Knowledgebase and copy it to overwrite the updated client version of nicm.sys.

  2. If Active Directory is also installed on this server (that is, the server is a Primary Domain Controller), make sure that eDirectory LDAP is configured to listen on ports other than the defaults (389: nonsecure, and 636: secure).

    1. From the Novell Client, log in to eDirectory as Admin (or equivalent) so that you will have sufficient rights to modify the LDAP Server object.

    2. In ConsoleOne, right-click the LDAP Server object > select Properties > General.

    3. In the TCP Port field, change the TCP port to some other port than the default (port 388 might be a good choice).

      NOTE:  This action varies slightly in older versions of eDirectory. You might need to open the Other page of the LDAP Server to find the TCP Port property and change the value.

    4. Click the SSL Configuration tab to open the SSL Configuration page.

    5. In the SSL Port field, change the port number value to something other than 636, then click Apply.

      If an error is displayed after you apply the port changes, you can ignore it and close the error dialog box.

    6. Click the Refresh NLDAP Server Now button.

      If an error is displayed after you refresh the NLDAP server, you can ignore it and close the error dialog box.

    7. At the Windows desktop, click Start > Settings > Control Panel > double-click NDS Services.

    8. In the NDS Services window, select nldap.dlm, then click Start to accept the changes to the TCP port.

      You can confirm the port that the LDAP Server is listening on by entering the following command at a command prompt:

      netstat -a -n

  3. If iMonitor is also installed on this server, configure it to run on a port other than 80. Use these steps to configure:

    1. At the Windows desktop, click Start > Programs > Administrative Tools > Internet Services Manager.

    2. In the Internet Information Services window, click the plus sign (+) to expand the server node in the console tree.

    3. At the Default Web Site icon, check for the (Stopped) description.

      If the Web site is running, proceed to Step 3.d.

      If the Web site is stopped, proceed to Step 3.e.

    4. (Conditional) Stop the IIS Web Server by entering the following command at the command prompt:

      iisreset /stop

    5. From the desktop, click Start > Settings > Control Panel > NDS Services > select NDS iMonitor > click Stop to stop the iMonitor service.

      The screen might not refresh to show that the service has stopped. You might need to close NDS® services and open them again to verify that the service has stopped.

      You can confirm that no service is listening on port 80 by entering the following command at a command prompt:

      netstat -a -n

    6. Change the conflicting port settings. From ConsoleOne, In the same container as the eDirectory server, right-click the Http Server-Servername object > click Properties.

    7. Expand the httpDefaultClearPort and the httpDefaultTLSPort attributes.

    8. Select the value under each attribute > click modify and enter an unassigned port to use for DHost Console and ndsimon.

      For example, if the httpDefaultClearPort default value were set to 80, you could change it to 9000 and if the httpDefaultTLSPort value were set to 43, you should change it to 443, assuming that ports 9000 and 443 were not used by other applications.

    9. Shut down and restart eDirectory so that the new port numbers will take effect.

    10. Start iMonitor. From the desktop, click Start > Settings > Control Panel > NDS Services, select NDS iMonitor, then click Start.

      Confirm that iMonitor is listening on the configured port by entering the following command at a command prompt:

      netstat -a -n

    11. From a command prompt, enter the following command to start IIS:

      iisreset /start

  4. Install the Desktop Management Server software. For information, see Installing the ZENworks Desktop Management Server.

  5. Install ZENworks Middle Tier Server software on the server. For information, see Installing the ZENworks Middle Tier Server.

  6. If the server has Active Directory and is the Primary Domain Controller, grant IIS rights to modify Middle Tier registry entries:

    1. From the Windows Desktop, click Start > Run > enter regedt32.

    2. In the Windows Registry Editor, open HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Xtier > click Security > Permissions.

    3. In the Permissions for Xtier dialog box, click Advanced.

    4. In the Access Control for Xtier dialog box, click Add.

    5. In the Look In field of the Select Users, Computers, or Groups dialog box, make sure that the domain is selected where you installed the ZENworks Middle Tier Server software > select the IUSR_server_name user object from the list, then click OK.

    6. In the Permission Entry for Xtier dialog box, select Allow for each of the following permissions:

      • Query Value
      • Set Value
      • Create Subkey
      • Enumerate Subkeys
      • Notify
      • Delete
      • Read Control

    7. Click OK.

    8. In the Access Control for Xtier dialog box, select Reset Permissions on All Child Objects, then click Apply.

    9. In the Security warning dialog box, click Yes.

    10. In the Access Control for Xtier dialog box, click OK.

    11. In the Permissions for Xtier dialog box, click OK.

    12. Close the Windows Registry Editor.

  7. Open a browser, enter the address of the NSAdmin utility (http://server_IP_address/oneNet/nsadmin), then modify the LDAP Port configuration for the ZENworks Middle Tier Server.