11.2 Installing the Components to a Single Windows 2000 Server

NOTE:The information in this section also applies to ZENworks 7 Desktop Management with Support Pack 1.

Use the following high-level procedure for installing the necessary components to run ZENworks Desktop Management on a single Windows 2000/2003 server:

  1. Install Novell eDirectory™. This also requires the following complementary software:

    • If you are using the original version of ZENworks 7 Desktop Management, you must license eDirectory 8.7. You can download the files you need for the eDirectory 8.7.x evaluation license from the Novell eDirectory 8.7.x Evaluation License Download Web site. Novell eDirectory 8.7.3 on the Novell ZENworks 7 Companion 1 CD includes a licensing wizard that prompts for these files during eDirectory installation.

      If you are using ZENworks 7 Desktop Management with Support Pack 1, you can use eDirectory 8.8.1 by purchasing a license for ZENworks. Novell eDirectory 8.8.1 is available on the Novell ZENworks 7 with Support Pack 1 Companion 1 CD.

    • Novell Client™ 4.9 Support Pack 1a (or later) installed. The most current Novell Client (version 4.91 SP2 or later) is available for download from the Novell Downloads Web site.

      IMPORTANT:If you install the Novell Client on a Windows 2000/2003 server, then install the Middle Tier Server on the same machine, then uninstall the Novell Client from this server, the Middle Tier Server fails. The client uninstall program removes important files needed by the ZENworks Middle Tier Server.

      In this same software combination scenario, if you subsequently upgrade the client to 4.9 SP2, a different version of nicm.sys is installed. If you do not use the nicm.sys included in ZENworks 7 Middle Tier Server, the Middle Tier Server fails.

      To work around this issue, you have two options:

      • 1) Save the nicm.sys file included in the ZENworks 7 Middle Tier Server installation prior to the client upgrade and then recopy it after the client upgrade (this could also be accomplished by reinstalling the Middle Tier after the client upgrade).
      • 2) After the client upgrade, download nicm.sys from TID 10093371 in the Novell Support Knowledgebase and copy it to overwrite the updated client version of nicm.sys.
    • If you are using the original version of ZENworks 7 Desktop Management, install ConsoleOne® 1.3.6

      If you are using ZENworks 7 Desktop Management with SP1, install ConsoleOne 1.3.6e, available on the ZENworks 7 with Support Pack 1 Companion 1 CD.

  2. If Active Directory is also installed on this server (that is, the server is a Primary Domain Controller), make sure that eDirectory LDAP is configured to listen on ports other than the defaults (389: non-secure, and 636: secure).

    1. From the Novell Client, log in to eDirectory as Admin (or equivalent) so that you have sufficient rights to modify the LDAP Server object.

    2. In ConsoleOne, right-click the LDAP Server object > select Properties > General.

    3. In the TCP Port field, change the TCP port to some other port than the default (port 388 might be a good choice).

      This action varies slightly in older versions of eDirectory. You might need to open the Other page of the LDAP Server to find the TCP Port property and change the value.

    4. Click the SSL Configuration tab to open the SSL Configuration page.

    5. In the SSL Port field, change the port number value to something other than 636, then click Apply.

      If an error is displayed after you apply the port changes, you can ignore it and close the error dialog box.

    6. Click the Refresh NLDAP Server Now button.

      If an error is displayed after you refresh the NLDAP server, you can ignore it and close the error dialog box.

    7. At the Windows desktop, click Start > Settings > Control Panel > double-click NDS Services.

    8. In the NDS Services window, select nldap.dlm, then click Start to accept the changes to the TCP port.

      You can confirm the port that the LDAP Server is listening on by entering the following command at a command prompt:

      netstat -a -n
      
  3. If iMonitor is also installed on this server, configure it to run on a port other than 80:

    1. At the Windows desktop, click Start > Programs > Administrative Tools > Internet Services Manager.

    2. In the Internet Information Services window, click the plus sign (+) to expand the server node in the console tree.

    3. At the Default Web Site icon, check for the (Stopped) description.

      If the Web site is running, proceed to Step 3.d.

      If the Web site is stopped, proceed to Step 3.e.

    4. (Conditional) Stop the IIS Web Server by entering the following command at the command prompt:

      iisreset /stop
      
    5. From the desktop, click Start > Settings > Control Panel > NDS Services > select NDS iMonitor > click Stop to stop the iMonitor service.

      The screen might not refresh to show that the service has stopped. You might need to close NDS® services and open them again to verify that the service has stopped.

      You can confirm that no service is listening on port 80 by entering the following command at a command prompt:

      netstat -a -n
      
    6. Change the conflicting port settings. From ConsoleOne, in the same container as the eDirectory server, right-click the Http Server-Servername object > click Properties.

    7. Expand the httpDefaultClearPort and the httpDefaultTLSPort attributes.

    8. Select the value under each attribute, click Modify, then enter an unassigned port to use for DHost Console and ndsimon.

      For example, if the httpDefaultClearPort default value were set to 80, you could change it to 9000 and if the httpDefaultTLSPort value were set to 43, you should change it to 443, assuming that ports 9000 and 443 were not used by other applications.

    9. Shut down and restart eDirectory so that the new port numbers take effect.

    10. Start iMonitor. From the desktop, click Start > Settings > Control Panel > NDS Services, select NDS iMonitor, then click Start.

      Confirm that iMonitor is listening on the configured port by entering the following command at a command prompt:

      netstat -a -n
      
    11. From a command prompt, enter the following command to start IIS:

      iisreset /start
      
  4. Install the Desktop Management Server software. For information, see Section 9.0, Installing the ZENworks Desktop Management Server or Section 9.2, SP1 Desktop Management Server Installation.

  5. Install ZENworks Middle Tier Server software on the server. For information, see Section 10.0, Installing the ZENworks Middle Tier Server or Section 10.2, SP1 Middle Tier Server Installation Procedure.

  6. If the server has Active Directory and is the Primary Domain Controller, grant IIS rights to modify Middle Tier registry entries:

    1. From the Windows Desktop, click Start > Run > enter regedt32.

    2. In the Windows Registry Editor, open HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Xtier > click Security > Permissions.

    3. In the Permissions for Xtier dialog box, click Advanced.

    4. In the Access Control for Xtier dialog box, click Add.

    5. In the Look In field of the Select Users, Computers, or Groups dialog box, make sure that the domain is selected where you installed the ZENworks Middle Tier Server software > select the IUSR_server_name user object from the list, then click OK.

    6. In the Permission Entry for Xtier dialog box, select Allow for each of the following permissions:

      • Query Value

      • Set Value

      • Create Subkey

      • Enumerate Subkeys

      • Notify

      • Delete

      • Read Control

    7. Click OK.

    8. In the Access Control for Xtier dialog box, select Reset Permissions on All Child Objects, then click Apply.

    9. In the Security warning dialog box, click Yes.

    10. In the Access Control for Xtier dialog box, click OK.

    11. In the Permissions for Xtier dialog box, click OK.

    12. Close the Windows Registry Editor.

  7. Open a browser, enter the address of the NSAdmin utility (http://server_IP_address/oneNet/nsadmin), then modify the LDAP Port configuration for the ZENworks Middle Tier Server.