Update for ZENworks 11 SP2 (11.2.2)

March 2013

The information in this Readme file pertains to the update for Novell ZENworks 11 SP2 (11.2.2).

1.0 Readme Updates

The following table contains information on the documentation content changes that were made in this Readme after the initial release of ZENworks 11.2.2:

Table 1 Readme Updates

Date

Readme item Added or Updated

March 2013

The issues fixed in Update for ZENworks 11 SP2 (11.2.3) are identified with the phrase (Fixed in v11.2.3).

December 2012

Updated Section 5.1, Support for New Platforms.

2.0 Important Reasons to Update to Version 11.2.2

This update fixes issues discovered in previous ZENworks 11 SP2 releases. It also includes new features and enhancements.

2.1 ZENworks Configuration Management

  • A Startup Location for a managed device can now be defined at the Management Zone, device folder, or device level, and this is used by the ZENworks agent until the actual location for the device can be determined. The delays caused during user login operations, due to the use of incorrect locations, or the use of incorrect or unreachable closest servers, can be overcome by the use of the Startup Location feature, thus enhancing the user login experience.

  • Many improvements have been incorporated for reliable location detection and login performance for devices that are in a disconnected location.

  • You can now use the Deployment Snooze feature to postpone the agent installation.

  • The Roaming Profile Automation tool has been provided to enable administrators to provision or configure users to take advantage of the ZENworks Roaming Profile policy. Administrators can provision users' prerequisites for an easy and seamless configuration of roaming users.

  • New platforms are now supported: RHEL 5.8, 6.2 and 6.3 as managed devices; Citrix XenApp 6.5, XENDesktop 5.6 Feature Pack 1, XENServer 6.1; Firefox 15.0, Open Enterprise Server (OES) 11 SP1; Mac OS X Mountain Lion (10.8)

  • There are new improvements related to Product Recognition Update (PRU) and Inventory.

  • User-based policies are now supported on the console sessions of server-class devices and Citrix servers.

  • Inventory Only Agent support is available for SUSE Linux Enterprise Server (SLES) 11 SP2.

  • An issue related to the ZENworks 11.2 Authentication breaking when Citrix VDA is installed, has been fixed.

  • An issue related to the ZENworks agent installation failing on a Windows XP device with HP DriveGuard has been fixed.

  • Issues with frequent hanging of zenworkswindowsservice.exe on startup are now fixed.

  • An issue has been fixed with the Agent failing to communicate with servers behind an L4 switch, if the L4 definition was created using the L4 DNS name instead of the IP address.

2.2 Endpoint Security Management

  • The Application Control policy now allows you to terminate applications that are running when the policy is applied.

  • The Data Encryption policy now includes Safe Harbor integration with the Favorites list and Send to list in Windows Explorer, and the ability to apply password encryption to all locations on a removable storage device (not just a single folder).

  • The VPN Enforcement policy now enables you to configure the methods used to detect the Internet and to detect an active VPN connection. It also enables you to switch from the Trigger location to a Pre-VPN location, and from the Pre-VPN location to the destination VPN location or an optional Timeout location.

2.3 Patch Management

  • Following a Replication and a Discover Applicable Updates (DAU) event, patches can be cached for all Linux 32-bit and 64-bit systems.

  • The trial license can only be used for 60 days during the assessment period. It is not possible to circumvent the trial period.

  • The Patched and Not Patched lists on the Dynamic Group Patches page can now be sorted correctly.

  • The Default Patch list settings display all vendors, for every server, by default.

  • License activation and deactivation issues have been fixed.

  • Patch installation on Windows devices can be performed without any remediation errors.

  • SUSE Linux Enterprise Desktop (SLED) 11 patches can be detected and downloaded by ZENworks. However, ZENworks only downloads official OEM patches, which are updated by the manufacturer. If a manufacturer ceases support for a product, ZENworks displays all available official patches as supplied, determined by the DAU process.

  • During the Deployment Wizard process, you can download a patch, and then have it installed at a convenient time.

  • The Schedule DAU Bundles Install option is fully configurable, with a range of options for scheduling.

  • The Dynamic Workstation group shows all relevant bundle and patch assignments for devices with the same operating system.

  • The Patch Information window now contains all relevant information about the patch, including the Common Vulnerability and Exposure (CVE) code, size, and a URL to the vendor’s Web site explaining the function and necessity of the patch.

  • Upgrade issues related to patch remediation have been resolved on the SUSE platform.

  • In ZENworks, patch remediation can now be performed with Wake On LAN, so remediation can be performed at any time.

  • The DAU schedule can now be set at both the folder and the device level, enabling easier management for larger workgroups.

3.0 Planning to Deploy Version 11.2.2

Use the following guidelines to plan for the deployment of version 11.2.2 in your Management Zone:

  • You must deploy version 11.2.2 first to the Primary Servers, subsequently to Satellites, and finally to managed devices.

  • You can directly deploy version 11.2.2 to Primary Servers, Satellites, and managed devices that have ZENworks 11.2.0, 11.2.0 MU1, 11.2.0 MU2, 11.2.1, 11.2.1 MU1 or 11.2.1 MU2 installed.

  • Any managed devices running previously supported versions prior to 11.2.0 should be first upgraded to ZENworks 11.2.0. For earlier supported versions, see Table 2.

    The system reboots after you upgrade to ZENworks 11 SP2, and then reboots again when the 11.2.2 update is deployed.

If you have an external OEM Sybase database installed on a Linux machine, you need to perform a procedure on the OEM Sybase machine before you update the ZENworks Primary Servers to 11.2.2. For more information, see TID 7010332 in the Novell Support Knowledgebase.

NOTE:This procedure needs to be performed only if the ZENworks Primary Servers are being upgraded from ZENworks 11.2, 11.2 MU1 or 11.2 MU2 to ZENworks 11.2.2.

4.0 Downloading and Deploying Version 11.2.2

For instructions on downloading and deploying version 11.2.2 as an update, see the ZENworks 11 SP2 System Updates Reference.

NOTE:For information on how to install ZENworks 11 SP2, refer to the ZENworks 11 SP2 Upgrade Guide.

For administrative tasks, see the Novell ZENworks documentation Web site.

If your Management Zone consists of ZENworks 10.2.2/10.3.x/11.0, 11.1 Satellites and managed devices, you can deploy version 11.2.2 to the devices only if the ZENworks 11.2 update has been downloaded, authorized and is available in the Management Zone. The ZENworks 11.2.0 update is deployed first, then version 11.2.2 is deployed, so the device reboots twice.

After you download the ZENworks_11.2.2_Update.zip file, it is strongly recommended that you compare the MD5 checksum for the file with the one shown on the Downloads page, before you deploy the Update.

NOTE:For more information on installing and deploying the System Update, see the Downloads page.

Refer to the following table to understand the ZENworks support matrix:

Table 2 ZENworks Support Matrix

Managed Device

Satellite Servers

Primary Servers

v10.2.2

v10.2.2, v10.3, v10.3.1, v10.3.2, v10.3.3, v10.3.4, v11.0, v11.1, v11.2, v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2

v11.2.2

v10.3

v10.3, v10.3.1, v10.3.2, v10.3.3, v10.3.4, v11.0, v11.1, v11.2, v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2

v11.2.2

v10.3.1

v10.3.1, v10.3.2, v10.3.3, v10.3.4, v11.0, v11.1, v11.2,v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2

v11.2.2

v10.3.2

v10.3.2, v10.3.3, v10.3.4, v11.0, v11.1, v11.2, v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2

v11.2.2

v10.3.3

v10.3.3, v10.3.4, v11.0, v11.1, v11.2,v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2

v11.2.2

v10.3.4

v10.3.4, v11.0, v11.1, v11.2,v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2

v11.2.2

v11.0

v11.0, v11.1, v11.2, v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2

v11.2.2

v11.1

v11.1, v11.2,v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2

v11.2.2

v11.2

v11.2, v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2

v11.2.2

v11.2 MU1

v11.2 MU1, v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2

v11.2.2

v11.2 MU2

v11.2 MU2, v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2

v11.2.2

v11.2.1

v11.2.1, v11.2.1 MU1, v 11.2.1 MU2, v11.2.2

v11.2.2

v11.2.1 MU1

v11.2.1 MU1, v 11.2.1 MU2, v11.2.2

v11.2.2

v11.2.1 MU2

v11.2.1, v11.2.1 MU1, v11.2.1 MU2, v11.2.2

v11.2.2

v11.2.2

v11.2.2

v11.2.2

5.0 What’s New for ZENworks 11.2.2

Version 11.2.2 includes the following new or enhanced features:

5.1 Support for New Platforms

Version 11.2.2 has added support for the following:

  • Mac OS X Mountain Lion (10.8)

  • Open Enterprise Server (OES) 11 SP1

  • RHEL 5.8, 6.2, 6.3 (only as managed devices)

  • Citrix XenApp 6.5

  • XENServer 6.1

  • XENDesktop 5.6 Feature Pack 1

5.2 Administration Browser Support

Firefox 15.0 is now supported.

5.3 Deployment Snooze

The new Deployment Snooze feature enables users to create a deployment task in ZENworks Control Center that can snooze the agent installation on a Windows device. For more information, see Deploying the ZENworks Adaptive Agent in the ZENworks 11 SP2 Discovery, Deployment, and Retirement Reference.

5.4 Startup Location

A Startup Location for a managed device can now be defined at the Management Zone, device folder, or device level, and this is used by the ZENworks agent until the actual location for the device can be determined.

When a device boot operation is performed, the network interface takes considerable time to start. This might cause a delay in the user login because of the use of an incorrect location, or because of incorrect or unreachable closest servers. You can use the Startup Location feature to solve this problem, thus enhancing the user login experience.

5.5 Endpoint Security Policies

Enhancements have been made to the following security policies:

  • Application Control Policy: An Enforcement Behavior on Running Processes option was added to enable the control behavior (No Execution or No Internet Access) to be enforced on running applications immediately after the policy is applied to a device. Previously, the control behavior was enforced only at application launch time. For more information, see Application Control Policy in the ZENworks 11 SP2 Endpoint Security Policies Reference.

  • Communication Hardware Policy: Several changes were made to this policy:

    • The Serial/Parallel setting was split into two separate settings.

    • The Wired setting and Approved Adapters list are now available in global policies; previously, the settings were included only in location-based policies.

    • The Disable Modems When Wired setting and the Disable Wi-Fi When Wired setting are now available in location-based policies; previously, the settings were included only in global policies.

  • Data Encryption Policy: Several options were added to this policy:

    • To enable users to have better access to their Safe Harbor locations, you can now integrate the Safe Harbor locations with Windows Explorer. This causes the Safe Harbor locations to appear in the Favorites list and in the Send to list.

    • You can now apply password encryption to files saved to any location on a removable storage device. Previously, you specified a folder as the password-encryption folder and only files saved to that folder were password encrypted. You now have the choice between the two options: providing a single password-encryption folder or using all locations on the entire removable storage device.

    For more information, see Data Encryption Policy in the ZENworks 11 SP2 Endpoint Security Policies Reference.

  • Firewall Policy: DNS Name is now supported as an address type in the Access Control List. You can use standard DNS name notation (for example, www.novell.com) or standard CIDR DNS name notation (for example, www.novell.com/16).

  • VPN Enforcement Policy: This policy was enhanced to support configurable Internet and VPN detection methods, and to support the use of Pre-VPN and Timeout locations. For more information, see VPN Enforcement Policy in the ZENworks 11 SP2 Endpoint Security Policies Reference.

  • Wi-Fi Policy: The Ad Hoc Connections and Wi-Fi Connections settings are now available in location-based policies. Previously, the settings were available only in global policies.

6.0 Issues Resolved by Version 11.2.2

Some of the issues identified in the initial version of ZENworks 11.2 have been resolved with this release. For a list of the resolved issues, see TID 7010757 in the Novell Support Knowledgebase.

7.0 Continuing Issues in ZENworks 11.2.2

Some of the issues that were discovered in the original shipping version of ZENworks 11 SP2 have not yet been resolved. For continuing issues, review the following Readmes:

The Readmes have been updated to indicate which issues are fixed by version 11.2.2.

8.0 Known Issues in Version 11.2.2

8.1 The Upgrade Remote Management Viewer link remains visible in a Firefox browser

The Upgrade Remote Management Viewer link remains visible in Firefox when you attempt a Remote management operation on an RHEL 5 device, even after upgrading to ZENworks 11.2.2. This is because Firefox does not recognize the plug-in upgrade for RHEL 5 even after upgrading and restarting the browser.

Workaround: See TID 7010917 in the Novell Support Knowledgebase.

8.2 A Device policy is applied even if the Policy Resolution Conflict setting is set to User Only

When a user policy and a device policy are assigned to a device and the Policy Resolution Conflict setting is set to User Only, the device policy is still applied.

Workaround: None

8.3 After the ZENworks 11.2.2 upgrade, Macintosh users do not get the Install and Configure privileges

(Fixed in v11.2.3)After upgrading to ZENworks 11.2.2, Macintosh users do not get the install and configure privileges.

Workaround: To get the install and configure privileges by default, add the users manually by using the zac commands.

8.4 A DLU policy cannot be used on a device that has Citrix XenApp 6.5 installed

A Dynamic Local User (DLU) policy cannot be used on a device that has Citrix XenApp 6.5 installed because when you launch the Citrix session through a browser, the Novell client login is not involved.

Workaround: None

8.5 The standalone agent features do not work on a ZENworks 10.2.2 agent

The administrator cannot install, uninstall, or enable the standalone agent features on a ZENworks 10.2.2 agent.

Workaround: None

8.6 Changes made to the User Configuration settings through a Windows Group policy on any server class machine are not displayed

On any Windows server class machine, changes made to the User Configuration setting through a Windows Group policy are not reflected in the gpedit.msc file but are effective on the device.

Workaround: None

8.7 The workstation's gpedit.msc file is not restored to its previous state after creating a Windows Group policy

After you create a Windows Group policy by using ZENworks Control Center, the workstation's gpedit.msc file is not restored to its previous state.

Workaround: None

8.8 Yast Addon Signature Check Failed message appears

While installing ZENworks Agent through Yast Addon, though it is signed, the Signature Check Failed error message appears.

Workaround: Ignore the Signature Check Failed error message and continue with installation.

For more information, see TID 7011297 in the Novell Support Knowledge.

8.9 Unable to use the zman sui command to import the ZENworks 11.2.2 system update to a ZENworks Server, on an RHEL-5.x Server

On an RHEL-5.x server, if the size of the system update zip file is more than 2 GB, unzipping does not work, and you cannot import the system update by using the zman sui command.

Workaround: Perform the following steps:

  1. Navigate to the Red Hat vvitek directory.

  2. Install unzip-5.52-3.0.bz497482.el5_7.i386.rpm on the RHEL 5.x server.

  3. Run the rpm -Uvh unzip-5.52-3.0.bz497482.el5_7.i386.rpm command.

  4. Run the zman sui <zip file path> command.

9.0 Legal Notices

Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2013 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

For Novell trademarks, see the Novell Trademark and Service Mark list.

All third-party trademarks are the property of their respective owners.