Troubleshooting Patch Management download problems in ZCM

  • 3865256
  • 07-Dec-2007
  • 24-Oct-2013

Environment

Novell ZENworks 10 Configuration Management
Novell ZENworks Patch Management 10
Novell ZENworks Configuration Management 11
Novell ZENworks Patch Management 11

Situation

What troubleshooting steps should be taken and which log files should be collected for ZCM if there are problems with Patch Management subscription downloads or deployment?

Resolution

Check the following:

  1. Does the server meet the minimum hardware requirements specified in the documentation?
  2. Is the Patch Management Service started? (In ZCC Configuration >Subscription Information >Start the Subscription Service >Service Running button).
  3. Was the replication time set (Subscription Communication Interval )? This time is based on the primary server containing the ZCC database local time.
  4. From the ZCM server where patch download has been enabled: Check for firewall / proxy issues in the Troubleshooting Patch Management (Patch Management Issues) section of the ZCM Documentation.
  5. Ensure that you are logged in as a LOCAL ACCOUNT on the ZCM server (not a domain account),  and also that the proxy settings in the web browser have been cleared, or verify that the browser proxy settings are *identical* to those that were input into the ZCM Patch Management proxy settings.
    (The reason to do browser testing with a local account is that it makes absolutely sure that NTLM windows specific authentication protocol isn't being used by the proxy/firewall; also that no other firewall agents are being used).
  6. Check Configuration Subscription Download , Configure http Proxy , Product Serial number and Subscription Service Information on ZCC Console for "Is Configured " and check the settings.
  7. Check \program files\novell\zenworks\zpm\dist for *.plr and *.pls files 
    (indicates successful contact and download with novell.patchlink.com).
  8. The types of bundles created for Patchlink include Remediation, DAU (Discover Applicable Updates) and ZPM Assignment bundles.
  9. Any connection errors that occur when you try to verify the license will show up in the loader-messages.log file on the ZCM server where patch download has been enabled.

Note: Once the Patch Managment download process starts, the entire download, bundle creation and content store file creation process is time consuming and memory and processor intensive. Let it run overnight or prepare ahead of time.

Logfiles:
See TID 3418069 - Enable debug logging for ZENworks 10 Configuration Management

Additional Information

Vulnerabilities list in ZCM (platform specifics):
 
On a Windows ZCM server you will see Vulnerabilities listed even if no other agents are configured, because the Windows server is a managed agent.
 
On a linux ZCM server you won't see Vulnerabilities until agents have registered and reported their DAUs.
 
DAU Process:
 
When a managed workstation has registered with the server, then a DAU (Discover Applicable updates) process is run on the agent which reports back to the server. The server downloads all of the meta data from the replicated vulnerabilities and checks to see if it is applicable for the workstation and if the workstation been patched or not. Until a DAU reports what is applicable and needed, there is nothing to show in the Vulnerabilities list on ZCC.
 
The agent schedule to generate and report DAU is on boot up, once a week, and after every deployment is completed, and upon the agent communication schedule to the server.
The agent DAU produces .plr files that get uploaded to the ZCM server using the same infrastructure used by agent status and the logging information in ZCM.

When the .plr files are uploaded to the ZCM server, they are copied to the zenworks/collections/patchlink directory, which acts as a "results queueâ€.

The ZCM server processes the .plr files in the zenworks/collection/patchlink directory.
 
What is the difference between /dist and /ncdist folders in the download process?
 
The once per day subscription download files are downloaded into /dist and then imported to the Content system as bundles; so any new critical patch updates will get downloaded into that directory during the patch subscription cycle after first installation, or on Patch Tuesday, for example.
 
The administrator also may do “Update Cache†at any time; and the system will also auto-download any bundles that you deploy with “Deploy Remediationâ€. This is done on a separate thread, and that download process uses the /ncdist directory.