Environment
Novell ZENworks Configuration Management 11.2 System Update
Novell ZENworks Endpoint Security Management 11.2 Full Disk Encryption
Novell ZENworks Full Disk Encryption
Novell ZENworks Endpoint Security Management 11.2 Full Disk Encryption
Novell ZENworks Full Disk Encryption
Situation
Upgrading device that has ZENworks Full Disk Encryption installed (messages below show 11.2.1, but the same issue applies to 11.2.2 and 11.2.3)
Failure when installing 'novell-zenworks-fde-sec-11.2.1.221.x86_64.msi'.
'novell-zenworks-fde-sec-11.2.1.221.x86_64.msi.log' shows the following:
a) If a FDE policy is being enforced,
MSI (s) (E0:D0) [07:28:58:219]: Doing action: Error_NeedPassword
Action ended 7:28:58: FSE_MSI_Branding. Return value 1.
Action start 7:28:58: Error_NeedPassword.
MSI (s) (E0:D0) [07:28:58:220]: Product: Novell® Full Disk Encryption --
Please enter the administration password via the property ADMINPWD or UPGDSCRIPT. The upgrade procedure will now abort.
Please enter the administration password via the property ADMINPWD or UPGDSCRIPT. The upgrade procedure will now abort.
Action ended 7:28:58: Error_NeedPassword. Return value 3.
Action ended 7:28:58: INSTALL. Return value 3.
MSI (s) (E0:D0) [07:28:58:230]: Note: 1: 1708
MSI (s) (E0:D0) [07:28:58:230]: Product: Novell® Full Disk Encryption -- Installation failed.
MSI (s) (E0:D0) [07:28:58:230]: Windows Installer installed the product.
Product Name: Novell® Full Disk Encryption. Product Version: 9.6.3.4000.
Product Language: 1033. Manufacturer: SECUDE AG. Installation success or error status: 1603.
Failure when installing 'novell-zenworks-fde-sec-11.2.1.221.x86_64.msi'.
'novell-zenworks-fde-sec-11.2.1.221.x86_64.msi.log' shows the following:
a) If a FDE policy is being enforced,
MSI (s) (E0:D0) [07:28:58:219]: Doing action: Error_NeedPassword
Action ended 7:28:58: FSE_MSI_Branding. Return value 1.
Action start 7:28:58: Error_NeedPassword.
MSI (s) (E0:D0) [07:28:58:220]: Product: Novell® Full Disk Encryption --
Please enter the administration password via the property ADMINPWD or UPGDSCRIPT. The upgrade procedure will now abort.
Please enter the administration password via the property ADMINPWD or UPGDSCRIPT. The upgrade procedure will now abort.
Action ended 7:28:58: Error_NeedPassword. Return value 3.
Action ended 7:28:58: INSTALL. Return value 3.
MSI (s) (E0:D0) [07:28:58:230]: Note: 1: 1708
MSI (s) (E0:D0) [07:28:58:230]: Product: Novell® Full Disk Encryption -- Installation failed.
MSI (s) (E0:D0) [07:28:58:230]: Windows Installer installed the product.
Product Name: Novell® Full Disk Encryption. Product Version: 9.6.3.4000.
Product Language: 1033. Manufacturer: SECUDE AG. Installation success or error status: 1603.
Resolution
This is fixed in version 11.2.4 - see KB 7012027 "ZENworks Configuration Management 11.2.4 - update information and list of fixes" which can be found at https://support.microfocus.com/kb/doc.php?id=7012027
Workaround: re-run the msi, enter the admin password from the 'Emergency Recovery' tab of the device from ZCC (this is a unique password for each device).
Alternatively, run the MSI on the managed device before upgrading to 11.2.x, then the upgrade should go through without error.
If desired, the "failed" device can marked as Ignored in the System Update, if required for baselining purposes, but the agent will still report as the old version, not the new.
Workaround: re-run the msi, enter the admin password from the 'Emergency Recovery' tab of the device from ZCC (this is a unique password for each device).
Alternatively, run the MSI on the managed device before upgrading to 11.2.x, then the upgrade should go through without error.
If desired, the "failed" device can marked as Ignored in the System Update, if required for baselining purposes, but the agent will still report as the old version, not the new.
Cause
This was an oversight during Novell's testing of this procedure. The upgrade requires the ERI admin password, which is not available to the System Update mechanism.