Randomly ZCM agent can fail to receive device assignments

  • 7012405
  • 13-May-2013
  • 06-Nov-2013

Environment

Novell ZENworks Configuration Management 11.2 Bundles
Novell ZENworks Configuration Management 11.2 Policies

Situation

The user is authenticated to ZCM.
The device has different policies and/or bundles assigned than the user.

ZCM agent does not receive device specific assignments, so related policies and/bundles are not available.
In case of device assigned full disk encryption policy, the hard disk gets unencrypted.

Resolution

This is fixed in version 11.2.4 - see KB 7012027 "ZENworks Configuration Management 11.2.4 - update information and list of fixes" which can be found at https://support.microfocus.com/kb/doc.php?id=7012027

Cause

In case user and device session get refreshed at about the same time, the ZCM agent can mistakenly take the user assignments to be the effective ones for device session as well. This is related to how information related to the assignment web service call gets cached.

Additional Information

The ZCM agent caches a checksum for the answer provided by the assignment web service so in case the answer stays the same, only the checksum gets exchanged but not the actual assignment data. This has been done to reduce network traffic and increase performance.

The issue in this case is that only one general checksum is cached without distinguishing between user and device related assignments. So in rare, quite random situations the device session can reuse the user related assignment response checksum leading to the issue that the ZCM agent takes the very same assignments, the logged-in user actually has, as device assignments. This causes device specific assignments to get ineffective at least until next ZCM agent refresh.