Environment
Novell ZENworks Configuration Management 11.3
Situation
Standalone system updater fails with intermediary subordinate CA in zone or if CASubject does not match initial-web-service URL
ERROR:
[SystemUpdate] [Checking if device is registered.]
[SystemUpdate] [Initial web service file C:\Program Files (x86)\Novell\ZENworks\conf\initial-web-service found.]
[SystemUpdate] [CA certificate name DC=com, DC=doman, CN=server does not match registry CA certificate name CN=domain Root CA ]
[SystemUpdate] [Device registered to different zone] [ERROR] [] [] []
Resolution
Workaround:
- Download the standalone updater to the agent device.
- Extract the content of standalone updater using command line -
- "11.4.0.8141 windows 64.exe" -n -d "c:\temp"
- This will extract all content bundled with 11.4.0.8141 windows 64.exe in temp directory.
- Replace the ca.pem file with new ca certificate chain having full chain.
- Run the StandaloneUpdater.exe from temp directory.
Workaround 2:
If a one off, registry can be modified temporarily to change registry:
- rename HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node\]Novell\ZCM\CASubject
- add HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node\]Novell\ZCM\CASubject to match the top CA subject as seen in logs above.
- Run the standalone updater
- Revert the registry change above