ZENworks Full Disk Encryption: Custom DMI.INI removed from SBS partition during 11.4.1 Upgrade

  • 7017160
  • 15-Jan-2016
  • 31-May-2016

Environment

Novell ZENworks Full Disk Encryption 11.4.1

Situation

Custom DMI.INI files may be deleted when devices running ZENworks Full Disk Encryption are upgraded to ZCM 11.4.1

Resolution

This is fixed in version 11.4.2 - see KB 7017469 "ZENworks Configuration Management 11.4.2 - update information and list of fixes" which can be found at https://support.microfocus.com/kb/doc.php?id=7017469

For 11.4.1:  A patch for the ZCM 11.4.1 System Update is available here that will correct the FDE upgrade code to prevent the issue: https://download.novell.com/Download?buildid=QyKbhgJl6Vg~
Note:  The ZCM 11.4.1 System Update does not need to be reapplied to any devices, since there is no change in executable code.
 
 
For those devices already upgraded to ZCM 11.4.1, the custom DMI.INI file that was deleted during the upgrade process can be restored by using the following process.
 
#1 - From the ZCC open the FDE policy that is applied to your device, go to Details Tab->DMI Settings->Edit and then select copy all.
#2 - Paste the settings into a new text file named DMI.INI
#3 - Create a bundle with an "Install File" action that copies the new DMI.INI to C:\Windows\NAC\SBS
#4 - Assign the Bundle so it is deployed to devices with this FDE Policy.
Note: If different devices have different FDE policies with differing DMI.INI settings, then repeat the steps above for the other devices.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Additional Information

In very rare cases, the loss of the DMI.INI file may cause a device running FDE to fail to boot.
 

Acquire ERI file and password from the ZCC > Full Disk Encryption > Emergency Recovery tab.
Save the ERI file to a USB drive or you can also add the ERI file the ERD when you create it.
After booting device to the ERD disk select:
File > Open ERI file > this will launch a browse box, select the ERI file > a password prompt will be displayed to enter the ERI password.
Right click the partition and select Decrypt drive. 
This will take some time to decrypt.
After decryption completes click BootChain > Restore original MBR. 
Restart device. 
 
After logging in to windows the  FDE policy will re-apply itself.
The policy re-apply will automatically replace the dmi.ini file fixing the issue.