Environment
Novell ZENworks Configuration Management 11.2
Novell ZENworks Endpoint Security Management 11.2Situation
ERROR:
Unable to decrypt encrypted Settings XML.StackTrace = at
Novell.Zenworks.ZESMCoreSetttings.ZESMCoreSetttingsModule.ApplySecuritySettings (String encrSecuritySettings)
Resolution
This is fixed in version 11.2.4 - see KB 7012027 "ZENworks Configuration Management 11.2.4 - update information and list of fixes" which can be found at http:////support.microfocus.com/kb/doc.php?id=7012027
Please report any problems encountered when using this Patch, by using the feedback link on this TID.
Workaround (two methods):
- NOTE: Workstations only, do not do this on primary!
Unregister the device with zac unr -f and register the device with zac reg.
OR:
- Enable client self defense in ZCC > Configuration > Device Management > ZENworks Agent > Enable self defense for the ZENworks Adaptive Agent
- Let the agent devices refresh according to schedule
- (Optional) If it is desired that this setting not be in place, disable the setting from Step 1 after all affected devices have refreshed.
- In some cases if the above steps do not work, it is necessary to make a minor change to the location in ZCC, Apply, then undo the change and Apply. Then on the managed device do a zac cc and zac ref bypasscache.
The location configuration service restores the KMK (Key Management Key).
Additional Information
Note, after the fix, the error may still be seen if the KMK is lost, but it should "self heal" as the agent will pull down another KMK and rebuild. After that the error will stop.
This error may be seen for other causes, such as corrupt ZES store or timing issue on services restart. If this TID does not fix the problem on more recent builds, contact Novell Technical Services.