Unable to decrypt encrypted Settings XML.StackTrace = at Novell.Zenworks.ZESMCoreSetttings.ZESMCoreSetttingsModule.ApplySecuritySettings

Workaround: if it is not possible to upgrade to ZCM 11.2.4 at this time, in the interim, Novell has made a Patch available for testing, as part of a Monthly patch update: it can be obtained at https://download.novell.com/Download?buildid=s5zcEae9xcI~ as "ZCM 11.2.3a Monthly Update 1 - see TID 7012025". This update should only be applied if the symptoms above are being experienced, and are causing problems.

Please report any problems encountered when using this Patch, by using the feedback link on this TID.

1. NOTE:  Workstations only, do not do this on primary!
   Unregister the device with zac unr -f and register the device with zac reg.

1. Enable client self defense in ZCC > Configuration > Device Management > ZENworks Agent > Enable self defense for the ZENworks  Adaptive Agent
2. Let the agent devices refresh according to schedule
3. (Optional) If it is desired that this setting not be in place, disable the setting from Step 1 after all affected devices have refreshed.
4. In some cases if the above steps do not work, it is necessary to make a minor change to the location in ZCC, Apply, then undo the change and Apply.  Then on the managed device do a zac cc and zac ref bypasscache.
   The location configuration service restores the KMK (Key Management Key).

Note, after the fix, the error may still be seen if the KMK is lost, but it should "self heal" as the agent will pull down another KMK and rebuild.  After that the error will stop.