Environment
Novell ZENworks Desktop Management 7 - ZDM7 Automatic Workstation Import
Situation
Troubleshooting Steps for the Automatic Workstation Import when
installed on a Linux server.
Resolution
1) Is the awsi service running?
"/opt/novell/zenworks/bin/ZDMstart --status" or"/etc/init.d/novell-zdm-awsi status"
The service can be started by"/etc/init.d/novell-zdm-awsi start" or"/opt/novell/zenworks/bin/ZDMstart"
2) Check the Configuration File"/etc/opt/novell/zenworks/zdm/novell-zdm-awsi.conf" for any recent changes.
Ensure the services are set to "true" and increase the logfilelevel to "3".
3) Clear Text LDAP Configuration.
a)Ensure Novell Ldap is running"/etc/init.d/nldap status" and open ldap is not.
b)Turn off TLS
Run "ldapconfig get" from the linux command line to get an overview of the ldap settings.
Turn off the following 2 settings:
"ldapconfig set 'Require TLS for Simple Binds with Password'=no"
"ldapconfig set'ldapTLSRequired'=no"
c) What is the value of "ldapconfig get 'LDAP TCP Port'" ?
Ensure the port is open and listening by running "netstat -tupan | grep 389".
d) Use 'ldapsearch' supplied with eDirectory and can be found in /opt/novell/eDirectory/bin/ or /usr/ldaptools/bin/.
"ldapsearch -x -h localhost -p 389 -D cn=admin,o=novell -w novell -b "" objectclass=*"
"/etc/init.d/novell-zdm-awsi restart"
Does AWSI now work?
4) Secure LDAP Configuration:
a) Run "ldapconfig get" and check the following 3 settings:
"ldapconfig set 'Require TLS for Simple Binds with Password'=yes"
"ldapconfig set'ldapTLSRequired'=no"
"ldapconfig set 'LDAP Enable SSL'=yes"
It will no longer be possible to search with the following command:
"ldapsearch -x -h localhost -p 389 -D cn=admin,o=novell -w novell -b "" objectclass=*"
b) What is the value of "ldapconfig get 'LDAP SSL Port'"?
Ensure the secure port is open and listening by running "netstat -tupan | grep 636".
c) The ldap server's trusted root certificate must be exported for the next test.
To find which certificate run"ldapconfig get 'LDAP:keyMaterialName'"
Locate the certificate object in eDirectory e.g "SSL CertificateDNS -".
Click on the "Trusted Root Certificate" section from the "Certificates" tab.
Export the Trusted Root Certificate. When prompted "Do you wish to export the private key with the certificate"
Click "No" and save the file in binary DER format.
Use 'ldapsearch' supplied with eDirectoy and can be found in /opt/novell/eDirectory/bin/ or /usr/ldaptools/bin/.
"ldapsearch -x -h localhost -p 636 -D cn=admin,o=novell -w novell -b "" objectclass=* -e //.der"
If this does not work then the Java key store where the certificate for AWSI is cached may need recreating.
"rm /opt/novell/zenworks/zdm/ldap-certs"
"/etc/init.d/novell-zmd-awsi restart" Restarting the AWSI servive will recreate java key store file.
5) An LDAP trace from the backend server may give more information. For instructions see KB 10062292.
"/opt/novell/zenworks/bin/ZDMstart --status" or"/etc/init.d/novell-zdm-awsi status"
The service can be started by"/etc/init.d/novell-zdm-awsi start" or"/opt/novell/zenworks/bin/ZDMstart"
2) Check the Configuration File"/etc/opt/novell/zenworks/zdm/novell-zdm-awsi.conf" for any recent changes.
Ensure the services are set to "true" and increase the logfilelevel to "3".
3) Clear Text LDAP Configuration.
a)Ensure Novell Ldap is running"/etc/init.d/nldap status" and open ldap is not.
b)Turn off TLS
Run "ldapconfig get" from the linux command line to get an overview of the ldap settings.
Turn off the following 2 settings:
"ldapconfig set 'Require TLS for Simple Binds with Password'=no"
"ldapconfig set'ldapTLSRequired'=no"
c) What is the value of "ldapconfig get 'LDAP TCP Port'" ?
Ensure the port is open and listening by running "netstat -tupan | grep 389".
d) Use 'ldapsearch' supplied with eDirectory and can be found in /opt/novell/eDirectory/bin/ or /usr/ldaptools/bin/.
"ldapsearch -x -h localhost -p 389 -D cn=admin,o=novell -w novell -b "" objectclass=*"
"/etc/init.d/novell-zdm-awsi restart"
Does AWSI now work?
4) Secure LDAP Configuration:
a) Run "ldapconfig get" and check the following 3 settings:
"ldapconfig set 'Require TLS for Simple Binds with Password'=yes"
"ldapconfig set'ldapTLSRequired'=no"
"ldapconfig set 'LDAP Enable SSL'=yes"
It will no longer be possible to search with the following command:
"ldapsearch -x -h localhost -p 389 -D cn=admin,o=novell -w novell -b "" objectclass=*"
b) What is the value of "ldapconfig get 'LDAP SSL Port'"?
Ensure the secure port is open and listening by running "netstat -tupan | grep 636".
c) The ldap server's trusted root certificate must be exported for the next test.
To find which certificate run"ldapconfig get 'LDAP:keyMaterialName'"
Locate the certificate object in eDirectory e.g "SSL CertificateDNS -
Click on the "Trusted Root Certificate" section from the "Certificates" tab.
Export the Trusted Root Certificate. When prompted "Do you wish to export the private key with the certificate"
Click "No" and save the file in binary DER format.
Use 'ldapsearch' supplied with eDirectoy and can be found in /opt/novell/eDirectory/bin/ or /usr/ldaptools/bin/.
"ldapsearch -x -h localhost -p 636 -D cn=admin,o=novell -w novell -b "" objectclass=* -e /
If this does not work then the Java key store where the certificate for AWSI is cached may need recreating.
"rm /opt/novell/zenworks/zdm/ldap-certs"
"/etc/init.d/novell-zmd-awsi restart" Restarting the AWSI servive will recreate java key store file.
5) An LDAP trace from the backend server may give more information. For instructions see KB 10062292.