How to move an agent to a new zone.

  • 7000620
  • 25-Feb-2009
  • 12-Feb-2018

Environment

Novell ZENworks Configuration Management 11.2
Novell ZENworks 10 Configuration Management with Support Pack 1 - 10.1 Registration

Situation

Server crashed and had to be rebuilt with a new certificate. All of the agents need the new certificate to register with the new server.  Or both zones are active and it is required to switch from one to another with script.

Resolution

Create a bat file or login script to automatically unregister, install the cert from a network share, then register to the new zone.
Certmgr.exe from Microsoft will need to be downloaded to insert the new certificate.  Get the ca.der from the new ZCM server then put the certificate and certmgr.exe on the share.

For Windows 7 and later use built in CertUtil.  See http://www.computertechblog.com/import-a-certificate-to-trusted-root-certification-authorities-using-command-prompt/  Example certutil.exe -addstore Root ca.der
  
Put these commands in the login script:
 
 
or if both zones are active:
 
 
NOTE:  Path to ca.der on linux server is: /etc/opt/novell/zenworks/security/ca.der
 
NOTE:  When registering, the FQDN of the server name should be used, not the IP address, to avoid the prompt to accept the server certificate.

Additional Information

Note:  Certificates can also be pushed out by group policy if devices are in a domain for external AD CA.

If the zac ci command is run when the agent is unregistered, the following error may  be seen at the command line:

RegisterUser - Unable to register with any service