9.0 Troubleshooting User Sources

This section contains explanation on some of the user source problems.

User source context is not displayed when User Source is down and loader service is restarted on Primary Servers

Source: ZENworks LDAP User Source
Explanation: In ZENworks Control Center, the user source contexts might not be displayed when the user source is down or not reachable, and the loader service or Primary Server is restarted. This might cause the ZENworks user login on the Managed devices to fail as the user content is missing
Possible Cause: The User source is not reachable or down, and when the loader or Primary Server is restarted. On every loader restart, the iaRealms.xml file will be recreated and if the user source is down, the file will be created without user context information. This causes the ZENworks user login to fail on the managed devices.
Action: Ensure that the user source is up and running, or reachable from Primary Servers, and then restart the loader service on the Primary Servers.

The Last Sync Status of Azure Active Directory User Source is Not Updated

Source: Azure AD User Source, ZENworks
Explanation: If you have configured the User Sync Server and the last sync details have not been updated, then the User Sync Server might not be accessible.

For more information on the user sync server status, see user-sync.log.

Action: Ensure that the configured User Sync Server is up and running.

To configure User Sync Server: In ZCC, go to Configuration > Management Zone Settings > Infrastructure Management > User Source Settings.

Azure AD User Details are Not Displayed When ZENworks Application is Launched as Shell

Source: ZENworks, Azure AD User Source
Explanation: When you launch ZENworks Application (ZAPP) as Windows Shell using Azure AD credentials, the user details might not be displayed.
Action:

Perform the following steps:

  1. If you are logging in for the first time using Azure AD credentials, disable ZAPP as Shell.

  2. Log into the device. Ensure that you select the same account on the ZENworks and Microsoft login screens. Verify in the ZENworks Application window that you are successfully logged into the device.

  3. Enable ZAPP as Shell.

  4. Log out and log into the device.

    Now, you should be able to log into ZENworks with an Azure AD login and use resources managed by ZENworks.

If you modify the Azure application or user credentials, then you need to perform the above-mentioned steps again.

A user group of a Domain Services for Windows user source does not list the members of the group

Explanation: In ZENworks Control Center, a user group of a Domain Services for Windows (DSfW) user source might not list its members even though users have been added as members of this group.
Possible Cause: Objects such as users and user groups listed within the OESSystemObjects container might not have the objectSid attribute defined.

To determine whether an object has the objectSid attribute defined or not, perform the following steps:

  1. Log in to ConsoleOne.

  2. Right-click the object.

  3. Click Properties.

  4. Click the Other tab.

  5. Select the Show read only option and check if the objectSid attribute exists.

Action: In ConsoleOne, edit the description of such objects to generate the objectSid attribute for the objects.
Possible Cause: ZENworks Control Center throws an unknown host exception when you choose to list the members of the group:

Example:

Root exception is java.net.UnknownHostException: srmdsfw.com

Action: Edit the %WINDIR%\system32\drivers\etc\hosts on the Windows server or the /etc/hosts file on the Linux server to add the following entry for the unknown host:

ip hostname.com hostname

Example:

ip srmdsfw.com srmdsfw

Logging in to the user source on a ZENworks Server from a managed device might be slow if Trend Micro AntiVirus Plus AntiSpyware is installed on the device

Explanation: During installation of the ZENworks agent on a device, an executable file named NalView.exe, which is configured to run at user login, is added to the Run registry key. This addition enables the bundle icon to be placed on the Start menu, desktop, notification area, and the Quick Launch area of the Windows taskbar.

During the user login, NalView.exe runs on the device, resulting in a delay in the overall login time.

Action: To speed up the login process, do one of the following:
  • Disable NalView.exe at login time:

    NOTE:If you choose to disable Nalview.exe at login time, the bundle icon is not placed on the device Start menu, desktop, notification area, and the Quick Launch area of the Windows taskbar. However, the bundle icon is placed in the application window of the device.

    1. Open the Registry Editor.

    2. Go to HKLM\SOFTWARE\Netware\Nal\1.0\NalView\.

    3. Create a DWORD called Disabled and set its value to 1.

    4. Log in to the device again.

  • Launch NalView.exe after a delay of x seconds from the login time:

    1. Open the Registry Editor.

    2. Go to HKLM\SOFTWARE\Netware\Nal\1.0\NalView\.

    3. Create a DWORD called Delay and set its value to the time (in seconds) by which you want to delay the launch of NalView.exe.

    4. Log in to the device again.

An error occurs after adding an administrator group from Active Directory, when the AD is linked to the AD Root Domain

Explanation: While you configure a User Source, if you use Active Directory as the LDAP server and then add the root domain into the Context field, an error occurs. To resolve this problem, make sure you also add the AD Server to your hosts file.
Action: On a Windows managed device:
  1. Open %SystemRoot%\system32\drivers\etc\hosts in a text editor.

  2. Add the <IP-Address-of-the-AD-Server> <Domain-Name> entry to the file.

    For example, you could add the 164.99.165.51 example.com entry to C:\WINDOWS\system32\drivers\etc\hosts, where 164.99.165.51 is the IP address of the AD server and example.com is the domain name.

Action: On a Linux managed device:
  1. Open /etc/hosts in a text editor.

  2. Add the <IP-Address-of-the-AD-Server> <Domain-Name> <Short-Hostname> entry to the above file.

    For example, you could add the 164.99.165.51 example.com example entry to /etc/hosts, where 164.99.165.51 is the IP address of the AD server, example.com is the domain name, and example is the short hostname.

Queries sent from ZENworks Control Center to the user source are slow

Explanation: LDAP queries sent from ZENworks Control Center to the eDirectory user source trigger server-side sorts that cause a delay in receiving search results.
Action: To remove the sorting order and to receive results faster:
  1. Stop the ZENserver service.

  2. Change the disableSorting value to True in the following file:

    On Windows: <%ZENWORKS_HOME%>conf\datamodel\authsource\edirectory.zls.xml

    On Linux: /etc/opt/novell/zenworks/datamodel/authsource/edirectory.zls.xml

  3. Restart the ZENserver service.

eDirectory User groups of Domain Services for a Windows user source do not show up in ZCC when switching from the LDAP port 389 to 1389

Explanation: In ZENworks Control Center, the eDirectory user groups of Domain Services for a Windows (DSfW) user source might not be displayed when switching from the eDirectory LDAP port 389 to the Domain Services for Windows LDAP port 1389.
Possible Cause: For an LDAP Group object on an eDirectory server, the eDir Class Group is mapped to the Primary LDAP class groupOfNames. This is different for Domain Services for Windows (DSfW). For an LDAP Group object on a DSfW server, the eDir Class Group is mapped to the Primary LDAP class group.
Action: Use separate eDirectory servers when there are eDirectory user groups.

Browsing while configuring the Active Directory user source takes longer than expected

Explanation: Browsing for containers while trying to configure the Active Directory user source might take more time than expected, if ZENworks is configured to follow referral references.
Action: If there are no referrals in Active Directory, you can set the IgnoreADReferrals value to True in the authsourceconfig.xml file. This file can be accessed from the following location: %ZENWORKS_HOME%\conf\datamodel\authsource\authsourceconfig.xml

NOTE:The IgnoreADReferrals parameter is applicable only for the ZCC Browsing and Configuration information. It does not apply to Authentication.