October 8, 2008
This document was updated in the following sections on the dates indicated:
Removed the “Invalid Certificates” section.
The following changes were made:
Section 3.5, Asset Management Services Migration Utility, was added, which details issues with the ZENworks Asset Management Migration Utility.
The following changes were made:
In Windows Group Policy Issues, the following issue has been newly added:
The Group Policy tool does not launch on a Windows* Vista* machine if the User Account Control () is enabled and Mozilla* Firefox* 220.127.116.11 or later is installed.
The DNS settings of the ZENworks 10 Configuration Management device configured in the ZENworks Control Center are overwritten.
Migration tool fails to connect to the server.
In Migration, the following issues have been newly added:
The issues fixed in Update for Novell ZENworks Configuration Management (10.0.2) are identified with the phrase (Fixed in v10.0.2).
In Reporting Issues, the workaround for the following issue has been updated:
Reporting does not work if the ZENworks database is an SQL Server* database, and the authentication mode is Windows Authentication.
The issues included in this document were identified for Novell ZENworks 10 Configuration Management.
For installation instructions, see the Novell ZENworks Configuration Management Installation Guide.
For administrative tasks, see the Novell ZENworks 10 Configuration Management documentation Web site.
This section contains information about ZENworks Configuration Management issues that might occur.
This section contains information about the issues that might occur with using the System Updates feature in ZENworks Configuration Management.
Each Primary Server requires at least 5 GB of disk space for downloading the update because the server where the update is actually downloaded is randomly chosen. Each managed device needs only 1 GB to do a full update.
Sometimes the System Updates download or building process does not complete.
Workaround: Delete the download, wait a few minutes, then restart the download.
When you install the Primary Server software to a Linux* server, a portion of the ZENworks Adaptive Agent is activated so that you can use the System Updates feature for your Linux server. Because of this, other Adaptive Agent management capabilities appear to be available for Linux servers. However, if you attempt to use them, nothing happens because those portions of the agent are not active for the Linux platform.
Workaround: Ignore Linux servers that are listed as managed devices.
This section contains information about the issues that might occur when you install ZENworks Configuration Management.
If you are running the installation to a 64-bit Windows device through either a share on a VMware* host or another network drive, the installation might hang when attempting to install a ZENworks MSI.
Workaround: Cancel the installation, kill the hung msiexe.exe process in the process viewer, copy the ZENworks installation folders to the local device, then re-run the installation.
If you select to install a new Microsoft* SQL database during installation of Configuration Management, the path must already exist. You cannot create the database’s directory during installation.
Workaround: Create the directory for the MS SQL database before starting the installation program.
(Fixed in v10.0.3) If you attempt to install using a named instance of an external Microsoft SQL server that contains an underscore (_) character, such as DB_NEW, a message indicates you need to start the browser service on the MSSQL server, but it is already running. The installation cannot proceed.
Workaround: Do not use a named instance that contains underscore characters.
If your environment is running the Novell ZENworks Linux Management - Dell Edition and you created ZENworks partitions on your clients, when the partition is booted to update your clients to ZENworks 10 Configuration Management, the partition no longer works and fails the update.
Workaround: Before you install ZENworks 10 Configuration Management to your environment, create a scripted imaging task and force all ZENworks partitions to run it in preparation to update to Configuration Management.
Create the following script to fix the /etc/ZUpudate.sig file contained in the initrd resource file:
export PATH=/sbin:/usr/sbin:/bin:/usr/bin:/lbin mount $ZENDEVICE /mnt/harddisk cp /mnt/harddisk/boot/loader/initrd /initrd.gz #make a backup of initrd cp /mnt/harddisk/boot/loader/initrd /mnt/harddisk/boot/loader/initrd.sav gunzip /initrd.gz mount -o loop /initrd /mnt/cdrom cp /mnt/cdrom/etc/ZUpdate.sig / dos2unix /ZUpdate.sig cp /ZUpdate.sig /mnt/cdrom/etc umount /mnt/cdrom gzip -v9c /initrd > /mnt/harddisk/boot/loader/initrd umount /mnt/harddisk
A Java* exception is given when you are trying to install with a VNC connection.
Workaround: Use SSH and the command line installation.
If time is not synchronized on the network before you install the ZENworks Configuration Management services, you see invalid certificate errors because the certificates have dates that are in the future, and therefore are considered invalid.
Workaround: Make sure that your network has its time synchronized before you install the Configuration Management services. Make sure to include ZENworks back-end servers in the synchronization.
The ZENworks Configuration Management installation uses the default SSL port of 443. If your SSL is configured to use a different port and you make that change during installation, your managed devices cannot connect to their Primary Servers.
Workaround: On each client, open the following file in a text editor and replace the 443 port number with the one that you changed to during installation:
You cannot install BusinessObjects* Enterprise XI Release 2 to a Primary Server running a 64-bit operating system.
If you cancel the BusinessObjects Enterprise installation, the following incorrect message is displayed:
ZENworks Configuration Management has been successfully installed to ZENworks_installation_path.
On Windows, BusinessObjects XI is not successfully reinstalled if you uninstall ZENworks Configuration Management and then reinstall it
Workaround: Install the BusinessObjects Enterprise on a different ZENworks server in the same management zone.
If you remotely connect to a managed device using Remote Desktop Connection (RDP), then download and install the ZENworks Adaptive Agent, the installation does not complete and the Remote Desktop Connection program stops working.
Workaround: Avoid using RDP to install the ZENworks Adaptive Agent. If you want to install the ZENworks Adaptive Agent through RDP, install it without the Remote Management component.
During product installation you have the option to select ports other than the defaults of 80 and 443, but AdminStudio requires that the Primary Server be using ports 80 and 443.
Workaround: None. To use AdminStudio, you must install it on a Primary Server that is using ports 80 and 443.
The ZENworks Adaptive Agent and zac utility require the mono-extras-1.2.4-3.novell.i586.rpm file to be installed on a SUSE® Linux Enterprise Server. If it is not, the agent and utility do not load.
Although Mono® can be installed on the Linux server and is detected by the requirements checker during installation, the checker does not detect whether the required mono-extras file exists.
Workaround: Do the following:
Obtain the RPM file from one of the following sources:
We recommend that you install the mono-extras file from the product media to ensure that all required files are installed. The file is located on the product media in either:
If the product media is not available, download the mono-extras file from the Mono Web site:
Then, under either rpm Linux/x86 or rpm Linux/x85_64, clickfor either SUSE Linux 10.1 or 10.2.
Under Mono, clickand save the file to disk.
Install the mono-extras file using YaST.
For information on using YaST, see Add Package Repositories to YaST.
If you are installing the first primary server on a Linux device, and if at the end of the process that configures the database you see an error has occurred and you are given the option of continuing or rolling back, you should check the log file at /var/opt/novell/log/zenworks/ZENworks_Install_[date].log.xml. If it’s the error specified below, it is safe to continue with the install.
select tableName, internalName, defaultValue from Adf where inUse =?# An unexpected error has been detected by HotSpot Virtual Machine: #SIGSEGV (0xb) at pc=0xb7f6e340, pid=11887, tid=2284317600 # #Java VM: Java HotSpot(TM) Server VM (1.5.0_11-b03 mixed mode)
#Problematic frame: #C [libpthread.so.0+0x7340] __pthread_mutex_lock+0x20
Workaround: Ignore the error message.
If you install BusinessObjects Enterprise on Windows or Linux Primary server by using the Novell ZENworks 10 Configuration Management DVD, the following incorrect message might be displayed:
Failed to install BusinessObjects Enterprise XI R2. See installation logs for more details.
Workaround: To verify that the installation completed successfully, open ZENworks Control Center, click thetab, then click .
If the installation was successful, the Predefined Reports page should be displayed.
If the installation was unsuccessful, the following might be displayed at the top of the ZENworks Control Center page for thetab:
There are no Business Objects Reporting servers configured in the Management Zone.
For more information, review the BusinessObjects XI installation log file.
Windows: Installation_path\Novell\ZENworks\share\boe\ BusinessObjectsEnterprise11.5\Logging\BOEInstall_0.log.
This section contains information about accessibility issues when using ZENworks Configuration Management.
By default, Windows does not provide keyboard support for the toolbar.
Workaround: Enable the accessibility options in Windows and use the Accessibility Wizard to enable mouse key settings. Then, mouse functions can be controlled by using the numeric keypad.
This section contains information about ZENworks Asset Management Services.
When you create a new Software Usage custom report and save it, the new report does not appear in the report list.
Workaround: Navigate out of the page and back in.
This section contains information about the issues that might occur with the ZENworks 10 Configuration Management with SP1 Asset Management Services Migration Utility.
Do not use version 10 of the migration utility if you plan on migrating asset management data to ZENworks 10.x Configuration/Asset Management at a later date. If you use version 10 of the ZENworks Asset Management Migration utility, you will not be able to use ZENworks 10 Configuration Management with SP1 Asset Management Services Migration Utility, which will support migration of asset management data.
To ensure migrated devices are reconciled to active devices in your ZENworks Configuration Management system, first apply version 10.0.3, migrate devices, and then deploy the ZENworks Configuration Management Adaptive Agent to those devices from the Discovered Devices tab in ZENworks Control Center (under thelist.)
If you want to roll out ZENworks Configuration Management in stages, you can still ensure that migrated device inventory is reconciled to active devices in ZENworks Configuration Management by migrating sets of workstations from ZENworks Asset Management Services and then deploying the Adaptive Agent to those devices using the method described above.
Migrated devices may produce duplicate records if a workstation that had been managed by legacy ZENworks Desktop Management and ZENworks Asset Management 7.5 is migrated from ZENworks Asset Management 7.5 and then the ZENworks 10 Configuration Management Adaptive Agent is deployed to it.
Data can only be migrated once using the migration utility.
The migration utility does not migrate asset inventory custom reports.
The migration utility does not migrate user-defined field data.
This section contains information about the issues that might occur when you use bundles in ZENworks Configuration Management.
Because Linux devices cannot have the ZENworks Adaptive Agent, you cannot assign bundles to be sent to them. However, in ZENworks Control Center, Directive bundles assigned to a Linux device might show as effective, which is incorrect.
If you set up an action to both back up the registry and edit the HKEY_CURRENT_USER part on Windows Vista, because all user-initiated processes in Vista run as the lowest privileged user, this action fails.
Workaround: Use two different registry actions, one to back up the registry in the system context, then another to edit HKEY_CURRENT_USER in the user context.
When you create an Install Directory File bundle, the directory is installed even if its name contains spaces; however, it cannot currently be uninstalled using the Undo Install Actions action.
Workaround: Avoid spaces in directory names if you want to enable the uninstall of that directory.
This section contains information about the issues that might occur with CASA in ZENworks Configuration Management.
CASA does not completely authenticate via the HTTP proxy during initial authentication, but instead contacts the Primary Server directly. After authentication, all CASA traffic goes through the HTTP proxy when using the ZENworks Adaptive Agent Logout/Login feature.
Workaround: Access rules must allow access to ports 80, 443, and 2645. Additionally, HTTP forward proxy settings must be configured in two locations:
Device Management in ZENworks Configuration Management uses the WinInet HTTP protocol. Therefore, forward proxy settings must be configured in Internet Explorer*: Click> > > > .
Device Management in ZENworks Configuration Management uses CASA authentication, which uses WinHTTP Services. WinHTTP requires proxycfg.exe. For example:
proxycfg -p forward_proxy_IP_address:8080
For more information on proxycfg.exe, see ProxyCfg.exe, a Proxy Configuration Tool.
This section contains information about the issues that might occur when you use the Discovery and Deployment functions in ZENworks Configuration Management.
If your workstations and servers are not configured in your DNS server, the discovery process cannot work because Active Directory* does not contain DNS names.
Novell eDirectory™ can contain DNS names. However, if the DNS attribute is not configured in eDirectory, you should configure them in your DNS server. Otherwise, IP addresses are displayed as the names in the discovery listing.
Workaround: Configure DNS names for your workstations and servers before running LDAP discovery.
It is normal for a Web browser to resend information in order to refresh a page. ZENworks auto-updates the data on a Deployment page every 5 seconds, so you should not need to refresh the Deployment page after running a Discovery task. If you do refresh the Deployment page in ZENworks Control Center, after running a Discovery task you are asked to confirm to resend in order to refresh the page. Do not do this, or the Discovery task runs again.
Workaround: Do not refresh the Deployment page after running a Discovery task. Instead, exit the page and return to see any changes.
Orphaned or to-be-deleted files from a pre-task or post-task action during a deployment task that uses a proxy are not cleaned up.
For example, if you run the deployment task from a Linux server through a Windows proxy, there is a folder created in the _rfu_cache directory on the Windows device that contains the pre-task or post-task command file. If you delete the task in ZENworks Control Center, the command file is left on the Windows proxy device.
Workaround: Manually delete the orphaned or to-be-deleted files.
This section contains information about the issues that might occur for access to files in ZENworks Configuration Management.
If you want to uninstall ActiveX controls or Firefox extensions, do the following:
ActiveX Controls: Go to c:\windows\downloaded program files, right-click nfileupload class, then select .
Firefox Extension: In Firefox, click> , select , then click .
This section contains information about the issues that might occur when using Imaging in ZENworks Configuration Management.
These imaging utilities are available at the following locations:
In traditional ZENworks, you provided the path for imaging files (.zmg). In ZENworks Configuration Management, image files are automatically saved to the following location, which cannot be changed:
If you need more disk space for large imaging files than is available in your current content repository location, you can change this location to a different partition. For more information, see Content Repository in the System Administration Reference.
In traditional ZENworks imaging, to manually perform an imaging operation you needed to provide the server ID and full path to the imaging file. Because images are stored in a fixed location in ZENworks Configuration Management (see Section 3.10.2, Image file location in Configuration Management), you only need to provide the image filename (the .zmg file). For example, if you saved the image file in the default location, enter:
img -rp myimagefile.zmg
Because you can organize your images under the \images directory by adding subdirectories, the additional path where you created the image file should be provided. For example:
img -rp /windows/vista/myimagefile.zmg
When you launch Image Explorer in Linux, then click> , the Firefox browser is opened by default.
Workaround: If you want to use any other HTML viewer, modify the ZMGEXP_HELP_BROWSER environment variable to point to the utility of your choice.
You can configure IP addresses for non-registered devices. Click thetab > > , under click to expand the section, go to the IP Address Configuration panel and click to open the Range Information dialog box, then fill in the fields to specify an IP range for non-registered devices.
However, after a non-registered device is imaged, the allocation of IP addresses from the provided ranges does not work.
If you create a new image file in Image Explorer, then select a .lnk file for the image, instead of including the shortcut file, the file it points to is saved in the image.
For example, you open Image Explorer, click services.msc, then save the new image file. Instead of including the .lnk file that points to services.msc, services.msc itself is contained in the image.> , select a partition, click > , select a shortcut file that points to
In previous versions of ZENworks you could specify a registered device as a master in a multicast session. However, in Configuration Management you can only point to a file and the users, and the time-out can be specified; you cannot specify a particular device as the master.
After the ZENworks Adaptive Agent is installed and the device is rebooted for the first time, the device should receive its image safe data (ISD) when the operating system loads. However, Windows Vista devices only receive a device GUID and a device index in ISD (from the agent).
Workaround: Reboot the device again, and the remainder of the ISD is received from ziswin (the ZISD service).
In Image Explorer, if you add shortcut icon file by using the .lnk file is not saved; however, only the actual file that the .lnk points to is saved. For example, if the shortcut is pointing to an .exe file, the original .exe file is saved but not the .lnk file.option, then the actual
Workaround: To add the .lnk file, use theoption.
When installing Configuration Management, the help file (ziswin.chm) for the ZENworks Image Safe Data for Windows Editor does not get installed with its executable (ziswin.exe).
Workaround: Download the help file and install it manually:
Under Help, click ZENworks Image Safe Data for Windows Editor to download the help file.
Copy the file into the following path on your ZENworks 10 Windows server:
The preboot directory is where the ziswin.exe file resides.
This section contains information about the issues that might occur when logging in to various locations in ZENworks Configuration Management.
A Microsoft security fix (see their knowledge base article 312461) disallows certain characters in DNS names by not returning cookies where those characters are used in the server’s name. Without cookies being returned, state information cannot be preserved across HTML requests, so the user cannot log in to ZENworks Control Center.
The only characters allowed in Windows for DNS names are the alphabetical characters (a‑z), numbers, and the hyphen. For example, you cannot use an underscore character. Use a hyphen instead.
This is not an issue with the Firefox browser, even when it is being run in Windows.
Reference the IP address instead of its DNS name.
Reference a valid DNS name for the IP address the server is using. For example, your server name might be A_Server.mycompany.com, but the DNS registration for the IP address might be Aserver.mycompany.com, which will work.
If you will only use Internet Explorer to run ZENworks Control Center, do not use underscores in your server names.
After an image containing the ZENworks Adaptive Agent has been restored on a Windows Vista device, nothing is displayed to indicate that anything is happening. After awhile, the device suddenly reboots.
This section contains information about the issues that might occur during migration to ZENworks Configuration Management.
If you create an Application object in ZENworks 7 that merely deletes a single registry string value, then migrate it to ZENworks 10, the Migration Utility converts the Application object to an MSI. However, the registry entry is not deleted when the migrated MSI is installed.
When migrating applications, the application version might not get migrated. This happens if Windows .NET Framework 2.0 patch KB928365 has been applied to the device being used for migrating. This is an issue that requires Microsoft to fix in a future patch.
Workaround: To perform the migration of applications, use only a Windows device where patch KB928365 has not yet been applied.
When you migrate the network settings, including the DNS settings, of a non-registered traditional ZENworks device to a ZENworks 10 Configuration Management device, the DNS settings of the ZENworks 10 Configuration Management device configured in the ZENworks Control Center are overwritten.
Workaround: Do not migrate the DNS settings of the traditional ZENworks device. You must manually add the DNS setting as follows:
In ZENworks Control Center, click.
In the Management Zone Settings panel, click.
Add the DNS settings in thelist.
If the password of the ZENworks 10 Configuration Management server contains extended characters, then the Migration tool fails to connect to the server.
Workaround: You must not use extended characters in the ZENworks server password.
This section contains information about the issues that might occur when you use NAT with ZENworks Configuration Management.
In both a public and private network where static NAT is configured between the networks, content might not be pushed down to the devices you are managing.
Workaround: Configure the DNS server with the DNS name of the ZENworks server, and map the DNS name to the public IP address.
This section contains information about the issues that might occur when you use Patch Management in ZENworks Configuration Management.
To enable the Patch Management feature, log in to ZENworks Control Center and go to thetab, select the settings area, and click the link.
Select a Windows or Linux Primary Server in your zone that can be used for patch subscription downloads.
This server should have at least 2 GB RAM and 10 GB free disk space for patch storage. To identify the server, click thebutton.
Select a daily subscription download time for when the patch subscription is downloaded to your Primary Server, then click.
At your predetermined time, the patch subscription downloads. This process takes 30 minutes longer, depending upon your Internet connection and processor speed.
When the download finishes, devices on your network are scanned automatically at their next refresh cycle, and results are displayed on thetab in ZENworks Control Center.
Vulnerabilities that appear in the vulnerability list have icons that indicate their status:
Orange: The vulnerability signature and information has been downloaded. At this stage the vulnerability can be scanned for, but remediation cannot be assigned successfully.
Blue: Indicates that all information for this patch, including the patch installation file itself, have been cached down to the ZCM server. The patch remediation for this vulnerability is ready to be assigned to devices that require it.
Grey: Shows that the vulnerability has been disabled from the patch list and scanning for it is no longer required.
Red: Denotes a mandatory baseline patch that is auto-assigned to devices that require the patch within a particular group or dynamic group.
If you choose a vulnerability that does not have cached files, it is not automatically deployed to devices. You must download the files from the patch repository and they must be packaged by ZENworks Configuration Management. Then the icon turns blue.
To initiate an immediate download of these packages, select theoption from the menu.
The integrated ZENworks Patch Management feature leverages the bundle creation and assignment features of ZENworks and the ZENworks Adaptive Agent to perform the actual scheduling and delivery of patches.
There are many difference between the way scheduling works in the ZENworks Patch Management 6.3 product and the new integrated offering. You should start with deploy on refresh so that patches are deployed during the next refresh cycle.
Many other options are available, including Blackout Schedules and so forth. Please refer to the documentation on software delivery.
Every time you use the Deploy Remediation Wizard, it creates a Directive Bundle in the ZPM folder on the tab. Within each Directive Bundle, it is possible to see the exact sequence of patch remediation bundles that were deployed, as well as any reboot actions that were added at the end of deployment.
These Directive Bundles are named beginning with ZPM Assignment and contain the date and time of deployment within the bundle name.
The Deploy Remediation Wizard step 4 has thebutton disabled in this release. It will be re-enabled in a future version of the integrated product. For now, the product allows assignment of patch remediation bundles quietly, either with or without a reboot at the end.
If you choose a vulnerability that has not been cached to your ZENworks Server, Deploy Remediation can still be used to assign the patch to target devices; however, there might be some time required before the assignment can be successfully delivered while the patch is downloaded to the ZENworks Server. If a remediation bundle is delivered before its payload is downloaded, you may receive a Content Unavailable error, but the bundle will eventually be delivered fully (if it has a recurring assignment) after the patch payload files are cached to the ZENworks Server.
To initiate an immediate download of patch remediation bundles, use theoption from the menu within any Vulnerabilities view.
When using the Deploy Remediation feature to assign a sequence of patch remediation bundles to one or more devices in the network, a “stuck” state has been discovered where the ZENworks Adaptive Agent may attempt to repeatedly re-deploy the same patch sequence again and again, potentially including some unwanted additional reboots. At this time the root cause of this issue appears to be related to patch remediation bundles in the /ZPM folder that were not able to be fully downloaded prior to the agent starting its install process.
Workaround: The following workarounds are available for this issue, should the problem arise while using ZENworks:
Make sure that patch vulnerabilities to be deployed are all cached prior to using the Deploy Remediation wizard to deploy remediation to the devices on your network.
Allow plenty of elapsed time between the assignment of the patch remediation bundle and the device refresh cycle, so that the ZEnworks Server always has an opportunity to auto-cache and patch vulnerabilities that have yet to be downloaded.
Make sure that the ZEnworks Server where the Patch Management Service is running has a high bandwidth connection to the Internet, so that downloads of larger patches (such as Service Packs) can complete within 15 to 45 minutes maximum.
If a stuck assignment exhibits itself, the correspondingbundle that is created in the /ZPM folder within can be deleted. This removes any assignments of that patch remediation bundle sequence from all devices, and thus stops any unwanted re-deployments from occurring.
With any patch remediation operation, it is always the best practice to test your sequence of patch remediation bundles on a limited set of test systems first, prior to deploying to a pilot deployment, and eventually rolling the patch sequence to the entire network.
This section contains information about the issues that might occur when you use policies in ZENworks Configuration Management.
On 64-bit versions of Windows Server 2003 servers, only the Browser Bookmarks policy, SNMP policy, Printer policy, Local File Rights policy, and the Windows Group policy device related settings are applied if they are associated to the device.
If ZENworks Control Center is opened by more than one user at the same time and a new user source is added to the management zone by one of the users through ZENworks Control Center, the newly added user source is not reflected in all the open sessions of ZENworks Control Center. Consequently, the policies might not be assigned to the new user sources.
Workaround: To assign policies to new user sources, re-log in to ZENworks Control Center.
Uninstall does not roll back the previously enforced Printer policies.
Workaround: Disassociate the Printer policy from the users or devices to unenforce the policy. After unenforcing the policy, uninstall ZENworks.
The iPrint nipp.exe client installer does not support a silent installation.
Workaround: Use iPrint nipp-s.exe or nipp.zip for a silent installation.
The policy does not support driver installation of .exe drivers.
The iPrint client is not supported on Windows Vista, or on 64-bit versions of Windows Server 2003 devices.
The Windows Group policy containing the local group policy settings is not applied if the operating system of the device where the policy is applied is different from the device where the policy is created.
Workaround: Remove the System Requirement from the Windows Group policy and apply the policy. However, the security settings are applied only if the operating system version of the device where the policy is applied is later than the operating system version of the device where the policy is created.
The Security settings configured in the Windows Group policy are not applied on the Windows XP managed devices.
Workaround: Install Windows Hotfix KB897327 from the Microsoft Support Web site on the Windows XP managed devices.
In Internet Explorer on 64-bit Windows devices, the Group policy helper cannot be installed directly by clicking thelink.
Workaround: Save the novell-zenworks-grouppolicyhelper-10.0.1.0.msi package to your local device, then double-click the MSI to install the package.
On a managed device, .NET 2.0 must be installed to use the Group policy helper.
Workaround: Download .NET 2.0 runtime from the Microsoft Download Center Web site, then install it on the device where you are browsing in ZENworks Control Center.
Software restrictions in security settings are not enforced if theoption is selected.
Workaround: In thetab, select to enforce the software restrictions.
If a Windows Group policy is associated with both devices and users, only the status of the last enforcement is displayed.
The Windows Group policy settings are applied at different time intervals. The various device settings are applied when the device starts and the various user settings are applied when the user logs in. Therefore, if a Windows Group policy is associated with both devices and users and there are failures in the device settings but not in the user settings, a successful status is incorrectly displayed.
The User Last and the Device Last Policy Conflict Resolution settings do not work.
If both a user-associated policy and a device-associated policy are effective for a device, both policies have Administrative templates from the same Configuration type (either Computer Configuration or User Configuration), and if the Policy Conflict Resolution setting is User Last, the device-associated policy is applied first and the user-associated policy is applied later. However, the user-associated policy overwrites the Administrative templates configured by the device-associate policy.
If the Policy Conflict Resolution setting is Device Last, then the user-associated policy is applied first, and the device-associated policy is applied later. However, the device-associated policy overwrites the Administrative templates configured by the user-associated policy.
(Fixed in v10.0.2) The Group Policy tool does not launch on a Windows Vista machine if the User Account Control ( ) is enabled and Mozilla Firefox 18.104.22.168 or later is installed.
Workaround: Configure Firefox to run with administrator credentials.
To configure Firefox for a session, right-click the Firefox shortcut icon on the desktop, then select.
To configure Firefox permanently:
On a managed device, empty folders cannot be created in a user’s Favorites.
On a managed device, uninstalling the Browser Bookmarks policy does not remove a user’s Favorites.
If both user-associated and device-associated policies are effective for a device, only the policy that takes precedence according to the Policy Conflict Resolution settings is applied. However, the Effective status for both policies is displayed as Success in the ZENworks Adaptive Agent icon.
The Roaming Profile policy is not supported for the Windows Vista managed devices.
This section contains information about the issues that might occur with registration in ZENworks Configuration Management.
If you type zac unr /?, the help shows an example using the -f switch, but doesn’t explain its purpose.
The -f switch forces a device to unregister in the event that the zac unregister command alone does not unregister the device.
This section contains information about the issues that might occur when you use the Remote Management feature in ZENworks Configuration Management.
On Windows Vista managed devices, mouse and keyboard locks do not function if thetheme is enabled.
Workaround: Do not use thetheme.
If you log out of a managed device when a Remote Management session is in progress, you might not be able to use the login GINA to log in to the managed device again.
Workaround: Restart the managed device.
The Remote Management viewer installation might fail. This error is inherent to the MSI framework.
Workaround: Perform either of the following steps:
Uninstall the Remote Management viewer by using Add/Remove Programs, then reinstall it.
Use the Microsoft Windows Installer Cleanup Utility to clean up the application, then reinstall it. This utility can be downloaded from Microsoft Support.
On Windows Server 2003 devices using Internet Explorer 6.0, installation of the Remote Management viewer might fail.
Workaround: Useinstead of the option while downloading the viewer, then execute the MSI.
On Windows Vista devices, the Remote Management viewer fails even though the security prompt is successfully completed.
Workaround: In the Internet Explorer browser’s security settings (), turn off the protected mode, then restart the browser.
Workaround: Click the Ctrl+Alt+Del icon on the Remote Management viewer, then press the Esc key to exit the Secure Attention Sequence (SAS) window. Then, click the Ctrl+Alt+Del icon again on the Remote Management viewer.
Workaround: Do not unassign the Remote Management policy. If the policy has been already unassigned, then reassign a Remote Management policy to the device.
The ZENworks Reporting solution is based on BusinessObjects Enterprise XI. This section contains issues that might occur when you use ZENworks Reporting.
The ZENworks Reporting solution has the following limitations:
You cannot use Crystal Reports* with ZENworks Configuration Management Reporting Universe.
When you use the Reporting feature in ZENworks Configuration Management, you might see the issues listed below. To troubleshoot other error messages that you might encounter while working with BusinessObjects Enterprise XI, see the BusinessObjects XI Release 2 Error Message guide.
Reporting does not work if the ZENworks database is an SQL Server* database, and the authentication mode is Windows Authentication.
Workaround: Do one of the following:
If the ZENworks database has not yet been installed, then select the SQL Server authentication mode during the ZENworks Configuration Management installation and ensure that the SQL Server is configured to use SQL Server Authentication.
If the ZENworks SQL Server database is in the Windows Authentication mode and the SQL authentication mode is selected during the ZENworks Configuration Management installation, do the following:
Configure the DSN of the ZENworks database to set it to Windows NT Authentication:
Edit the property of BusinessObjects Enterprise Services on the ZENworks server:
Reporting does not work if BusinessObjects Enterprise XI is installed on a Linux Primary server, and the ZENworks database is a Microsoft SQL 2005 Server database.
The BusinessObjects InfoView might not be launched if the DNS name of the server with BusinessObjects Enterprise XI installed is not correctly resolved.
Workaround: On the Windows server where ZENworks Control Center is launched, add the appropriate DNS entry in the %Windows_root%\systems32\drivers\etc\hosts file.
The BusinessObjects InfoView might not be launched if the BusinessObjects Enterprise XI is installed on a ZENworks Server that uses NAT.
Workaround: On the Windows server where ZENworks Control Center is launched, add the appropriate DNS entry in the %Windows_root%\systems32\drivers\etc\hosts file.
This section contains information about the issues that might occur with authoritative user sources in ZENworks Configuration Management.
The LDAP user cannot access fully qualified contexts that contain extended characters.
This section contains information about the issues that might occur with the ZENworks Adaptive Agent in ZENworks Configuration Management.
The ZENworks Adaptive Agent is installed on Linux Primary Servers to enable software updates. Although Linux servers appear as managed devices in ZENworks Control Center, any actions performed on them, such as assignments, QuickTasks, and so on, will fail.
ZENworks resources are loaded according to the locale of the process that retrieves them. When using regional settings, the ZENworks Windows service might be configured to use a different language than the user is configured to use. The result is that the strings from both languages are displayed.
Workaround: Do one of the following:
Install the native language operating system
Change the default user language to match the language displayed by the user
This section contains information about the issues that might occur when using ZENworks Control Center in ZENworks Configuration Management.
During installation, the setup checks to see if the default HTTP port (80) and HTTPS port (443) are in use. If the ports are in use by another application (such as IIS), you are prompted to use alternative ports. In this case, you must access ZENworks Control Center via the port it is using and not access IIS.
Workaround: While http://Primary_Server_IP_address works if ZENworks Control Center is using port 80, http://Primary_Server_IP_address:### (where ### is the port Tomcat is using) always works.
When Microsoft SQL Server 2005 is installed on non-English (U.S.), locales there are differing sort orders and collations offered. This means that the ordering of lists in ZENworks Control Center is affected, including devices, bundles, and so on.
Workaround: When you install an SQL Server, it selects a default based on the locale of the server. Review the Microsoft documentation to determine which collation option to use when installing your MS SQL Server.
This section contains information about the issues that might occur when you use the zman command in ZENworks Configuration Management.
zman disables the echoing of passwords in Linux by turning the echo off on the controlling terminal. For example, /dev/pts/0. When you switch from one user to another user, the new user does not have the file permissions on the controlling terminal.
Workaround: Before switching to the new user, give Read and Write file permissions to the new user on the controlling terminal. Run tty to display the current controlling terminal.
Using the man zman command for Simplified Chinese and Traditional Chinese doesn’t display any help. It only displays the tilde (~) character.
If a non-root user executes the zman reporting commands on a ZENworks Linux server, the following error message is displayed:
Failed to connect CMS server.for more information see the zman log.
Workaround: Add the non-root user to the zmanusers group before executing the zman reporting commands.
Log in to the ZENworks server as root.
At the server console prompt, execute the following command:
useradd -G zmanusers non-rootusername
Log in to the ZENworks server as a non-root user.
In this documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.
A trademark symbol (®, ™, etc.) denotes a Novell trademark; an asterisk (*) denotes a third-party trademark
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2008 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page and one or more additional patents or pending patent applications in the U.S. and in other countries.
For Novell trademarks, see the Novell Trademark and Service Mark list.
All third-party trademarks are the property of their respective owners.