14.0 Troubleshooting ZENworks Control Center

An HTTP request is not redirected to HTTPS if IIS is running on the Primary Server

Source: ZENworks; ZENworks Control Center.
Explanation: During installation, the setup checks to see if the default HTTP port (80) and HTTPS port (443) are in use. If the ports are in use by another application (such as IIS), you are prompted to use alternative ports. In this case, you must access ZENworks Control Center via the port it is using and not access IIS.
Action: Although http://Primary_Server_IP_address works if ZENworks Control Center is using port 80, http://Primary_Server_IP_address:### (where ### is the port Tomcat is using) always works.

ZENworks Control Center throws a java.lang.NoClassDefFoundError Exception

Source: ZENworks; ZENworks Control Center.
Explanation: When you use ZENworks Control Center to perform an operation, you might encounter a java.lang.NoClassDefFoundError exception.
Action: Restart the Novell ZENworks Server service:

On Windows: Do the following:

  1. On the Windows desktop, click Start > Settings > Control Panel.

  2. Double-click Administrative Tools > Services.

  3. Restart Novell ZENworks Server.

On Linux: At the console prompt, enter /etc/init.d/novell-zenserver restart.

Opening links in a new tab or new window of ZENworks Control Center might fail to display the page

Source: ZENworks; ZENworks Control Center.
Explanation: While browsing ZENworks Control Center, if you choose to open a link in a new tab or a new window, the page might fail to display.
Action: Open the link in the same window.

Logging in to ZENworks Control Center or navigating within ZENworks Control Center by using Firefox 3.x might display a blank page

Source: ZENworks; ZENworks Control Center.
Explanation: If you are accessing ZENworks Control Center across the network by using Firefox 3.x, you might see a blank page when you log in to ZENworks Control Center or navigate within ZENworks Control Center.
Action: Do one of the following:
  • Use the Firefox Web browser to open about:config, then change the value of browser.cache.memory.enable to False.

  • Refresh the Web browser to reload the ZENworks Control Center page every time ZCC displays a blank page.

  • Use any other ZENworks supported Web browser to access ZENworks Control Center.

    For more information about the supported Web browsers, see Administrator Browser Requirements in the ZENworks Server Installation.

ZENworks Control Center displays a warning message indicating that some of the ZENworks features might behave incorrectly

Source: ZENworks; ZENworks Control Center.
Explanation: When you deploy ZENworks with an external database, if the Primary Server time is not synchronized with the ZENworks database server time, you might see the following warning message on the ZENworks Control Center Login page:
Some of the ZENworks features might behave incorrectly because the time of the current Primary Server and the time of the ZENworks database server are not in sync.
Action: Synchronize the Primary Server time with that of the Database Server.

The Nessus scan report for ZENworks Control Center shows that the site is vulnerable to cross-site scripting attacks

Source: ZENworks; ZENworks Control Center.
Explanation: If you run a Nessus scan for the ZENworks Control Center, the report shows that the site is vulnerable to cross-site scripting attacks. This issue is addressed by the ZENworks Control Center and there is no actual vulnerability.
Action: Ignore this message. For more information, see User Source Authentication in the ZENworks User Source and Authentication Reference.

Unable to manage reports without Super Administrator rights

Source: ZENworks; ZENworks Control Center.
Explanation: Without super administrator rights, you are not able to create, edit or delete workstation reports.

NOTE:For more information see TID 7008889, in the Novell Support Knowledgebase.

Action: The relevant rights have to be configured using ZENworks Control Center.
  1. Log into ZENworks Control Center as an administrator.

  2. Click the Configuration tab.

  3. In the Administrators panel, select the name of the user who requires rights to the reports.

  4. Click the Rights tab.

  5. In Administrator Tasks section, in the left pane of ZENworks Control Center, click Inventory Report Rights. The Inventory Report Rights are displayed.

  6. Select the folders to which the user requires the rights.

  7. From the Edit drop-down menu, select Assign Full Rights.

    For more information about configuring Inventory Report rights, see Inventory Report Rights in the ZENworks Asset Inventory Reference.

  8. Repeat steps 2 through 4 and in the Administrator Tasks section, in the left pane of ZENworks Control Center, click Asset Management Report Rights. The Asset Management Report Rights are displayed.

  9. Select the folders to which the user requires the rights.

  10. From the Edit drop-down menu, select Assign Full Rights.

    For more information about configuring Asset Management Report rights, see Configuring Report Rights in the ZENworks Asset Management Reference.

Unable to login in to ZENworks Control Center in Internet Explorer 8 on Windows 8 machine

Source: ZENworks; ZENworks Control Center
Explanation: When you launch ZENworks Control Center url on Internet Explorer 8 on Windows 8 machine and try logging in, an error message is displayed in the browser status bar.
Possible Cause: Security option Allow websites to prompt for information using scripted windows is enabled.
Action: Disable security option Allow websites to prompt for information using scripted windows.

Email notifications with SSL to the SMTP Server fail

Source: ZENworks; ZENworks Control Center
Possible Cause: The certificate from the SMTP Server may not be authenticated.
Action: To be able to send emails, import the certificate for authentication as follows:
  1. Navigate to the OpenSSL directory and execute the following command:

    openssl s_client -showcerts -starttls smtp -connect [SMTP SERVER IP]: 25

  2. Copy the contents of the certificate displayed in the console from “----BEGIN CERTIFICATE----” to ”----END CERTIFICATE----” including the “----” lines.

  3. Save this to a text file. For example, smtpcert.txt. For more information on how to generate or import GroupWise certificate, see:.

  4. Import the certificate authority into the Java trusted CA keystore file.

    On Windows Primary Server: If ZENworks is installed in the C:\Program Files x(86) folder, then in the command prompt, go to C:\Program Files x(86)\Novell\ZENworks\share\java\jre\bin> and run the following command:

    .keytool -importcert -trustcacerts -alias smtpcert -file <saved text file name with full path> -keystore "C:\Program Files\x(86)\Novell\ZENworks\share\java\jre\lib\security\cacerts" -storepass changeit

    On Linux Primary Server: Run the following command from the Java installed path:

    /usr/java/jdk1.6.0_24/jre/bin/keytool -importcert -trustcacerts -alias smtpcert -file "<saved text filename with full path>" -keystore /usr/java/jdk1.6.0_24/jre/lib/security/cacerts -storepass changeit

ZENworks Control Center is vulnerable to SQL injection attacks

Source: ZENworks; ZENworks Control Center
Explanation: SQL injection is an attack which injects an SQL query through the input data from the client to the application. This injection exploit can read sensitive data from the database, modify data, and execute administrative operations on the database such as database shutdown and so forth.
Action: In order to prevent or minimize the impact of SQL injection attacks on ZCC, you can do the following:
  • As ZENworks has a strong implementation of the access control layer through its Roles and Rights, by properly configuring these for the users, you can ensure that they have access only to the information they are entitled to. To configure roles and rights through ZCC, see ZENworks Administrator Accounts and Rights Reference.

  • Restrict the access to ZCC servers only to authorized persons. You may restrict ZCC access from a network subnet or IP range, so that unauthorized access to ZCC is prevented. For more information, see Securing DMZ Servers.