Update for ZENworks 11 SP2 (11.2.1)

November 08, 2012

The information in this Readme file pertains to the update for Novell ZENworks 11 SP2 (11.2.1).

1.0 Readme Updates

The following table contains information on the documentation content changes that were made in this Readme after the initial release of ZENworks 11.2.1:

Table 1 Readme Updates

Date

Readme item Added or Updated

November 08, 2012

The issues fixed in Update for ZENworks 11 SP2 (11.2.2) are identified with the phrase (Fixed in v11.2.2).

July 17, 2012

Added the following known issues to Section 8.0, Known Issues in Version 11.2.1:

2.0 Important Reasons to Update to Version 11.2.1

This update fixes issues discovered in ZENworks 11 SP2. It also includes new features and enhancements.

ZENworks Configuration Management

  • You can prioritize the way bundles are executed by using the Bundle Ordering feature. This allows you to control the way bundles are executed by setting an order value. This feature was available in the ZENworks 7 product and has been re-introduced in the ZENworks Configuration Management product.

  • Many defects have been fixed to improve timeout calculation during the Product Recognition Update (PRU) upload.

  • An issue that displayed incorrect bundle deployment status in ZENworks Control Center has been fixed.

  • The Interactive Services Detections dialog box no longer causes a distraction during bundle actions that are set to run as a dynamic administrator.

  • Several fixes have been introduced to optimize performance for inventoried data during inventory report generation.

  • The RDP/mstsc session crash issues while performing a remote session from Windows 7 device to Windows 2008 servers have been fixed.

  • Explorer crash issues on Windows 7 agents when accessing a network share that needs credentials have been fixed.

ZENworks Patch Management

  • ZENworks now features a reporting element that produces comprehensive Business Object Enterprise reports for more detailed analysis of the effectiveness of your security. There are 17 reports available, and each one can be individually tailored. This gives an administrator or group access to quick and easy information about the patched status of their systems and any vulnerabilities.

  • Each individual patch contains an information description that now has a link to the vendor’s Web site, where a more detailed explanation of the patch and its function is found.

  • All security patches now feature a short description and the relevant Common Vulnerability and Exposure (CVE) codes that the patch is designed to resolve. CVE codes are publicly known information security vulnerabilities listed by the Mitre Corporation.

  • Within the ZENworks Patch Management module, it is now possible to control deployment rights for multiple users. This can be used to delegate patch deployments such as deployments to external sites or other administrative groups where a normal deployment cannot be done, or simply to delegate the patch management process to individual groups in large organizations.

  • Information about the size of the patch (in MB) is now available in the Patch Details section. This is useful if you have concerns about space on a large network.

  • Patches can now be simultaneously deployed to an entire group of operating systems by using the Dynamic Groups feature. For example, if you need to quickly remediate all the XP systems on your network, you can do it with just a few clicks. This feature can be used to baseline patches, or to deploy remediation.

3.0 Planning to Deploy Version 11.2.1

Use the following guidelines to plan for the deployment of version 11.2.1 in your Management Zone:

  • You must deploy version 11.2.1 first to the Primary Servers, subsequently to Satellites, and finally to managed devices.

  • You can directly deploy version 11.2.1 to Primary Servers, Satellites, and managed devices that have ZENworks 11 SP2 installed. Any managed devices running previously supported versions will be first upgraded to ZENworks 11 SP2. For earlier supported versions, see Table 2.

    The system reboots after you upgrade to ZENworks 11 SP2, and then reboots again when the 11.2.1 update is deployed.

4.0 Downloading and Deploying Version 11.2.1

For instructions on downloading and deploying version 11.2.1 as an update, see ZENworks 11 SP2 System Updates Reference.

For administrative tasks, see the Novell ZENworks documentation Web site.

If your Management Zone consists of ZENworks 10.2.x/10.3.x/11.x Satellites and managed devices, you can deploy version 11.2.1 to the devices only if the ZENworks 11 SP2 update has been downloaded and is available in the Management Zone. The ZENworks 11 SP2 update is deployed first, and then version 11.2.1 is deployed, so the device reboots twice.

To download the ZENworks 11 SP2 Update, open ZENworks Control Center and navigate to Configuration > System Updates.

  • Check the list of Available System Updates. If Update for ZENworks (11 SP2) is not displayed, you need to import it.

    1. Obtain a copy of the same ZCM 11.2 ISO file used to install or upgrade. Mount it on one Primary Server (if System Update is configured to use a Dedicated System Update Server, use this server for the import), either by burning a physical DVD and using the server's DVD drive or by using the mount command on Linux. For example, on Linux, login as a root user and run the following commands:

      mkdir /mnt/iso

      mount -o loop /tmp/ZENworks11SP2.iso /mnt/iso

      For Windows, a free tool such as Daemon Tools lite can be used.

      NOTE:If you use the ZENworks Appliance, you may not have a copy of the ISO, in which case it can be downloaded from the Novell Downloads site.After downloading the ISO file, it is strongly recommended that you compare the MD5 checksum for the file to the one shown on the Novell Downloads page, before attempting to deploy.

    2. Using the zman sui command, import the Update from the Common directory:

      • On Windows: zman sui d:\common

      • On Linux: zman sui /mnt/iso/Common

    3. In ZENworks Control Center, navigate to Configuration > System Updates, and wait for the status to display Downloaded.

    4. If System Update is not configured to use a Dedicated System Update Server, navigate to Configuration > System Updates > Update for ZENworks (11 SP2) > Replication Status and ensure replication has finished before continuing. Authorize the update by running the following command:

      zman suaz “Update for ZENworks (11 SP2)”

      NOTE:If you do not perform this step, while deploying the update, an error message will be displayed in ZENworks Control Center.

    5. In ZENworks Control Center, navigate to Configuration > System Updates and wait for the status to display Ready.

      You can track the replication by navigating to Configuration > System Updates > Update for ZENworks (11 SP2) > Replication Status.

  • If you have an external OEM Sybase database installed on a Linux machine, you need to perform a procedure on the OEM Sybase machine before you update the ZENworks Primary Servers to 11.2.1. For more information, see TID 7010332 in the Novell Support Knowledgebase.

  • Refer to the following table to understand the ZENworks support matrix:

    Table 2 ZENworks Support Matrix

    Managed Device

    Satellite Servers

    Primary Servers

    v10.2.2

    v10.2.2, v10.3, v10.3.1, v10.3.2, v10.3.3, v10.3.4, v11.0, v11.1, v11.2, v11.2 MU1, v11.2 MU2, v11.2.1

    v11.2.1

    v10.3

    v10.3, v10.3.1, v10.3.2, v10.3.3, v10.3.4, v11.0, v11.1, v11.2, v11.2 MU1, v11.2 MU2, v11.2.1

    v11.2.1

    v10.3.1

    v10.3.1, v10.3.2, v10.3.3, v10.3.4, v11.0, v11.1, v11.2,v11.2 MU1, v11.2 MU2, v11.2.1

    v11.2.1

    v10.3.2

    v10.3.2, v10.3.3, v10.3.4, v11.0, v11.1, v11.2, v11.2 MU1, v11.2 MU2, v11.2.1

    v11.2.1

    v10.3.3

    v10.3.3, v10.3.4, v11.0, v11.1, v11.2,v11.2 MU1, v11.2 MU2, v11.2.1

    v11.2.1

    v10.3.4

    v10.3.4, v11.0, v11.1, v11.2,v11.2 MU1, v11.2 MU2, v11.2.1

    v11.2.1

    v11.0

    v11.0, v11.1, v11.2, v11.2 MU1, v11.2 MU2, v11.2.1

    v11.2.1

    v11.1

    v11.1, v11.2,v11.2 MU1, v11.2 MU2, v11.2.1

    v11.2.1

    v11.2

    v11.2, v11.2 MU1, v11.2 MU2, v11.2.1

    v11.2.1

    v11.2 MU1

    v11.2 MU1, v11.2 MU2, v11.2.1

    v11.2.1

    v11.2 MU2

    v11.2 MU2, v11.2.1

    v11.2.1

    v11.2.1

    v11.2.1

    v11.2.1

5.0 What’s New

Version 11.2.1 includes the following new or enhanced features:

5.1 Support for New Platforms

Version 11.2.1 has added support for the following:

  • SUSE Linux Enterprise Server (SLES) 11 SP2 as a Primary Server and Satellite.

  • SUSE Linux Enterprise Desktop (SLED) 11 SP2 as a managed device and Satellite.

5.2 Bundle Management

We now support the Bundle Ordering feature that allows you to prioritize the way bundles are executed. When you assign an order value to a bundle, the bundles are executed based on the value assigned. Multiple bundles can be executed simultaneously, or the order of execution can be prioritized.

For more information on enabling the Bundle Ordering feature, see Bundle Tasks in ZENworks 11 SP2 Software Distribution Reference.

5.3 ZENworks Reporting Server

5.3.1 zman rpus command

The new zman rpus command enables you to synchronize the list of ZENworks Reporting Server users with the ZENworks users who have Reporting rights.

For more information, see Report Commandsin the ZENworks 11 SP2 Command Line Utilities Reference.

5.3.2 BusinessObjects Enterprise XI 3.1 SP4

BusinessObjects Enterprise XI 3.1 SP4 is now supported by ZENworks Reporting Server.

6.0 Issues Resolved by Version 11.2.1

Some of the issues identified in the initial version of ZENworks 11 SP2 have been resolved with this release. For a list of the resolved issues, see TID 7010042 in the Novell Support Knowledgebase.

7.0 Continuing Issues in ZENworks 11 SP2

Some of the issues that were discovered in the original shipping version of ZENworks 11 SP2 have not yet been resolved. For continuing issues, review the ZENworks 11 SP2 Readme.

The Readme has been updated to indicate which issues are fixed by version 11.2.1.

8.0 Known Issues in Version 11.2.1

8.1 Agent service is not running after applying the ZENworks 11.2.1 update

The new installation of ZENworks 11.2.1 or the upgrade of a ZENworks Primary Server or agent to ZENworks 11.2.1 finishes successfully. However, when you right-click the ZENworks agent icon in the notification area after a reboot on some Windows devices, the following error message is displayed:

The ZENworks Service does not appear to be running. Please restart the service and try your request again.

Workraround: See TID 7010390 in the Novell Support Knowledgebase.

8.2 After you upgrade to 11.2.1, an asset tag and serial number you edited in the Inventory Collection Editor do not appear in ZENworks Control Center

If you log in to the Inventory Collection Editor from Zicon and edit the asset tag and serial number for multiple hardware components in ZENworks 11 SP2, then update to 11.2.1, running the hardware component report through ZENworks Control Center does not display the hardware data previously edited in 11 SP2.

Workaround: To view the previously edited asset tag and serial number in the hardware report after updating to 11.2.1, run the following update query in the ZENworks Configuration Management Database:

update nc_component set assettagalias=assettag where (assettag!='' and assettag is not null and (assettagalias is null or assettagalias='') and producttype not in(22,21,29));

8.3 A scan upload to the Primary Server fails if you create a Local Software Product with the category and subcategory as BIOS

If you create a Local Software Product with the category and subcategory as BIOS, a KB merge completes on the server but the scan upload fails.

Workaround: None

8.4 Downloading Subscription Bundles for SLES and OES Fails

(Fixed in v11.2.2) An error might occur while you download subscription bundles for SUSE Linux Enterprise Server (SLES) and Open Enterprise Server (OES). This is a random issue that occurs because of a mismatch in the file size or checksum.

Workaround: None

8.5 Unable to use the zman sui command to import the ZENworks 11.2.1 system update to a ZENworks Server, on a RHEL-5.x Server

On an RHEL-5.x server, if the size of the system update zip file is more than 2 GB, unzipping does not work, and you cannot import the system update by using the zman sui command.

Workaround: Perform the following steps:

  1. Navigate to the Red Hat vvitek directory.

  2. Install unzip-5.52-3.0.bz497482.el5_7.i386.rpm on the RHEL 5.x server.

  3. Run the rpm -Uvh unzip-5.52-3.0.bz497482.el5_7.i386.rpm command.

  4. Run the zman sui <zip file path> command.

8.6 WinPE does not work correctly after applying the update to an existing ZENworks 11 SP2 Zone

After applying any update to ZENworks 11 SP2 (such as Monthly update or product update) WinPE does not behave as expected.

For more information, see TID 7005747 in the Novell Support Knowledgebase.

Workaround: Re-upload winpe.wim after applying the update.

8.7 Patch detection does not support SLES for VMware versions of SUSE Linux

ZENworks Patch Management patch detection does not currently support SUSE Linux Enterprise Server (SLES) for VMware versions of SUSE Linux.

Workaround: None

8.8 Database Migration Fails when migrating the database from Sybase to Oracle

(Fixed in v11.2.2) While migrating the database from Sybase to Oracle, the database migration fails displaying the following error:

FINER: Failed to run the sql script:
/opt/novell/zenworks/share/datamodel/oracle/nc_component_indexes.sql,
 message:Failed to execute the SQL command: --BREAK,
 message:Invalid SQL type: sqlKind = 0

This issue is due to an incorrect SQL syntax in the /opt/novell/zenworks/share/datamodel/oracle/nc_component_indexes.sql file.

Workaround: You need to replace the incorrect file with the correct SQL file. For more information, see TID 7010347 in the Novell Support Knowledgebase.

8.9 McAfee firewall is disabled after applying a Data Encryption policy to a device

After applying a Data Encryption policy to a device that is using a McAfee firewall, the firewall is disabled.

Workaround: In the device’s registry, add the McAfee executable to the list of files that are excluded from reparsing by Endpoint Security Management.

  1. Locate the path to the McAfee myAgtSvc.exe file. To do so:

    1. Run services.msc.

    2. Right-click McAfee Peer Distribution Service, click Properties.

    3. On the General tab, note the path to the myAgtSvc.exe file.

  2. In the Windows registry, locate the following key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Zesocc

  3. Locate the ReparseExclusions value.

    This is a REG_MULTI_SZ value that is pre populated with the following string:

    \PROGRAM FILES\NOVELL\ZENWORKS\BIN\NZRWINVNC.EXE

  4. Double-click the Re parse Exclusions value and specify the myAgtSvc.exe path in the Value Data list.

    Do not include the drive letter in the path. The path is relative to the root, as shown under Step 3.

  5. Reboot the computer.

8.10 Upgrading to ZENworks 11.2.1 resets the Show Bundle Activity setting for all bundles

(Fixed in v11.2.2) After upgrading to ZENworks 11.2.1, the Show Bundle Activity setting for all bundles is reset to No. Other bundle-related issues might also be displayed in ZENworks Control Center.

Workaround: See TID 7010385 in the Novell Support Knowledgebase.

9.0 Legal Notices

Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2012 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page and one or more additional patents or pending patent applications in the U.S. and in other countries.

For Novell trademarks, see the Novell Trademark and Service Mark list.

All third-party trademarks are the property of their respective owners.