ZENworks 11 SP3 Readme

7.1 Upgrade or uninstall of the ZENworks Agent on Windows 8 or Windows 2012 devices might make the devices unusable

This issue is applicable only if you have downloaded and deployed the ZENworks11SP3.iso to your zone. This issued has been fixed in the ZENworks11SP3a.iso.

On a Windows 8 or Windows 2012 managed device, on which ZENworks Agent (11.2.3a, 11.2.3a MU1, 11.2.4, or 11.2.4 MU1) versions have been installed, if you update the ZENworks Agent to 11.3, or if you uninstall the ZENworks Agent, then all the files under the "\Windows\System32" folder might get deleted and the device might become unusable.

This issue occurs when the %systemroot% environment variable resolves to any string other than <System drive>:\Windows\(case-sensitive), where the system drive can be C,D or any other drive, depending on where the operating system is installed. For example, if system root is expected to be resolved as C:\Windows but it resolves to C:\WINDOWS or c:windows then the device might become unusable.

Workaround: See TID 7014897.

7.2 On the Start screen of a Windows 8 device, the uninstall option will not work for ZENworks bundles

On the Start screen of a Windows 8 device, right-click the ZENworks bundle shortcut and choose the uninstall option in the charms bar. The ZENworks bundle shortcut does not point at the underlying application or msi installer, which is in the Add Remove Programs screen of the Control Panel.

This is because the uninstall option, which is in the charms bar of the Windows 8 device, is not supported for the ZENworks bundles.

Workaround: None

7.3 UEFI Secure Boot does not work on Windows Surface Pro tablet

If Secure Boot is enabled on a Windows Surface Pro UEFI device, then booting the system into the Imaging distro fails.

Workaround: Disable Secure Boot and boot the Windows Surface Pro UEFI device.

7.4 Operating system upgrades are not supported on devices with Endpoint Security or Full Disk Encryption

Upgrading the Windows operating system is not supported on devices that have an Endpoint Security Data Encryption policy or a Full Disk Encryption policy applied. The upgrade can place the device into an unknown state. Specifically, the following upgrades are not supported:

Updating an operating system version to a service pack of the same version (for example, Windows 7 to Windows 7 SP1) is supported.

Workaround: Before upgrading the operating system, remove the Data Encryption and Disk Encryption policies from the device. Ensure that you give the device sufficient time to decrypt all encrypted files and volumes.

For information about removing a Data Encryption policy, see Removal Best Practices in the ZENworks 11 SP3 Endpoint Security Policies Reference.

For information about removing a Disk Encryption policy, see Removal Best Practices in the ZENworks 11 SP3 Full Disk Encryption Policy Reference.

7.5 Full Disk Encryption is not supported on Windows devices that use UEFI firmware

Full Disk Encryption is not supported on Windows devices that use UEFI firmware. BIOS firmware is required.

Workaround: None.

7.6 Full Disk Encryption pre-boot authentication (PBA) is bypassed on devices with self-encrypting (Opal) drives

On SED (Opal) devices, the PBA login screen is not displayed when a user performs a restart (soft-boot) on the device. Instead, the machine boots directly to the Windows login.

Workaround: For maximum authentication security, have users shut down (hard boot) the machine to initiate the PBA login at restart.

7.7 Endpoint Security Policy Handler error occurs

When a security policy is applied to a device at the same time that Endpoint Security is enabled on the device, a Policy Handler exception occurs because the Policy Handler is not yet loaded and therefore cannot manage the assigned policy.

Workaround: Avoid the exception by enabling Endpoint Security on the device, refreshing the device, and then assigning security policies. Resolve an existing exception by refreshing the device; this installs the Policy Handler and enables it to manage the security policies.

7.8 Snooze prompt has not been implemented for Windows 8 metro view

The Snooze prompt has not been implemented for the Windows 8 metro view.

Workaround: None

7.9 In a bundle with multiple bundle locks, deleting one lock results in deletion of both locks on an Xplat-Linux device

On an Xplat-Linux device, if you create a bundle and add multiple bundle locks for the same bundle with different configurations and then delete a bundle lock, the other bundle lock for the same bundle is deleted. For example, this could happen if you add one bundle lock with the Deny Install option and add another bundle without the Deny Install option.

Workaround: None

7.10 Deleting extended partitions by using the img command corrupts existing partitions

Workaround:

7.11 Servers might become unavailable when a large patch policy bundle is deployed

If a path policy with more than 50 members is deployed on devices in the zone, the Primary Servers might become unavailable.

Workaround: The administrator should restrict the members of a patch policy by configuring Patch Policy rules.

7.12 An additional reboot occurs when a new Primary Server is added to the zone

When you install a Primary Server to a zone in which Location Awareness is enabled, the Primary Server requires two reboots.

Workaround: None

7.13 After a ZENworks agent is updated to ZENworks 11 SP3, the cached or disconnected mode login does not work until the user performs a connected or network login

When a ZENworks agent is updated to ZENworks 11 SP3, the disconnected or cached login for previously logged-in users does not work.

Workaround: After updating to ZENworks 11 SP3, you must log in to ZENworks at least once, in the connected mode.

7.14 The Remote SSH operation will not work on some browsers

(Fixed in 11.3.1) The Remote SSH operation will not work on browsers having incompatible JRE versions.

Workaround: The Remote SSH operation works only on browsers with the following Java environments:

7.15 The ZENServer and the ZENLoader Services fail during the upgrade of Linux Primary Servers to ZENworks 11 SP3 if the size of the RAM is less than 4GB

During the upgrade of Linux Primary Servers to ZENworks 11 SP3, the ZENServer and ZENLoader services fail to start if the total size of RAM is less than 4GB. This is because of the incorrect configuration of the maximum heap memory of Java for the ZENServer and ZENLoader services.

Workaround: Allocate at least 4GB RAM for the Primary Server; execute the novell-zenworks-configure -c tools.CheckJVMsettingConfigureAction command to modify the settings, and start the ZENworks Service.

7.16 ORA-00600, an Oracle Internal Error Occurs During ZENworks 11SP3 Upgrade or Install

In Oracle versions prior to 11.2.0.4, a software bug is found in DBMS_REDEFINITION package. As a result during the ZENworks 11SP3 Upgrade or Install, ORA-00600, an oracle internal error is displayed while partitioning the table in case of an older version of Oracle 11.2.0.4. It is recommended to upgrade to the latest version of Oracle software with patches.

Contact Novell Technical Support for details.

7.17 Do not update a 11.3.0 reboot-less agent to FRU1 without first rebooting it

If you are using Deployment task to install a 11.3.0 agent with suppress reboot option and have configured the start services option, do not update the agent to 11.3.0 FRU1 without first rebooting it at least once. Because the update might leave the device in an unstable state.

Workaround: None

7.18 The ZENworks 11 SP3 installer in CLI mode is not able to connect to the existing MS SQL Audit Database Server

The ZENworks 11SP3 installer in CLI mode is not able to connect to the existing MS SQL Audit Database Server when using the Use existing database option. Connection to MS SQL Audit database server fails after providing the username and without asking for the password.

Workaround: For information on resolving this issue, refer to TID 7014697.