The information in this Readme pertains to the ZENworks 2017 release.
The following table contains information on the documentation content changes that were made in this Readme after the initial release of ZENworks 2017:
Table 1 Readme Updates
|
Date |
Readme Item Added or Updated |
|---|---|
|
June, 2017 |
Added a new known issue in the Known Issues section. |
|
July, 2017 |
Added a new known issue in the Known Issues section. |
|
July, 2017 |
Added a new known issue in the Known Issues section. |
For installation instructions, see the ZENworks Server Installation Guide and for system requirements details, see the ZENworks 2017 System Requirements.
Use the following guidelines to plan for the upgrade to ZENworks 2017 in your Management Zone:
You must first upgrade the Primary Servers, then update the Satellite Servers, and finally the managed devices to ZENworks 2017. Do not upgrade the managed devices and Satellite Servers (or add new 2017 Agents in the zone) until all Primary Servers in the zone have been upgraded to ZENworks 2017.
NOTE:Agents might receive inconsistent data from the zone until all Primary Servers are upgraded. Therefore, this part of the process should take place in as short a time as possible - ideally, immediately after the first Primary Server is upgraded.
If the managed devices have been updated to ZENworks 11.x or later, you can directly update the managed devices in the zone to ZENworks 2017.
The system reboots once after you upgrade to ZENworks 2017. However, a double reboot will be required in the following scenarios:
Table 2 Double Reboot Scenarios
|
Scenario |
ZENworks Endpoint Security |
Full Disk Encryption |
Location Services |
Client Self Defense |
|---|---|---|---|---|
|
Upgrade from 11.4.x to 2017 and fresh Install of ZENworks 2017 |
Disabled |
Disabled |
Lite |
Enabled |
|
Fresh Install of ZENworks 2017 |
Disabled |
Disabled |
Full |
Enabled |
IMPORTANT:All Primary Servers running ZENworks 11.3.x or earlier should first be upgraded to ZENworks 11.4 before upgrading them to ZENworks 2017. Satellite Servers and managed devices should be updated to ZENworks 11.x before updating them to ZENworks 2017.
Table 3 ZENworks Cumulative Agent Update to 2017: Supported Paths
|
Device Type |
Operating System |
Supported Versions |
Unsupported Versions |
|---|---|---|---|
|
Primary Server |
Windows/Linux |
v11.4 and later versions |
Any version prior to 11.4 |
|
Satellite Server |
Windows/Linux/Mac |
v11.0 and later versions |
Any version prior to 11.0 |
|
Managed Device |
Windows |
v11.0 and later versions |
Any version prior to 11.0 |
|
Linux |
v11.0 and later versions |
NA |
|
|
Mac |
v11.2 and later versions |
NA |
For detailed information on prerequisites and instructions for upgrading Primary Servers, Satellites Servers, and Managed Devices to ZENworks, see the ZENworks Upgrade Guide.
To configure ZAPP with an unsupported language:
Provide the new locale files for all files present in %ZENWORKS_HOME%/zapp/i18n
Go to %ZENWORKS_HOME%/zapp/conf
Open the locales.json file and add an entry for the required language under SupportedLocales section.
For example, if the language is English add the following entry:
{"name": "English", "value": "en", "helpFolder":"en", "aliases": "[\"en-US\", \"en-UK\"]"}
Here "value" represents locale, and for all the "aliases" provided the value locale will be effective. You need to ensure that the “help” is always provided in a supported language.
End all the ZAPP process and then restart ZAPP.
IMPORTANT:ZAPP can support all languages for which “.pak” files are available in the following location: %ZENWORKS_HOME%/zapp/locales
For information about the new features in ZENworks 2017, see the ZENworks What’s New Reference.
Secure Boot is a Windows feature that can be enabled in Windows devices that have UEFI firmware. Support for Secure Boot in ZENworks 2017 has the limitations described below:
Endpoint Security Management and Location Awareness: If Endpoint Security Management or Location Awareness are enabled in your zone, make sure that Secure Boot is disabled on devices before performing a new installation of the ZENworks Agent. You do not need to do this when updating an existing ZENworks Agent on a device.
Full Disk Encryption: UEFI firmware, and by extension Windows Secure Boot are not supported in Full Disk Encryption.
This section contains information about issues that might occur while you work with ZENworks 2017:
This section contains information about issues that you might encounter during installation:
When you install the ZENworks agent on a SLES 11 SP4 or SLES 12 device using the YaST add-on, an Unknown GnuPG Key message is displayed.
Workaround: Manually add the GnuPG key.
Navigate to the zenworks-agent-addon page.
For example: <ZENworks_serverIP>/zenworks-agent-addon/
Click the required SLES link.
Right-click content.key and select Save Link As... to download the GnuPG key.
In the Configured Software Repositories window, click the GPG keys… button.
Click Add, browse to the location where content.key was downloaded, and click OK.
While installing ZENworks 2017 on a Windows 2012 or 2016 server, the installation exits with a Java crash error.
Workaround:
Disable Microsoft DEP (Data Execution Prevention) on the Windows server.
To disable DEP on the Windows server, run the following command in the command prompt with administrator privileges:
bcdedit /set nx AlwaysOff
For more information, see Boot Parameters to Configure DEP and PAE.
Rename the sfrhook.dll file to sfrhook64.dll. This file can be accessed from the following location: %program files%\citrix\system32\
When you reinstall ZENworks after a rollback, the installation fails or hangs.
Workaround: After you roll back ZENworks, in the Environment Variable window, perform the following changes and then reinstall ZENworks.
Remove the ZENWORKS_HOME system variable.
In the Path variable, remove the ZENworks install path.
This section contains information about issues that you might encounter during upgrade:
While upgrading a ZENworks SLES 12 Primary Server, modifications to pxemenu.txt is lost
A blank screen is displayed after completing the appliance configuration
When you upgrade the operating system of a Macintosh device the agent page appears blank
Package Update fails on the Primary Server during system update deployment
Effective Assignment is not calculated for newly added devices
When you upgrade a zone with MSSQL 2008 to ZENworks 2017 using the command line interface, the upgrade might fail with the This database version is not supported for ZENworks error.
Workaround: Upgrade the zone using the GUI interface instead of the command line interface, or upgrade MSSQL to 2012, and then upgrade the zone.
When you are upgrading a ZENworks SLES 12 Primary Server, any configuration changes made to the Novell Preboot Services Menu in the pxemenu.txt file will be replaced with the default configuration settings.
The pxemenu.txt file is located:
\srv\tftp\pxemenu.txt
\srv\tftp\efi\x86_64\pxemenu.txt
\srv\tftp\efi\ia32\pxemenu.txt
Workaround: Before upgrading ZENworks, back up the pxemenu.txt file.
While configuring the ZENworks Appliance on a VMware workstation or vSphere client 5.x, a black screen is displayed after completing the YaST configuration. This issue occurs only during the first install.
Workaround: After the Appliance configuration is completed, restart the appliance.
After upgrading the operating system on a Macintosh device, the ZENworks Agent page appears blank.
Workaround: After upgrading the operating system, perform the following steps:
Stop the agent service on the Macintosh device by executing the launchctl unload /Library/LaunchDaemons/com.novell.zenworks.agent.plist command.
Navigate to the /opt/novell/zenworks/zmd/java/lib/configuration directory, and manually delete the following folders:
org.eclipse.core.runtime
org.eclipse.osgi
Start the agent service on the Macintosh device by executing the launchctl load /Library/LaunchDaemons/com.novell.zenworks.agent.plist command.
While deploying the ZENworks 2017 update to all managed devices in the zone, the package update fails.
Workaround: Check whether the zman service is running before starting the package update. If the zman service is running, then stop the service by running the zman sss command.
When you manually upgrade a Windows server from ZENworks 11.4.x to ZENworks 2017 through media upgrade, or through Standalone Updater, Windows Explorer stops working during the Upgrading Packages stage. Due to this issue, you will not be able to view the File Explorer.
Workaround: After completing the upgrade, restart the device.
NOTE:If you want to continue without rebooting the device, you need to manually stop and start the File Explorer. However, if you continue without rebooting the device, then ZENworks Agent will work with limited functionality.
While upgrading ZENworks 11.4.x to ZENworks 2017, an unexpected error occurs when you restart the device after server installation.
Workaround: Restart the ZeUS service manually.
If the Effective Assignment calculation is enabled, and a new device is added to the zone in between the computation interval, the effective assignment is not calculated for the newly added device.
Workaround: Perform any one of the following:
After adding the device to the zone, manually run the zac ref bypasscache command.
On the device, right-click the Z-icon and then click refresh to get the latest effective assignment.
When you migrate an 11.4.x appliance after performing an online update, the installed patches might not be displayed in the Online Update tab of the appliance console.
Workaround: If all the required patches are installed, then ignore and proceed with the appliance migration.
During the system update of a Windows 10 device, the update to ZENworks 2017 Update 1 fails, which is indicated in the ZCC > Configuration > System Updates page.
Workaround: Click the Status link in the Deploying System Updates panel on the System Updates page, and follow the instructions* to restart the System Update:
NOTE:This update cannot continue as at least one of first two service recovery failure modes for ZES service is set to restart the computer. Please disable client self defense, reboot the device, and restart the ZENworks Update.
This section contains information about issues that you might encounter while using the Imaging feature:
The default version of OpenSSL that is installed on SLES 10 SP3 or SP4 devices breaks the communication with the 2017 Primary Servers.
Workaround: None. For more information, see TID 7017532 in the Micro Focus Support Knowledgebase.
During a file transfer session, while deleting a file from the system32 folder on a remote device, the file transfer window will become unresponsive, and the file will not be deleted from the folder.
Workaround: Delete the files from the Remote Control session instead of deleting them from the File Transfer dialog box.
While remote controlling a Windows device from a SLES/SLED device, you cannot perform a Log Off or Switch User operation on the Windows device.
Workaround: None
While installing the ZENworks Agent on a Macintosh 10.11 or 10.12 device, when you perform a remote SSH of the device using ZCC, the remote SSH on the Macintosh device fails with the Algorithm Negotiation Fail error.
Workaround:
On the Macintosh agent device, add the following lines in the sshd_config file:
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com,hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
Restart the SSH service.
This section contains information about issues that you might encounter while using the Mobile Management feature:
Status of a policy that successfully applies on a device but with exceptions remains as Unknown
Revoking or consumption of licenses of an app assigned to a device or a user might fail
An action that is assigned to an MDM Server that is offline is not executed
Device enrollment remains pending if a different APNs certificate is re-configured
If a device that is enrolled as an ActiveSync Only device is fully wiped and deleted using the Unenroll quick task, then you will be unable to re-enroll the same device to the ZENworks Management Zone.
Workaround: In the database, the TobeDeleted value for the device object in the zZENObject table, should be updated to 1.
As a best practice, it is advisable to fully wipe and retire the device. Subsequently, you can click Delete to remove the device from the zone.
If a policy is assigned and successfully applied on a device but with some exceptions, then the status of the policy is displayed as Unknown in ZENworks Control Center (ZCC). This might occur if certain settings configured in the policy are not applicable for certain enrolled mobile devices. For example, if a Mobile Security Policy, in which password settings and encryption settings are enabled, is assigned to a device and the device does not support encryption, then the policy is applied successfully. However, with exceptions. The status in ZCC is displayed as Unknown.
Workaround: None.
If a device is already enrolled to the ZENworks Management Zone and an ActiveSync server is configured later, then the email accounts on some of these devices might not receive emails.
Workaround:
For Android devices:
You might be prompted to re-enter your account password. If this does not work, either initiate a Refresh action on the email account configured on the device or initiate a Refresh action from the Settings menu on the device.
For Windows devices:
Delete and re-create the email account on the device.
NOTE:For iOS devices, the email client might display an error message a couple of times, after which you will start receiving emails on the device.
As a best practice, it is advisable to configure an ActiveSync server before a device is enrolled to the ZENworks Management Zone.
If a remote wipe is initiated directly from the ActiveSync Server, then the email account configured on the device will stop receiving emails. However, the device object is retained in ZENworks Control Center. Whenever the user tries to re-create the email account, the data on the device is wiped.
Workaround: To re-create the email account on the device, the device has to be deleted from the ActiveSync Server and the ZENworks Server, and then re-enrolled to the ZENworks Management Zone.
NOTE:As a best practice, always initiate a remote wipe from the ZENworks Server and not from the ActiveSync Server.
When an iOS bundle is assigned to devices that run on an iOS version prior to 9.2.1, the devices might not receive a notification to install the bundle even if multiple sync requests are sent from these devices.
Workaround: Upgrade the iOS operating system to 9.2.1 or a subsequent version.
When an Unenroll quick task is initiated to fully wipe devices that are already enrolled to the ZENworks Management Zone, then for a few mobile devices the status of the quick task in ZCC does not change to Done and remains as Assigned, even though the data on these devices is successfully wiped. Whenever users try to re-enroll these devices to the ZENworks Management Zone, the data on the device is wiped because of this pending quick task.
Workaround: Delete the device object from ZCC and then re-enroll the device.
If the common name includes a wildcard character along with the hostname in the FQDN, then the iOS device enrollment will fail. For example, if the FQDN is hostname.example.com, and the common name in the certificate is hostname*.example.com or *hostname.example.com the device enrollment will fail.
Workaround: Ensure that you either use the complete host name in the common name, without any wildcard characters (hostname.example.com) or use a wildcard character in the place of the host name (*.example.com).
A bundle for a specific iOS app is assigned to a device, however the app fails to install on the device and an error ‘iTunes ID cannot be validated’ is displayed, even though there are no issues with the iTunes ID.
Workaround: On subsequent syncs, the app might successfully install on the device. It is also recommended that users update their devices to the latest iOS version.
Revoking or consumption of licenses of an app assigned to a device or a user might fail and the following error messages will be displayed:
License already assigned: This error message might be displayed even though the license is not assigned to the device or user.
No license to disassociate: This error message might be displayed even though the license is assigned to the device or user.
Workaround: None. This is an iOS limitation.
Enrollment of an iOS device to the ZENworks Management Zone does not complete and the device object remains in the Pending Enrollment Devices folder in ZCC for a substantial period of time.
Workaround: Delete the device object from the Pending Enrollment Devices folder in ZCC. Wait for a while and then re-initiate the process to enroll the iOS device.
If a user source that was initially deleted is added back to the zone and a device that is associated with the user who is a part of this user source, is re-enrolled to the zone, then re-enrollment fails as the device is unable to reconcile with the existing device object in ZCC.
Workaround: Manually delete the device object in ZCC and then re-enroll the device.
If there are multiple MDM Servers in the zone and an action is automatically assigned to an MDM Server that is offline, then this action is not delegated to another MDM Server that is connected to the network and the execution of the assigned action remains incomplete.
Workaround: None. Ensure that you remove the MDM role assigned to a server that is not connected to the network and then re-execute the action.
(Fixed in ZENworks 2017 Update1) The existing APNs certificate is replaced with another APNs certificate and is re-configured in the ZENworks zone. When users try enrolling their devices, the devices will remain in pending enrollment state.
Workaround: Restart all the MDM Servers in your zone and then enroll the devices.
This section contains information about issues that you might encounter while using ZAPP:
In ZAPP, the <username>.zapp.log rollover files are created after reaching the maximum size. However, the .gz zip files are not created for these rollover files due to zip-creation issues.
The latest file is named as <username>.zapp.log and the name of the oldest file is appended with the largest number.
Workaround: None. Ensure that you do not change the "zippedArchive" property value to true in the logger.json file (located at %zenworks_home%/zapp/conf).
ZAPP cannot be launched at startup to run in the foreground as it is already running in the system tray.
Solution: To launch ZAPP at startup in the foreground from the next login:
Go to %zenworks_home%/zapp.
Open the package.json file.
Search for the "show" property and change the value from false to true.
Save the file.
If the Internet proxy is set, then ZAPP will not be able to communicate with the ZENworks Agent and the error messages with 503 code are displayed in the log files.
Solution: Enable Bypass proxy server for local addresses:
On the Windows device, click Start, and select Control Panel.
Select Internet Options.
In the Internet Properties window, select the Connections tab and click LAN Settings.
In the Local Area Network (LAN) Settings window, under Proxy Server, select the Bypass proxy server for local addresses option.
Click OK.
End all the ZAPP process and restart ZAPP.
Clicking the email link in the Properties page of a bundle does not open the email client.
Solution: Ensure that the email client is configured to use the mailto protocol.
This section contains information about issues that you might encounter while using Full Disk Encryption:
Pre-Boot Authentication (PBA) User Capturing is not functioning on Windows 10 Anniversary Update version 1607 under the following conditions:
Install the ZENworks Agent with Full Disk Encryption activated on a Windows 10 device pre-Anniversary Update version, and do NOT apply a Disk Encryption policy.
Update the device to Windows 10 Anniversary Update version 1607.
Assign a Disk Encryption policy to the device with PBA and PBA account-User Capturing enabled (no specified PBA users).
Let the PBA prompt screen “time-out” and boot to the Windows login screen.
Workaround: Press OK when the PBA prompt appears (do not let the PBA prompt screen time-out).
When you run the embedded database restore script on a SLES 12 Primary Server or ZENworks Appliance fails with the following error:
.../ZenworksLinuxDBRestore.sh: line 158: /etc/init.d/novell-zenmntr: No such file or directory./ZenworksLinuxDBRestore.sh: line 167: /etc/init.d/novell-zenserver: No such file or directory./ZenworksLinuxDBRestore.sh: line 171: /etc/init.d/novell-zenloader: No such file or directory...Failure: Restore...
Workaround: To resolve the issue, perform the following:
Manually stop the database and database services by running the following commands:
systemctl stop novell-zenloader.service
systemctl stop novell-zenserver.service
systemctl stop sybase-asa.service
systemctl stop Sybase-audit-asa.service
Copy the backup database DB and log files to the /var/opt/novell/zenworks/database folder, and overwrite the existing database files.
Restart the services by running the following commands:
systemctl start novell-zenloader.service
systemctl start novell-zenserver.service
systemctl start sybase-asa.service
systemctl start sybase-audit-asa.service
Run the following commands and verify that the services are running:
systemctl status -l novell-zenloader.service
systemctl status -l novell-zenserver.service
systemctl status -l sybase-asa.service
systemctl status -l Sybase-audit-asa.service
Bundles configured with the Install Network MSI or Create Directory action from DFS share, fail with the WNetAddConnection error.
Workaround: None
While configuring the Install Network MSI action, use the UNC path instead of DFS share.
This Readme lists the issues specific to ZENworks 2017. For all other ZENworks 2017 documentation, see the ZENworks 2017 documentation website.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.novell.com/company/legal/.
Copyright © 2016 Micro Focus Software Inc. All Rights Reserved.