Environment
Novell ZENworks Configuration Management 11.2
Novell ZENworks 10 Configuration ManagementSituation
DLU (Dynamic Local User) Policy applied to user is not available on first user login or after change to the policy or cache cleared.
For DLU managed accounts, it will appear that passthrough login is failing if DLU account manages passwords.
Resolution
In 11.2.2 Monthly Update 2 and later, the first user login will ignore the random refresh setting.
Workaround for prior versions:
Do one of below, but see additional information for the consequences. Either:
-
Disable Random Time To Wait in the ZCC Device Refresh Schedule settings (ZCC > Configuration > Device Management > Device Refresh Schedule).
or -
Login with a local account user and refresh to bring down the policies. After that, initial logins by DLU users should work as the policy assignment is in device cache. This should be done for all new installs of agents.
Additional Information
If Random Time to Wait is disabled via ZCC, then user assigned policy should apply at login.
Random Time to Wait was implemented to avoid performance issues in installations where many workstations are turned on at essentially the same time: turning off random refresh should be done with this in mind.
Note: After making the change to Random Time to Wait in the ZCC there is a delay before that setting will take effect, and the workstation must be refreshed.
The ZENworks servers cache settings such as assignments, bundles, etc. If the Random Time to Wait is disabled, and the workstation has been refreshed at least once so the Random Time to Wait setting has been pushed down to the workstation, then the server cache is likely the problem. The default value for assignments is 5 minutes, so if you make a user assignment to a DLU policy, then immediately go login that user, then it probably won't work. It may be necessary to wait up to 5 minutes before the workstation will see the user assignment.