Rights Authentication Failed error during Remote Control

  • 3254631
  • 25-Jan-2008
  • 08-Nov-2012

Environment

Novell ZENworks 10 Configuration Management

Situation

Attempting to perform Remote Control of any workstation OR receive a Remote Control Request using "Rights" authentication mode. Generates the following:
Error: "Rights authentication failed. An internal error occured while communicating to ZENworks Management Daemon"
Error that is seen in the Agent Log:
Error: "Rights Authentication failed. The ZENworks server from which the Remote Management Viewer was launched is not time synchronized with the ZENworks server to which the managed device is registered. If the problem persists even after time synchronization between the servers, contact Novell Technical Services."

Resolution

Make sure that the servers are in time sync.   In 10.2.x and previous releases, the allowed time difference tolerance was 10 seconds. In 10.3 and 11.1 this has been increased to 120 seconds.

Additional Information

Here's how authorization for remote control worked in this instance:
1. The managed device always determines Server A that is good and always talks to it.
2. ZCC runs on both Server A and Server B, and remote session connection is initiated from either of them.
3. Rights authentication sometimes succeeded and sometimes failed.
4. Whenever it succeeded, the ZCC server was Server A, while whenever remote control failed, the ZCC server was Server B. And in each of the cases, where remote control had failed, the following error could be seen in the agent log.

"Rights Authentication failed. The ZENworks server from which the Remote Management Viewer was launched is not time synchronized with the ZENworks server to which the managed device is registered. If the problem persists even after time synchronization between the servers, contact Novell Technical Services."
 
Additionally:
  1. All ZENworks primary servers must be in time sync with the database server within 10 seconds.  ( SQL example: select getdate())
    NOTE in 10.3 and higher this will be 120 seconds. 
    The insync state is set every 24 hours at midnight from the statistics process launched by loader.  If the insync status of a ZENworks server is flagged false, that won't be corrected until the next statistics refresh.
  2. All ZENworks primary servers must be in time synch with each other within 2 minutes.
  3. All devices must be in time synch with the primary servers to within the time of the certificate, and within 24 hours of primary servers.
  4. When this error occurs due to violation of 1 - 3 above, the RM will suceed when run from the ZCC using the primary server to which the managed agent is registered.