ZENworks Security Client cannot get a policy update

  • 3788192
  • 14-Nov-2007
  • 27-Apr-2012

Environment

ZENworks Endpoint Security Management 3.5
Microsoft Windows 2000 Professional

Microsoft Windows XP Professional

Microsoft Windows XP Tablet PC Edition

Situation

ZENworks Endpoint Security Client cannot get a policy update from the ZENworks Endpoint Security Management Server

Resolution

The first thing to check would be if the client can see the ZENworks Endpoint Security Management Distribution Server.

To verify do a right click on the ZENworks Endpoint Security client and select"About”. The About box will give you a lot of great information to help troubleshoot the issue.



Important questions:

  1. Does the ZENworks Endpoint Security client’s About box show the server name for the ZESM Distribution Server or does it show Unknown?
  2. Is the current policy default or does it show a policy name?
  3. Is the "Last Check In” time all zeros or does it show a checkin time?


Scenario 1 : About box shows the ZESM Distribution Server as Unknown

  1. Check the event viewer’s application log for MSSOAP errors. If you see MSSOAP errors in the application log you probably have a client certificate issue. If during the ZENworks Endpoint Security Management Server install you had the server create its own self signed certificates than the certificates would be found by default on the server’s desktop in a folder called "ESM setup files”. If during the install you requested the "ESM setup files” to be put in a different location than go to that location. In the"ESM setup files” folder you will find a ESM-MS.cer file. The ESM-MS.cer file is the client certificate and needs to be installed on the client machine.

To install the ZENworks Endpoint Security client certificate
Copy the ESM-MS.cer file to the client machine and double click it.

Click the"Install Certificate” button, click Next twice and finish.

Click "Yes” to complete the installation of the client certificate.

Once the client certificate installation is completed do a right click on the security client and select "Check for Policy Update” and than check the security client’s About box to see if it now sees the distribution server. If it does client/server communication is working and you should be able to publish a policy.

Scenario 2 : The Security Client’s About box is displaying "Unknown” for the ZESM Distribution Server but the event viewer’s application log is not showing MSSOAP errors.

This could be an issue where during the ZENworks Endpoint Security Management server install a different name was entered for the ZESM server than the name entered during the ZESM client.

To validate please do the following:

  1. Go to start, run, enter regedit and select OK
  2. In the registry go toHKEY_Local_Machine\Software\Senforce\AuthorityServer\Ipaddress
  3. The IPAddress string will have a URL that points to the server. Copy and paste the URL in your web browser to test client\server communication. If you get a certificate prompt click "View Certificate” and compare the certificate’s server name to the one in the URL. Often users will enter the fully qualified name of the server during the server install but use just the netbios computer name during the client install. If there is a mismatch this will cause client\server communication issues and the client will need to be reinstalled using the same name used during the server install.

Scenario 3 : ZENworks Endpoint Security Client’s About box displays the ZESM Distribution Server’s name correctly and when a manual checkin from the ZESM client (right click the client and select "Check for Policy Update”) shows the "Last Checkin Time” correctly but does not receive a policy update.

This scenario indicates the ZESM client\server communication is working correctly but the server is not sending the policy.

Make sure the policy being published is going to the correct user. In the ZENworks Endpoint Security client’s About box it will display the authentication user. Make sure the policy is being published to either the user’s user/computer account or to a group the user/computer is a member of.

Also verify that you are double clicking the selected user in the publish screen of the ZENworks Endpoint Security Management Console. When double clicking the group or users icon will change

Once this is accomplished click the publish button and user’s icon will change to "Published”.

The ZESM client will then receive the policy at its next checkin or if a manual checkin from the client is made.



hhhhhhhhhhhhhhh