Environment
Novell ZENworks Configuration Management 11.2
Novell ZENworks 10 Configuration Management with Support Pack 1 - 10.1 Registration Situation
Server crashed and had to be rebuilt with a new certificate. All of the agents need the new certificate to register with the new server. Or both zones are active and it is required to switch from one to another with script.
Resolution
Create a bat file or login script to automatically unregister, install the cert from a network share, then register to the new zone.
Certmgr.exe from Microsoft will need to be downloaded to insert the new certificate. Get the ca.der from the new ZCM server then put the certificate and certmgr.exe on the share.
For Windows 7 and later use built in CertUtil. See http://www.computertechblog.com/import-a-certificate-to-trusted-root-certification-authorities-using-command-prompt/ Example certutil.exe -addstore Root ca.der
Put these commands in the login script:
- zac unr -f -u administrator -p password
- \\networklocation\certmgr.exe -add -all \\networklocation\ca.der -s -r localMachine root
- zac reg https://newzcmserver.novell.com -u administrator -p password
or if both zones are active:
- \\networklocation\certmgr.exe -add -all \\networklocation\ca.der -s -r localMachine root
- zenworksuninstall -C -z oldzone -s https://oldZoneServer.novell.com:port -u Administrator -p password -S https://newZoneServer.novell.com:port -U Administrator -P password -q
NOTE: Path to ca.der on linux server is: /etc/opt/novell/zenworks/security/ca.der
NOTE: When registering, the FQDN of the server name should be used, not the IP address, to avoid the prompt to accept the server certificate.
Additional Information
Note: Certificates can also be pushed out by group policy if devices are in a domain for external AD CA.
If the zac ci command is run when the agent is unregistered, the following error may be seen at the command line:
RegisterUser - Unable to register with any service
RegisterUser - Unable to register with any service