Limitations when starting Remote Management using command line options

The command line options for nzrViewer are covered in the online documentation https://www.novell.com/documentation/zcm10/zcm10_remote/data/bcfqcen.html#bcfrhhy
 
Although the viewer can be launched in standalone mode (that is to say outside ZCC), there are some limitations.

1. By default, when an internal CA is deployed, the viewer is required to provide 3 items for SSL authentication (private key, certificate and CA certificate). When an external CA is deployed, the viewer is not required to provide them.
2. When the managed device is part of a zone, it will require the certificate being presented by the viewer to be signed and chained to the CA (Certificate Authority). When a remote session is launched from ZCC, such a certificate is generated automatically by ZENworks (ZCC) in the background and passed to the viewer for launching. The validity period of the certificate is small (just 4 days). If it is not presented, or not chained to the CA, SSL authentication will fail.
   
3. If the viewer is required to be launched without these 3 items, the Remote Management policy on the managed device must be configured to not require viewer to provide this data. The property is "Allow connection when Remote Management Console does not have SSL certificate". However, remember that this is lowering security of the device and is not recommended. (When a viewer presents a certificate even when this property is turned on, the managed device will use it during authentication.)
4. Also remember that the managed device uses the certificate provided by the viewer to identify the remote operator. When the viewer does not provide a certificate, the user is not identified and is recorded as 'unknown'. This information is used in a number of places including permission message, visible signal and audit.