Environment
Novell ZENworks 10 Configuration Management with Support Pack 3 - 10.3
Situation
When a ZCM agent starts up and attempts to add exceptions to the firewall rules, that on occasion '/sbin/SuSEfirewall2 status' occasionally fails to return any data.
Install ZCM 10.3 and apply update 10.3.1.(No firewall)
Enable the firewall and refresh zcm agent/restart the server.
Result:
[DEBUG] [06/16/2010 11:29:25.423] [28520] [ZenLinuxDaemon] [12] [] [WebServer]
[] [Quicktask WebServer Port is 7628] [] []
[DEBUG] [06/16/2010 11:29:25.423] [28520] [ZenLinuxDaemon] [12] []
[ZMD_FIREWALL] [] [Attempting to get firewall handler delegate] [] []
[DEBUG] [06/16/2010 11:29:25.423] [28520] [ZenLinuxDaemon] [12] []
[ZMD_FIREWALL] [] [starting process: /etc/init.d/SuSEfirewall2_setup status] []
[]
[DEBUG] [06/16/2010 11:29:25.444] [28520] [ZenLinuxDaemon] [12] []
[ZMD_FIREWALL] [] [waiting for process exit...] [] []
[DEBUG] [06/16/2010 11:29:25.444] [28520] [ZenLinuxDaemon] [12] []
[ZMD_FIREWALL] [] [execCmd Success:
Cmd: /etc/init.d/SuSEfirewall2_setup
Out: Checking the status of SuSEfirewall2 ..running
] [] []
[DEBUG] [06/16/2010 11:29:25.444] [28520] [ZenLinuxDaemon] [12] []
[ZMD_FIREWALL] [] [got status...] [] []
[DEBUG] [06/16/2010 11:29:25.444] [28520] [ZenLinuxDaemon] [12] []
[ZMD_FIREWALL] [] [Using cached contents for: /sbin/SuSEfirewall2 status] [] []
[DEBUG] [06/16/2010 11:29:25.444] [28520] [ZenLinuxDaemon] [12] []
[ZMD_FIREWALL] [] [got status...] [] []
[DEBUG] [06/16/2010 11:29:25.445] [28520] [ZenLinuxDaemon] [12] [] [WebServer]
[] [Unexpected exception in WebServer.InitWebServer(False)
Type: System.ArgumentOutOfRangeException
Message: Cannot be negative.
Parameter name: startIndex
Stack Trace:
at System.String.Substring (Int32 startIndex, Int32 length) (0x00000)
at ZENPreAgent.FirewallHandler_sf2.getFirewallState () (0x00000)
at ZENPreAgent.FirewallHandler_sf2._isFirewallEnabled () (0x00000)
at ZENPreAgent.FirewallHandler.isFirewallEnabled () (0x00000)
at ZENPreAgent.FirewallHandler.openFirewallPort (Int32 port, Boolean
openTCP, Boolean openUDP) (0x00000)
at ZENPreAgent.FirewallHandler.openFirewallPort (Int32 port) (0x00000)
at Novell.Zenworks.Zmd.Refresh.WebServer.InitWebServer (Boolean
initSettings) (0x00000)
] [] []
[ERROR] [06/16/2010 11:29:25.445] [28520] [ZenLinuxDaemon] [12] [] [ZMD]
[ZMD.CouldNotBindToQuickTaskPort] [The agent failed to bind to the quick task
port. The ZENworks server will be unable to contact the agent.] [] []
ZCC shows Unable to connect through IP Address or Host Name
Install ZCM 10.3 and apply update 10.3.1.(No firewall)
Enable the firewall and refresh zcm agent/restart the server.
Result:
[DEBUG] [06/16/2010 11:29:25.423] [28520] [ZenLinuxDaemon] [12] [] [WebServer]
[] [Quicktask WebServer Port is 7628] [] []
[DEBUG] [06/16/2010 11:29:25.423] [28520] [ZenLinuxDaemon] [12] []
[ZMD_FIREWALL] [] [Attempting to get firewall handler delegate] [] []
[DEBUG] [06/16/2010 11:29:25.423] [28520] [ZenLinuxDaemon] [12] []
[ZMD_FIREWALL] [] [starting process: /etc/init.d/SuSEfirewall2_setup status] []
[]
[DEBUG] [06/16/2010 11:29:25.444] [28520] [ZenLinuxDaemon] [12] []
[ZMD_FIREWALL] [] [waiting for process exit...] [] []
[DEBUG] [06/16/2010 11:29:25.444] [28520] [ZenLinuxDaemon] [12] []
[ZMD_FIREWALL] [] [execCmd Success:
Cmd: /etc/init.d/SuSEfirewall2_setup
Out: Checking the status of SuSEfirewall2 ..running
] [] []
[DEBUG] [06/16/2010 11:29:25.444] [28520] [ZenLinuxDaemon] [12] []
[ZMD_FIREWALL] [] [got status...] [] []
[DEBUG] [06/16/2010 11:29:25.444] [28520] [ZenLinuxDaemon] [12] []
[ZMD_FIREWALL] [] [Using cached contents for: /sbin/SuSEfirewall2 status] [] []
[DEBUG] [06/16/2010 11:29:25.444] [28520] [ZenLinuxDaemon] [12] []
[ZMD_FIREWALL] [] [got status...] [] []
[DEBUG] [06/16/2010 11:29:25.445] [28520] [ZenLinuxDaemon] [12] [] [WebServer]
[] [Unexpected exception in WebServer.InitWebServer(False)
Type: System.ArgumentOutOfRangeException
Message: Cannot be negative.
Parameter name: startIndex
Stack Trace:
at System.String.Substring (Int32 startIndex, Int32 length) (0x00000)
at ZENPreAgent.FirewallHandler_sf2.getFirewallState () (0x00000)
at ZENPreAgent.FirewallHandler_sf2._isFirewallEnabled () (0x00000)
at ZENPreAgent.FirewallHandler.isFirewallEnabled () (0x00000)
at ZENPreAgent.FirewallHandler.openFirewallPort (Int32 port, Boolean
openTCP, Boolean openUDP) (0x00000)
at ZENPreAgent.FirewallHandler.openFirewallPort (Int32 port) (0x00000)
at Novell.Zenworks.Zmd.Refresh.WebServer.InitWebServer (Boolean
initSettings) (0x00000)
] [] []
[ERROR] [06/16/2010 11:29:25.445] [28520] [ZenLinuxDaemon] [12] [] [ZMD]
[ZMD.CouldNotBindToQuickTaskPort] [The agent failed to bind to the quick task
port. The ZENworks server will be unable to contact the agent.] [] []
ZCC shows Unable to connect through IP Address or Host Name
Resolution
This is fixed in version 10.3.1 - see KB 7006265 "ZENworks Configuration Management 10.3.1 - update information and list of fixes" which can be found at https://www.novell.com/support
This is fixed in version 11.1 - see KB 7008746 "ZENworks Configuration Management 11.1 - update information and list of fixes" which can be found at https://www.novell.com/support
Additional Information
The workaround for this issue is to disable the firewall, which is unacceptable in some situations.