New install Primary Server gets installed with self-signed certificate

  • 7008235
  • 29-Mar-2011
  • 27-Apr-2012

Environment

Novell ZENworks 10 Configuration Management with Support Pack 3 - 10.3 Installation - Server
ZENworks Configuration Management zone is configured with internal CA

Situation

A install new Primary Server has self-signed certificate

Communication to new install Primary server fails.
 
Following error found in zcm install log
 
ERROR:
 
<Message><MessageID><![CDATA[0000]]></MessageID><MessageString><![CDATA[Hostname
= ie-zcm-w2k8.xentopia.home;Port = 443;Use SSL =
true]]></MessageString><Severity><![CDATA[1]]></Severity><Time><![CDATA[1272445967964]]></Time><Source><![CDATA[Unknown
Device]]></Source><ComponentName><![CDATA[Server
Install]]></ComponentName><AdditionalInfo /></Message>
<Message><MessageID><![CDATA[0000]]></MessageID><MessageString><![CDATA[Unable
to sign the csr.  This means that this server will continue to use a
self-signed
certificate.]]></MessageString><Severity><![CDATA[8]]></Severity><Time><![CDATA[1272445968382]]></Time><Source><![CDATA[Unknown
Device]]></Source><ComponentName><![CDATA[Server
Install]]></ComponentName><AdditionalInfo><![CDATA[java.lang.NullPointerException
    at
com.novell.zenworks.certauthority.zenca.ZENCACertSigner.signCSR(ZENCACertSigner.java:214)
    at
com.novell.zenworks.configure.actions.SSLConfigureAction.configure(SSLConfigureAction.java:392)
    at
com.novell.zenworks.configure.ZENworksConfigure.execConfigAction(ZENworksConfigure.java:1327)
    at
com.novell.zenworks.install.customcode.configure.BaseZenConfigAction.install(BaseZenConfigAction.java:58)
    at com.zerog.ia.installer.actions.CustomAction.installSelf(DashoA10*..)
    at com.zerog.ia.installer.InstallablePiece.install(DashoA10*..)
    at com.zerog.ia.installer.InstallablePiece.install(DashoA10*..)
    at com.zerog.ia.installer.InstallablePiece.install(DashoA10*..)
    at com.zerog.ia.installer.InstallablePiece.install(DashoA10*..)
    at com.zerog.ia.installer.GhostDirectory.install(DashoA10*..)
    at com.zerog.ia.installer.InstallablePiece.install(DashoA10*..)
    at com.zerog.ia.installer.Installer.install(DashoA10*..)
    at com.zerog.ia.installer.actions.InstallProgressAction.n(DashoA10*..)
    at com.zerog.ia.installer.actions.ProgressPanelAction$1.run(DashoA10*..)
]]></AdditionalInfo></Message>

Resolution

A fix for this issue is included in ZENworks 11, see KB 7006995 "ZENworks 11 - information and updates" which can be found at https://www.novell.com/support

WORKAROUND:
Ensure that the Primary Server hosting the internal CA is listed the closest server rule for the configuration role to avoid the issue.

To fix the Primary server certificate after fresh ZCM 10.3 install , update the primary server to ZCM 10.3.1 or newer and remint the server certificate using the novell-zenworks-configure -c SSL -z command.





Additional Information

The root cause is that the configuration role from the closet server rule gets utilized by the installer trying to find the CA server.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.