Novell ZENworks Configuration Management 11.2Novell ZENworks Endpoint Security Management 11.2
Unable to decrypt encrypted Settings XML.StackTrace = at
Novell.Zenworks.ZESMCoreSetttings.ZESMCoreSetttingsModule.ApplySecuritySettings (String encrSecuritySettings)
This is fixed in version 11.2.4 - see KB 7012027 "ZENworks Configuration Management 11.2.4 - update information and list of fixes" which can be found at http:////support.microfocus.com/kb/doc.php?id=7012027
Workaround: if it is not possible to upgrade to ZCM 11.2.4 at this time, in the interim, Novell has made a Patch available for testing, as part of a Monthly patch update: it can be obtained at https://download.novell.com/Download?buildid=s5zcEae9xcI~ as "ZCM 11.2.3a Monthly Update 1 - see TID 7012025". This update should only be applied if the symptoms above are being experienced, and are causing problems.
Please report any problems encountered when using this Patch, by using the feedback link on this TID.
Workaround (two methods):
- NOTE: Workstations only, do not do this on primary!
Unregister the device with zac unr -f and register the device with zac reg.
- Enable client self defense in ZCC > Configuration > Device Management > ZENworks Agent > Enable self defense for the ZENworks Adaptive Agent
- Let the agent devices refresh according to schedule
- (Optional) If it is desired that this setting not be in place, disable the setting from Step 1 after all affected devices have refreshed.
- In some cases if the above steps do not work, it is necessary to make a minor change to the location in ZCC, Apply, then undo the change and Apply. Then on the managed device do a zac cc and zac ref bypasscache.
The location configuration service restores the KMK (Key Management Key).
Note, after the fix, the error may still be seen if the KMK is lost, but it should "self heal" as the agent will pull down another KMK and rebuild. After that the error will stop.
This error may be seen for other causes, such as corrupt ZES store or timing issue on services restart. If this TID does not fix the problem on more recent builds, contact Novell Technical Services.