Assignments not retrieved because of LDAP connection reset

  • Document ID:7018367
  • Creation Date:06-Dec-2016
  • Modified Date:03-Jan-2017
    • Micro Focus Products:
      ZENworks Configuration Management

Environment

Novell ZENworks Configuration Management 11.4.1
Novell ZENworks Configuration Management 11.4.2
Novell ZENworks Configuration Management 11.4.3

Situation

User assignments are not flowing down to the device

Resolution

NOTE: This forces the use of the older TLSv1 protocol and due to that may be affected by vulnerabilities!

As a workaround add the following option to the startup options of ZENServer and ZENLoader
-Djdk.tls.client.protocols=TLSv1

On a Linux primary do the following:
- Open /etc/init.d/novell-zenserver for editing, e.g.:
vi /etc/init.d/novell-zenserver

- Search for the definition:
CATALINA_OPTS

- Add the end add the option mentioned above, so it looks like this:
CATALINA_OPTS="$ZEN_PROBE_OPTS $ZEN_JVM_TRUSTSTORE_OPTS $ZEN_JMX_OPTS $HEAP_DUMP_OPTIONS $JAVA_MIN_HEAP $JAVA_MAX_HEAP $JAVA_THREAD_STACK_SIZE $JAVA_MIN_PERM_SIZE $JAVA_MAX_PERM_SIZE $SYSTEM_PROPS -Dfile.encoding=UTF-8 -Djdk.tls.client.protocols=TLSv1"
- Open /opt/novell/zenworks/bin/zenloader for editing, e.g.:
vi /opt/novell/zenworks/bin/zenloader

Search for the definition:
JAVAOPTS

- Add the end add the option mentioned above, so it looks like this:
JAVAOPTS="$ZEN_JVM_TRUSTSTORE_OPTS $ZEN_JMX_OPTS $HEAP_DUMP_OPTIONS -server $JAVA_MIN_HEAP $JAVA_MAX_HEAP $JAVA_MIN_PERM_SIZE $JAVA_MAX_PERM_SIZE -Dbusinessobjects.orb.oci.protocol=ssl -DcertDir=/etc/opt/novell/zenworks/security -DtrustedCert=ca.der -DsslCert=server.der -DsslKey=server.key -Dpassphrase=passphrase.txt -Djdk.tls.client.protocols=TLSv1"

Do NOT modify any of the other options in the files or on these lines!


On a Windows primary do the following:
- Browse to %ZENWORKS_HOME\bin%

- Launch zenserverw.exe
Go to the Java tab. At the Java Options add the following on a NEW line and click OK:
-Djdk.tls.client.protocols=TLSv1


- Launch zenloaderw.exe
Go to the Java tab. At the Java Options add the following on a NEW line and click OK:
-Djdk.tls.client.protocols=TLSv1

Cause

On the server side a connection reset happens on the LDAP connection.

Status

Reported to Engineering

Additional Information

In the services messages you will see an error like:

[TRACE] [11/18/2016 14:10:21.546] [2480] [ZENService] [89] [] [ServiceStorePool] [com.novell.zenworks.datamodel.exceptions.InternalDataModelException: com.novell.zenworks.datamodel.exceptions.AuthoritativeSourceConnectionException: javax.naming.CommunicationException: windows-ad.zcm.com:636 ((Root exception is java.net.SocketException: Connection reset()