Environment
ZENworks Configuration Management 2017 Update 2
Situation
Devices fail to enroll with "Unable to connect with server".
ERROR (from services-messages.log):
[ZENService] [190] []
[ZENSCEPServlet] [] [Exception occurred while retrieving the
certificate for mobile UID:
78676bd8555d9be9447b43b993fdcea43ed62e6e :
com.novell.zenworks.datamodel.exceptions.ObjectNotFoundException
Resolution
This is fixed in version 2020 - see KB 7024113 "ZENworks Configuration Management 2020 - update information and list of fixes" which can be found at https://support.microfocus.com/kb/doc.php?id=7024113
For prior releases:
Run the following script on the primary server running as the
CA server to resolve the issue:
novell-zenworks-configure -c
DeviceIdentityCertConfigureAction
Once the script is run on the appropriate primary server, the
device will be able to enroll without error.
Cause
When upgrading ZCM, the primary server that is running the
Certificate Authority - CertAuth role was not upgraded first,
resulting in the DeviceCertAuth role not being properly
assigned.
Additional Information
Full stack trace from log:
[Exception occurred while
retrieving the certificate for mobile UID:
78676bd8555d9be9447b43b993fdcea43ed62e6e :
com.novell.zenworks.datamodel.exceptions.ObjectNotFoundException
at
com.novell.zenworks.datamodel.services.zoneconfig.ZoneConfigAdminImpl.getZENServerSSLPort(ZoneConfigAdminImpl.java:4186)
at
com.novell.zenworks.scep.DeviceCertAuthRoleServerInfo.getSSLPortOfDeviceAuthRoleServer(DeviceCertAuthRoleServerInfo.java:38)
at
com.novell.zenworks.scep.ZENSCEPServlet.getCertificateSignedByCA(ZENSCEPServlet.java:268)
at
com.novell.zenworks.scep.ZENSCEPServlet.doEnrol(ZENSCEPServlet.java:139)
at
org.jscep.server.ScepServlet.service(ScepServlet.java:307)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:616)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
at
com.googlecode.psiprobe.Tomcat80AgentValve.invoke(Tomcat80AgentValve.java:41)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at
com.novell.zenworks.tomcat.ZENRequestValve.synchronousInvoke(ZENRequestValve.java:1740)
at
com.novell.zenworks.tomcat.ZENRequestValve.invoke(ZENRequestValve.java:1050)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1104)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1519)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1475)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at
java.lang.Thread.run(Thread.java:748)
] [] [] []
[ZENServer]