I was called to a customer who needs to move his 2 ZCM Servers (still 11.3.0 but update to 11.4.3 is scheduled) with external DB to a new IP segment. Hostname and DNS will remain UNchanged.

1st server has got the new IP address, the clients show the new IP address after refresh in - ZAA - Properties - Servers -

I have perfomed the actions in "Changing the IP Address of a Primary Server after Installing ZENworks 11 SP3" in "ZENworks 11 SP3 Disaster Recovery Reference" on 1st server.

- do I have to do anything else?
- what happens with clients not currently switched on? will they connect even the IP address on both servers habe changed? Or do I need one server with old IP address until the last client has connected?
- when doing a "zac ci" (or "zac zc") I will see the IP addresses of the servers - but the certificates itself do NOT hold the IP address! Will these IP addresses be automatically updated?

  • Devices not powered on should be fine, since they will hit the server based upon DNS.
    Devices that are ON would be the biggest issues since they could have cached DNS and continue to resolve the old address :)

    The Certificates should not even have the IP Address of the servers, they should hold the DNS Name.
    That would indicate that when the server was installed, that would indicate DNS was not working for the server upon install time.
    Don't try to fix that at this time.......
    Messing with certs more likely to cause an issue.....

    If this DOES end up causing any issue, go to the ZCC and find your primary server.
    Under Settings, there is an "Infrastructure Management" Section that has additional DNS names....simply put in the old IP Address there.

    Worry about Certs Post 11.4.3 for many reasons.
    #1 - Once you get to 11.4.x, new CAs nad Certs will be SHA256 not SHA1.
    So if you are gonna end up doing cert work, you want to get SHA256 stuff.
  • Results:

    we modified the IP address of 1st primary and restarted the server (and restarted 2nd primary - which was possibly not needed)
    we modified and changed DNS entries - check and remove the reverse lookup entry for old IP
    we verified that DNS had replicated and cleared DNS cash on local test PC
    we verified after a client refresh that the new IP address was shown in - ZAA - Properties - Server -
    we waited over night (70% of PCs are running over night) that all active PCs got the new IP information with the next refresh intervall
    we changed the 2nd server identical to above
    we rebuild the ZCM deployment packages and included them for new images (novell-zenworks-configure -c CreateExtractorPacks -Z)

    on PCs NOT switched on since change of 1st server a login prompt popped up and User could NOT login to ZENworks with a "network or certificate" error
    NAL window was empty since all icons are assigned to users
    we had to wait 6 minutes for a ZCM Agent refresh (or do it manually) and could login to ZENworks again / with - ZAA - Login -

    best would be to wait for a couple of days until most PCs connected and got updated IP information of 1st server / than change 2nd primary
    the commands "zac ci" and "zac zc" still show OLD IP addresses - but IP addresses are NOT part of the certificates
    possibly the upgrade to a new ZCM Agent will update the zac ci as well

    an additional entry in - ZCC - Server - ServerName - Settings - Infrastructure - additional-DNS-name - "old IP address" - resulted in an error on the server