Due to several screw-ups by micro focus/opentext licensing on last year's renewal (nightmare, don't get me started), my AV update entitlement expired 10 days early (10/21 instead of 10/31 - someone made a typo). I wasn't worried about it, as there's always a grace period on these things and I was waiting for my new license renewal rep to get my renewal quote straightened out so I wouldn't go through the same endless hassle this year...
NO, there's no grace period at all. The moment the license expired, ZENworks actively poisoned the AV updates by setting the endpoints' AV Update server to "subscriptionexpired.domain.com" which results in an Error -1002 "An update process failed because the endpoint could not resolve the update server address. Please contact your system administrator." on the client and repeating "[ERROR] [6480] [ZavListener] [] [SYSTEM] [ZavOutput.log] [ProductEvent failure error: -1002] [ERROR] [] [] [] [ZENworks]" errors in the console.
The server itself is still getting updates, but as soon as each workstation picks up the new policy they start erroring out. This was actually a bit difficult to figure out at first, as I had been doing a bunch of re-install/upgrade work on my firewalls Friday afternoon, so to come in Monday morning and find all my workstations getting an apparent DNS failure trying to update made me think somehow I'd broken something. The fact that each workstation was failing at different times only added to the confusion; a few were getting updates still Monday morning while the majority had been failing since sometime Sunday. It wasn't until I did a port 53 packet capture between my workstation and the DNS that I figured out what had really happened.
Just to see if it was easy to fool, I tried adding a DNS 'A' record for 'subscriptionexpired.domain.com' to my DNS but that just changed the error from a -1002 DNS resolution failure to a -1005 Invalid Certificate error. I thought about ginning up a certificate for my server with a SAN, but decided that I might end up breaking something else (can open, worms everywhere...).
Adding to the frustration, after I urgently emailed my renewal rep telling him how things broke and to urgently process the P.O. he was about to receive I got an Out Of Office reply saying he was gone until Wednesday (tomorrow as I write).
No real question here, just complaining... Instantaneously blocking AV updates seems a lousy way to go about things, especially when everything else (in Open Workgroup Suite) has a 30-day or more grace period.
ARGH! I'm shaking my fist at you Novell/Micro Focus/opentext!