Update for certificate remint stuck on ignored

Hello,

Previously we pushed a server remint and were successful on all servers and vast majority of devices, but we have a few stuck in "pending" and even though they have been ignored, the update won't complete. Any suggestions?

ZENworks is on 23.4 with the latest updates for the month.

  • 0  

    I am going to be picky here...but it's important for lurkers....You did a "CA Certificate Remint" and NOT a "Server Cert Remint".  The CA Remint goes to all devices and is about the CA the devices need to trust.  The Server Remint details only go to other primaries.

    --

    There should be a box where you can select the column to ignore everyone....maybe you missed one.

    If that did not work...I don't have any easy quick tips.

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • 0 in reply to   

    Just for clarification, technically we did both the CA and all server certs.



  • 0   in reply to 

    The CA Remint will force the remint of all certs....Only the CA Remint System Update gets sent to managed devices.

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • 0 in reply to   

    Additional info, if helpful, from scouring the forums.

    SELECT zzenobject.zuid, zzenobject.path, zqueue.type, zqueue.status
    FROM zzenobject
    INNER JOIN zQueue ON zqueue.processinguid = zzenobject.zuid
    WHERE zqueue.type = 'certificate.remint'
    ** Returned 0 Objects

    SELECT * FROM zqueue WHERE type = 'certificate.remint' and status != 'S'
    ** Returned 0 Objects

    /etc/opt/novell/zenworks/loader/RemintQueueActionHandler.xml
    ** Owned by zenworks (775)

    Restarted ZENLoader service

    /var/opt/microfocus/log/zenworks/microfocus-zenworks-configure-service.log
    ** [DEBUG] [06/10/2024 21:02:36.661] [4348] [ConfigureClient] [1] [root] [ConfigureUtility] [] [ActivateCertificateConfigureAction complete!] [] [] [] [ConfigureUtility]

  • Suggested Answer

    0 in reply to 

    Found query:
    SELECT d.hostname, d.zuid, d.agentversion, s.updatestatus FROM zsystemupdatedeviceinfo s, zdevice d WHERE s.updatestatus = 'ERROR' and s.updateuid = 0x[GUID] and s.deviceuid = d.zuid

    Compared SQL query results to the Deploying System Updates Pending devices and identified one device listed in database which is missing from ZCM list

    Reviewed the table zSystemUpdateDeviceInfo trying to find insight

    SELECT * FROM [zenworks].[dbo].[zSystemUpdateDeviceInfo] WHERE [UpdateUID] = [RemintUpdateGUID] and StatusMessageKey = 'Assigned'

    Noticed the device in question is the only one not flagged as ignored but double checked.

    SELECT * FROM [zenworks].[dbo].[zSystemUpdateDeviceInfo] WHERE [UpdateUID] = [RemintUpdateGUID] and isIgnored = '0' and UpdateStatus = 'Assigned'

    Decided to change the flag to ignore:

    UPDATE [zenworks].[dbo].[zSystemUpdateDeviceInfo]
    SET [isIgnored]='1'
    WHERE [UpdateUID] = [RemintUpdateGUID] and [DeviceUID] = [DeviceUID of device in question]

    Didn't immediately disappear (unsure how often this is processed) so just rebooted ZENworks for general health and the pending certificate remint was gone when checking.

    Hope this potentially helps someone else in the future.