we have a CA remint system update in progress, the new CA is scheduled to activate in six days.
Of course, in the meantime "some" workstation were re-imaged and I'm afraid, those workstations will fail to connect later.
In "Troubleshooting" I found this:
Managed device that was re-imaged during remint is not communicating with the Primary Server
Source:ZENworks; SSL Management.
Explanation:After a remint system update is completed on a device, before the activation date, if the device is re-imaged and registered, it will not be able to communicate with the Primary Server, post activation. This is because the new server certificate is already activated on the Primary Server and the device does not have the new certificate because the system update is not sent to the device again.
Action:You need to unregister and re-register the device. If the system update is not yet baselined, you can use the certificate remint tool to run the system update again.
So here are my questions:
- I already found a bunch of workstations (ATM 77, but increasing....) having this problem and I would like to fix it BEFORE the change happens. Can the Remint Tool help?
- If I want to try the unreg/reg in some cases (AFTER CA Change, for workstations not available right now), can I use unreg -f -s to unregister? (My guess: Without broken communication a simple zac unreg won't work pretty good)
- I have downloaded and saved the Remint Tool for later use, so it's already available on workstations. It's just from one of the primary servers. Is it useful that way?
Of course finally about the environment:
4 Primary servers 17.4.1 (Windows 2012 R2)
5000+ workstations running Windows 7SP1, Windows 10 1803 , ZCM Agents 11.4.2 / 17.4.1
Thanks for any suggestions 🙂
I believe the answer to that question is yes.....
I will try and verify early next week....If you don't see a post by me by late Monday U.S. time, please post back.
Sounds great... so I'll prepare a bundle.
Anything special I should consider? I think I would start using DAU for execution....
OK and THX, so of course I created it running as System 🙂
Although the bundle itself seems to throw errors often, it's doing the job (no time for cosmetics:)). Starting with 390 problem devices we are below 320 already, continually decreasing
Thanks for helping me out just in time!
I forgot to add a final Thank You , our results and experiences
- the bundle was successfully deployed to ~340 re-imaged devices, saved a lot of work to fix it later
- I wish I had the idea earlier (about fixing it before CA is changed) ... I had only three days left and of course we weren't able to catch all devices...
- Maybe it would be a good idea to have a hint in the documentation? Reading the troubleshooting section is my usual practice, however you still have to realize that you would be able to avoid some problems before they arise.