BachmannK1 Absent Member.
Absent Member.
2896 views

User source selection in ZCM Agent during login

In the process of migrating from eDir to AD but keeping ZCM.

A couple of weeks ago we added the AD as 2nd user source.

The Novell Client 4.91sp5 is still installed.

Manual login into the ZCM Agent with either eDir or AD source is possible with same user name (passwords are synchronized)

In order to migrate the user source from eDir to AD I modify the registry (see below):

1) After applying the RegKeys below (DefaultRealm etc.) I am still logged into eDir User source (even after clearing the CachedUserNames)

2) When doing a workstation only login I will NOT be logged into ZCM at all (but I can do manually into AD or eDir) Once logged in manually next time automatic login is ok

3) After UNinstalling Novell Client I will NOT be logged into ZCM Agent. Manual logging in is possible and next time it is automatic again - for that user, but not for another one.

What is wrong in my configuration?

I still have 2 user sources with identical users. What happens if I remove eDir as user source. Will every user than AUTOMATICALLY log into AD user source even if I have Novell Client still installed?

WinXP with ZCMagent 10.3.1 ZCMserver 10.3.3 UserSource1: eDir UserSource2: AD (Users are identical in both worlds and passwords are synchronized)

Registry

--- OLD settings before change
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\ZCM\ZenLgn]
"DomainLogin"=dword:00000001
"eDirLogin"=dword:00000001
"DisablePassiveModeLoginPrompt"=dword:00000001
"HonorClient32WorkstationOnlyCheckbox"=dword:00000001
"HonorWorkstationOnlyLogin"=dword:00000001
"EnableSeamlessLogin"=dword:00000001
"DefaultRealm"="eDirTreeName"
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\ZCM\ZenLgn\History\RealmName]
"Name"="eDirTreeName"

--- New Settings after deletion / modification:
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\ZCM\ZenLgn]
"DisablePassiveModeLoginPrompt"=dword:00000001
"EnableSeamlessLogin"=dword:00000001
"DefaultRealm"="ADname"
--- removed all cachedUser entries below:
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\ZCM\ZenLgn\History\CachedUserZenNames]
--- changed to new AD name:
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\ZCM\ZenLgn\History\RealmName]
"Name"="ADname"
Labels (2)
0 Likes
8 Replies
Anonymous_User Absent Member.
Absent Member.

Re: User source selection in ZCM Agent during login

BachmannK,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:

- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Product Support Forums Team
http://forums.novell.com/

0 Likes
baarsd Absent Member.
Absent Member.

Re: User source selection in ZCM Agent during login

Hi,

did you ever find a solution? I have the same problem 😞
0 Likes
Knowledge Partner
Knowledge Partner

Re: User source selection in ZCM Agent during login

Baarsd,
> did you ever find a solution? I have the same problem 😞


Exactly the same? Probably not as this poster has 10.3.1 which is
pretty old.

I suggest you post a new thread and provide as much information as
possible about your system, ie versions etc.

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
http://www.novell.com/rms

0 Likes
baarsd Absent Member.
Absent Member.

Re: User source selection in ZCM Agent during login

Hi Anders,

the original posters version(s) pretty well match our current deployment exactly - which is why I posted! Anyway...I have solved the problem - for posterity here is how I did it:

Used a zenworks bundle with these actions:

1. Export registry key CachedUserZenNames
%windir%\system32\reg.exe export HKLM\Software\Novell\ZCM\ZenLgn\History\CachedUserZenNames c:\temp\cacheduserzennames.reg /y

2. Download autoit script (.exe) to update the exported file above
We have 2 user sources configured - one called 'NIWA', the other called 'niwa.local' -
The script changes the cached user names from niwa\username to niwa.local\username - it only updates the value, not the key name

e.g.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Novell\ZCM\ZenLgn\History\CachedUserZenNames]
"NIWA\\baarsd"="NIWA\\baarsd"
"NIWA\\baker"="NIWA\\baker"

gets changed to

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Novell\ZCM\ZenLgn\History\CachedUserZenNames]
"NIWA\\baarsd"="niwa.local\\baarsd"
"NIWA\\baker"="niwa.local\\baker"

Here is the script file I used

--------------------

$file = FileOpen("C:\Temp\cacheduserzennames.reg", 0)
$write = FileOpen("C:\Temp\cachednames_fixed.reg", 2)

; Check if file opened for reading OK
If $file = -1 Then
MsgBox(0, "Error", "Unable to open file.")
Exit
EndIf

; Check if file opened for writing OK
If $write = -1 Then
MsgBox(0, "Error", "Unable to open file.")
Exit
EndIf

; Start top of cachednames_fixed.reg

FileWriteLine($write, "Windows Registry Editor Version 5.00")
FileWriteLine($write, "")
FileWriteLine($write, "[HKEY_LOCAL_MACHINE\Software\Novell\ZCM\ZenLgn\History\CachedUserZenNames]")

; Read in lines of text until the EOF is reached
While 1
$line = FileReadLine($file)
If @error = -1 Then ExitLoop
if StringRegExp($line, '"="') Then
$array = StringSplit($line,'"="',1)
$edited = StringReplace($array[2], "NIWA", "niwa.local")
FileWriteLine($write, $array[1] & '"="' & $edited)
;MsgBox(0, "Line read:", $array[1] & " and " & $edited)
EndIf

Wend

FileClose($file)
FileClose($write)

-------------
It's not very pretty or very well commented, but in case it is useful for someone else!

3. Run autoit script to update exported file
Action #2 above just downloads the script exe, this one runs it

%zenworks_home%\apps\edirADchange\change_usernames.exe

4. Import updated registry file
%windir%\system32\reg.exe import c:\temp\cachednames_fixed.reg

5. Update other registry keys

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\ZCM\ZenLgn]
"DefaultRealm"="niwa.local"
"EnableSeamlessLogin"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\ZCM\ZenLgn\History\RealmName]
"Name"="niwa.local"


6. Clear zenworks cache
%zenworks_home%\bin\zac.exe cc

Done!

I've tested this on our win7 64bit desktops, about to do the same to our winxp desktops. I'll reply here again if things act differently under winxp

It does require a reboot, but we're not prompting/forcing the users to do this at this point
0 Likes
Knowledge Partner
Knowledge Partner

Re: User source selection in ZCM Agent during login

Baarsd,
> I've tested this on our win7 64bit desktops, about to do the same to
> our winxp desktops. I'll reply here again if things act differently
> under winxp


Nice!

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
http://www.novell.com/rms

0 Likes
BachmannK1 Absent Member.
Absent Member.

Re: User source selection in ZCM Agent during login

Hallo together,

actually I did the following a few month ago (all AD and eDir users are synchronized):

D0 - 1month:
- added the AD user source onto the existing eDir user source (so each client gets information of 2nd user source)
- Exported all Bundle assignments to eDir users with the help of the "zman bl" and "zman blas" on the server console or "zman ul" and "zman ulb"
- added all Bundle assignment to AD user - in addition to the eDir users (could be done with zman as well - but I did id by hand)
- assigned ZCC login and administrative proviledges to AD Admin users instead of eDir users

D0 - 1month: created a bundle with following actions (all below HKLM\Novell\ZCM\ZenLgn\...): -- but did NOT asign it to all
1) Deletion of Registry Keys and Values:
1a) REG_SZ "...\DefaultRealm" (not sure if that is still required, but I did not have success without deletion)
1b) SubKey "...\History\CachedUserZenNames" (Key will be recreated)
2) Adding/Changing of following values:
2a) REG_SZ "...\DefaultRealm" with value of domain name (not Netbios name but full qualified - e.g. MyDomain.Local)
2b) REG_SZ "...\History\RealmName\Name" with value of domain name (not Netbios name but full qualified - e.g. MyDomain.Local)
2c) REG_DWORD "...\EnableSeamlessLogin" with value "1"
2d) REG_DWORD "...\DisablePassiveModeLoginPrompt" with value "1"

On day D0:
1) removed the user source eDir
2) assigned the bundle above to all workstations (and increased version again in order to rerun it on the test PCs)

I did not notice any problems after the modification - but as always: use at your own risk.
0 Likes
BachmannK1 Absent Member.
Absent Member.

Re: User source selection in ZCM Agent during login

I just noticed one thing in my environment - it is operational without any problem - just one does not worry:

In "HKLM\Novell\ZCM\ZenLgn\History\CachedUserZenNames" the "RegKeyNames" show the AD-NetBios-Name BUT the "RegKeyValues" show the AD-FullQualified-DomainName - e.g.

[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\ZCM\ZenLgn\History\CachedUserZenNames]
"MyADnetBiosDomName\BachmannK"="MyADdomain.Local\BachmannK"
"MyADnetBiosDomName\InstUser"="MyADdomain.Local\InstUser"

In my environment the 2 AD domain manes are completely different due to historical reason.

Klaus
0 Likes
eradke Absent Member.
Absent Member.

Re: User source selection in ZCM Agent during login

baarsd;2175211 wrote:

e.g.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Novell\ZCM\ZenLgn\History\CachedUserZenNames]
"NIWA\\baarsd"="NIWA\\baarsd"
"NIWA\\baker"="NIWA\\baker"

gets changed to

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Novell\ZCM\ZenLgn\History\CachedUserZenNames]
"NIWA\\baarsd"="niwa.local\\baarsd"
"NIWA\\baker"="niwa.local\\baker"

Here is the script file I used

--------------------

$file = FileOpen("C:\Temp\cacheduserzennames.reg", 0)
$write = FileOpen("C:\Temp\cachednames_fixed.reg", 2)

; Check if file opened for reading OK
If $file = -1 Then
MsgBox(0, "Error", "Unable to open file.")
Exit
EndIf

; Check if file opened for writing OK
If $write = -1 Then
MsgBox(0, "Error", "Unable to open file.")
Exit
EndIf

; Start top of cachednames_fixed.reg

FileWriteLine($write, "Windows Registry Editor Version 5.00")
FileWriteLine($write, "")
FileWriteLine($write, "[HKEY_LOCAL_MACHINE\Software\Novell\ZCM\ZenLgn\History\CachedUserZenNames]")

; Read in lines of text until the EOF is reached
While 1
$line = FileReadLine($file)
If @error = -1 Then ExitLoop
if StringRegExp($line, '"="') Then
$array = StringSplit($line,'"="',1)
$edited = StringReplace($array[2], "NIWA", "niwa.local")
FileWriteLine($write, $array[1] & '"="' & $edited)
;MsgBox(0, "Line read:", $array[1] & " and " & $edited)
EndIf

Wend

FileClose($file)
FileClose($write)



We are also to the point where we're doing this same scenario. Here is a cmd script I wrote to do the same as your Autoit script, hope it is useful to someone out there:

setlocal enabledelayedexpansion
set __REALM=YourRealmName
if not defined __REALM goto :EOF

REM query cached Zenworks user names in the registry separating registy value and data strings
for /f "usebackq tokens=1,3 skip=2" %%A in (`reg.exe query "hklm\software\novell\zcm\zenlgn\history\cacheduserzennames"`) do (

REM separate the OldRealm and user strings from the data string
for /f "usebackq tokens=1,2 delims=\" %%D in ('%%B') do (

REM import cached Zenworks user names registry, replacing value's data with the NewRealm\user
reg.exe add "hklm\software\novell\zcm\zenlgn\history\cacheduserzennames" /v "%%A" /t REG_SZ /d "%__REALM%\%%E" /f
)

)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.