geenick Absent Member.
Absent Member.
817 views

ZCM 11.4 Server Remint - ZCM 11.3 Agents can't connect

We have been running ZCM for quite a long time and the internal certificate expired. Single Primary Server, running 11.4.2.0.

Another tech acted on the remint process and it appeared to succeed. Windows clients running agents with a version of 11.4.2.12471 have been reconnecting on their own.

Many workstations are still running version 11.3.1.39328 and cannot connect.

I tried enabling debug logging and am seeing the following message(s):

[INFO] [08/20/2018 14:37:46.058] [1868] [ZenworksWindowsService] [61] [] [ZenCertificatePolicy] [ZMD.CertificateChainError] [Error in the TLS certificate chain. Message: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.


[DEBUG] [08/20/2018 14:37:46.060] [1868] [ZenworksWindowsService] [61] [] [ConnectMan-ping] [] [web request exception: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.


We have been working around the issue by running:

zac unr -f
zac reg https://server.loc/


We haven't found an easy way to automate this process or any other process to get the bulk of our workstations to reconnect.

A "ZENworks update for certificate remint" System Update was created and has been trying to run for many days but it is not progressing. I have rebooted the Primary Server.

Has anyone else run into this issue?

Thanks in advance to anyone who can offer assistance!
Labels (1)
0 Likes
4 Replies
AutomaticReply Absent Member.
Absent Member.

Re: ZCM 11.4 Server Remint - ZCM 11.3 Agents can't connect

geenick,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
geenick Absent Member.
Absent Member.

Re: ZCM 11.4 Server Remint - ZCM 11.3 Agents can't connect

Anyone else find a clever way to work around this issue?
0 Likes
Knowledge Partner
Knowledge Partner

Re: ZCM 11.4 Server Remint - ZCM 11.3 Agents can't connect

In article <geenick.8mbhrb@no-mx.forums.microfocus.com>, Geenick wrote:
> zac unr -f
> zac reg https://server.loc/
>
> We haven't found an easy way to automate this process or any other
> process to get the bulk of our workstations to reconnect.


When migrating to a new ZCM system we used a batch file triggered by
either ZCM (where that worked) or as a login script trigger. We copied
the batch file to the c:\temp folder and ran it from there to run those
two lines and then delete itself.
As part of it we created a limited ZCM user with rights to import and
included them (-u and -p) in the zac reg line. It didn't get them all,
but it got us most of them.



Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
Micro Focus Expert
Micro Focus Expert

Re: ZCM 11.4 Server Remint - ZCM 11.3 Agents can't connect

Once the CA Expires, there is not an easy way to reconnect the devices since the SSL trust would be broken....
It will require manual touching...…….

You may be able to issue those commands via a logon script...… for devices that are not communicating...
AD Computer Script would definitely work....

In the past, I've issued "zac zc -l" (That is a lower case L) as part of a script to verify if the device had any configuration servers in the list and if not I knew it was not talking and some action was required.

However....any fixing will come from outside of the ZCM system since the agents no longer trust the server.....
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.