djbrightman1 Absent Member.
Absent Member.
1531 views

CA Remint - unable to initialize Novell Encryption scheme...

We are modelling a ZCM CA remint in our test environment.

Following the ZCM 11.4 CA remint (i.e. move to SHA256 certificates) we are receiving the following error when trying to initiate remote control

"The managed device was unable to initialize Novell Encryption scheme for the session. Ensure that the managed device is UTC time synchronized with this system. If the problem persists, contact Novell Technical Services.The managed device was unable to initialize Novell Encryption scheme for the session. Ensure that the managed device is UTC time synchronized with this system. If the problem persists, contact Novell Technical Services."


We have checked HKEY_LOCAL_MACHINE\SOFTWARE\Novell\ZCM\CASubject as per
https://www.novell.com/support/kb/doc.php?id=7003832 and it looks OK - subject elements appear to match

Also checked timesync between primaries and database as per https://forums.novell.com/showthread.php/474983-ZCM-11-2-4-Remote-Control-Issues?highlight=initialize+Novell+Encryption

Has anyone else seen this issue following a remint?
Is there something the 'ZENworks update for certificate remint' is missing?

Cheers
David
Labels (2)
0 Likes
4 Replies
Micro Focus Expert
Micro Focus Expert

Re: CA Remint - unable to initialize Novell Encryption schem

Are all devices 11.4 or greater in the lab?
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
djbrightman1 Absent Member.
Absent Member.

Re: CA Remint - unable to initialize Novell Encryption schem

Nah....! Just like the real world there are a mixture 😉

Most of our devices are 11.2.x or 11.3.x However, doesn't work on 11.4 either...

Browser debug log (novell-zenworks-vncviewer.txt) shows
>>
[INFO ] [12/07/2015 16:33:03.623] [7508] [nzrViewer] [11916] [] [Remote Management] [] [Enabling TightVNC protocol extensions] [] [] [] [Management Console]
[ERROR] [12/07/2015 16:33:03.935] [7508] [nzrViewer] [11916] [] [Remote Management] [] [SSL handshake failed. Error: 0. Reason: 6. Details: tlsv1 alert decrypt error] [] [] [] [Management Consol
e]
<<

Agent debug log (WinVNC.log) shows (amongst others)
>>
[WARN] [12/07/2015 16:32:20.258] [5328] [nzrWinVNC] [4204] [] [Remote Management] [] [] [] [] [Zenworks Agent]
[WARN] [12/07/2015 16:32:20.258] [5328] [nzrWinVNC] [4204] [] [Remote Management] [] [] [] [] [Zenworks Agent]
[WARN] [12/07/2015 16:32:20.258] [5328] [nzrWinVNC] [4204] [] [Remote Management] [] [] [] [] [Zenworks Agent]

<<

FYI We have logged SR 10982169451 : CA Remint - unable to initialize Novell Encryption scheme...

Cheers
David
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: CA Remint - unable to initialize Novell Encryption schem

Make sure to just test 11.4 to 11.4 devices for one issue.

There are known issues with 11.4 to older devices with some TIDs with some bug patches that can be applied on either the agent or the mgmt station performing the action.
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
djbrightman1 Absent Member.
Absent Member.

Re: CA Remint - unable to initialize Novell Encryption schem

OK, thanks. Support should be remot'ing in again this afternoon, so hopefully they will discover what the issue is.
I'll update if it's something relevant for others
Cheers
David
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.