Indumathi B & Ingo Engels 18 November 2015

Similar documents
ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

ZENworks Adaptive Agent Reference

Full Disk Encryption Agent Reference

Administration Quick Start

Augmenting VMware View Horizon (VDI) with Micro Focus Client Management

Introducing ZENworks 11 SP4. Experience Added Value and Improved Capabilities. Article. Article Reprint. Endpoint Management

Windows Operating Systems. Basic Security

Introducing ZENworks 11 SP4

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

Check Point FDE integration with Digipass Key devices

CONNECT-TO-CHOP USER GUIDE

Server Manager Performance Monitor. Server Manager Diagnostics Page. . Information. . Audit Success. . Audit Failure

SchoolBooking SSO Integration Guide

ZENworks 11 Support Pack 4 Management Zone Settings Reference. May 2016

for Networks Installation Guide for the application on the server July 2014 (GUIDE 2) Lucid Rapid Version 6.05-N and later

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

InventoryControl for use with QuoteWerks Quick Start Guide

SSL VPN Service. Once you have installed the AnyConnect Secure Mobility Client, this document is available by clicking on the Help icon on the client.

PROJECTIONS SUITE. Database Setup Utility (and Prerequisites) Installation and General Instructions. v0.9 draft prepared by David Weinstein

NSi Mobile Installation Guide. Version 6.2

User Source and Authentication Reference

ACTIVE DIRECTORY DEPLOYMENT

Android App User Guide

McAfee Endpoint Encryption for PC 7.0

COMMANDS 1 Overview... 1 Default Commands... 2 Creating a Script from a Command Document Revision History... 10

F-Secure Messaging Security Gateway. Deployment Guide

A Guide to New Features in Propalms OneGate 4.0

Network Connect Installation and Usage Guide

NetIQ Advanced Authentication Framework - Client. User's Guide. Version 5.1.0

Enterprise Remote Control 5.6 Manual

Monitor Print Popup for Mac. Product Manual.

VMware Software Manager - Download Service User's Guide

Smart TPM. User's Manual. Rev MD-STPM-1001R

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android with TouchDown

Windows 8 Backup, Restore & Recovery By John Allen

VMware Mirage Web Manager Guide

Full Disk Encryption Policy Reference

Full Disk Encryption Pre-Boot Authentication Reference

Symantec PGP Whole Disk Encryption Hands-On Lab V 3.7

Installation Steps for PAN User-ID Agent

Installation Guide: Delta Module Manager Launcher

Contents. Platform Compatibility. Directory Connector SonicWALL Directory Services Connector 3.1.7

SafeGuard Enterprise Web Helpdesk

Global VPN Client Getting Started Guide

Advanced Diploma In Hardware, Networking & Server Configuration

How to Use Remote Access Using Internet Explorer

Pcounter Web Report 3.x Installation Guide - v Pcounter Web Report Installation Guide Version 3.4

70-685: Enterprise Desktop Support Technician

ICT Professional Optional Programmes

Application Server Installation

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

McAfee Endpoint Encryption (SafeBoot) User Documentation

Secure Messaging Server Console... 2

Audit Management Reference

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

NetSpective Logon Agent Guide for NetAuditor

NetWrix USB Blocker. Version 3.6 Administrator Guide

Windows 7, Enterprise Desktop Support Technician

BorderGuard Client. Version 4.4. November 2013

Sophos Mobile Control Administrator guide. Product version: 3.6

Table of Contents. Cisco Cisco VPN Client FAQ

Embarcadero Performance Center 2.7 Installation Guide

Quick Start Guide for Parallels Virtuozzo

Quick Start Guide. IT Management On-Demand

Configuring MailArchiva with Insight Server

Using iscsi with BackupAssist. User Guide

Smart Card Authentication Client. Administrator's Guide

XyLoc Security Server (XSS-SQL 5.x.x) Administrator's Guide

ADSelfService Plus: 3rd party Winlogon Client Software Support

McAfee One Time Password

Global Image Management System For epad-vision. User Manual Version 1.10

Print Server Application Guide

Migrating TimeForce To A New Server

Network DK2 DESkey Installation Guide

What s New in Propalms VPN 3.5?

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Windows Server 2008 (Domain Member Servers and Domain Controllers)

WEBTITAN CLOUD. User Identification Guide BLOCK WEB THREATS BOOST PRODUCTIVITY REDUCE LIABILITIES

Xopero Backup Build your private cloud backup environment. Getting started

Endpoint Security Client for Mac

for Networks Installation Guide for the application on the server August 2014 (GUIDE 2) Lucid Exact Version 1.7-N and later

Quick Start Guide for VMware and Windows 7

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

ViPNet ThinClient 3.3. Quick Start

Release Notes. Pre-Installation Recommendations... 1 Platform Compatibility... 1 Known Issues... 2 Resolved Issues... 2 Troubleshooting...

Table of Contents. TPM Configuration Procedure Configuring the System BIOS... 2

Walton Centre. Document History Date Version Author Changes 01/10/ A Cobain L Wyatt 31/03/ L Wyatt Update to procedure

Active Directory Requirements and Setup

Administering FileVault 2 on OS X Lion with the Casper Suite. Technical Paper July 2012

Windows Administration Terminal Services, AD and the Windows Registry. INLS 576 Spring 2011 Tuesday, February 24, 2011

FileMaker Server 7. Administrator s Guide. For Windows and Mac OS

Networking Best Practices Guide. Version 6.5

Sage Intelligence Financial Reporting for Sage ERP X3 Version 6.5 Installation Guide

User Guide. Version 3.2. Copyright Snow Software AB. All rights reserved.

Use Enterprise SSO as the Credential Server for Protected Sites

Getting Started Guide

Installation Notes for Outpost Network Security (ONS) version 3.2

escan SBS 2008 Installation Guide

SECURE COMMUNICATIONS PLAN Updated August 25, 2011

HYPERION SYSTEM 9 N-TIER INSTALLATION GUIDE MASTER DATA MANAGEMENT RELEASE 9.2

Transcription:

ZENworks Windows Agent Troubleshooting Indumathi B & Ingo Engels 18 November 2015

About us Indumathi B ZENworks Windows Agent Core Developer in Rapid Response Team Ingo Engels ZENworks Backline Support Engineer

Collecting general agent debug information Set debug log level Collect debug information with the command: zac zeninfo -> %tmp%\zeninfo-<date>.zip For Endpoint Security Management and Full Disk Encryption a Diagnostic Package can be created.

Agent Install PreAgentPkg_Agent.exe Command line options: q (no reboot prompt) x (no reboot) k (registration key) Z (ZESM install information) v (verbose logging) Defaults to Location Awareness Lite -> %windir%\novell\zenworks\bin\zpa.status

Agent Configuration ZENworks Agent Configuration in ZENworks Control Center Windows Registration values Mostly documented at: https://www.novell.com/documentation/zenwork s114/zen11_sys_registry_keys/

Agent Registration %zenworks_home%\conf\initial-web-service %zenworks_home%\bin\conninfo.dat zac reg (-g) zac unr s (local only) -f (force) -a (asynchronous) New with ZeUS since 11.4: %zenworks_home%\pstore\zeusstore -> zmd-messages.log

Agent Self Defense Protects only Endpoint Security Management part: Using Windows Task Manager to terminate any Endpoint Security Agent processes. Stopping or pausing any Endpoint Security Agent services. Removing critical files and registry entries. If a change is made to any registry keys or values associated with the Endpoint Security Agent, the registry keys or values are immediately reset. Disabling NDIS filter driver binding to adapters. Configurable through ZENworks Agent Configuration settings or Security Settings Policy

Location Awareness Location Detection is always done in Endpoint Security Management agent component Full Mode: ESM Agent binds 2 drivers to each network adapter configuration: Novell ZENworks Wireless Location Awareness Novell ZENworks Location Awareness Active network configuration change detection Lite Mode only effective without ESM: Driverless OS triggered passive network configuration change detection -> C:\ProgramData\Novell\ZES\Logs\

System Update Traditional: System Update Content downloads through ZENworks Agent -> zmd-messages.log ZeUS (ZENworks Update Service) - New with 11.4: -> %zenworks_home%\zeus\ Disable use of ZeUS -> HKLM\Software\Novell\ZCM: EnableTraditionalUpdate (Reg_SZ):True Zenupdater -> %zenworks_home%\logs\system-update\<system Update GUID>\systemupdate.log

Agent Refreshes System Start -> Intial Refresh after agent service startup Partial Refresh -> Mainly Policy data, no Bundle data processed but gets all assignment on first run General Refresh -> Everything but on first refresh no assignments UIRefresh Random Time to Wait

Reading zmd-messages.log Agent service start : [DEBUG] [09/23/2015 08:00:09.402] [1684] [ZenworksWindowsService] [8] [] [InitZMD] [] [Start Init] [] [] [] [ZENworks Agent] -> 1684: Agent Service process ID -> 8: Agent Thread -> InitZMD: Agent Module Name User Login gets prepared: [DEBUG] [09/23/2015 08:02:05.552] [1684] [ZenworksWindowsService] [11] [] [RemotingService] [] [ZENCreateSession entered] [] [] [] [ZENworks Agent] [DEBUG] [09/23/2015 08:02:05.552] [1684] [ZenworksWindowsService] [11] [] [RemotingService] [] [ZENCreateSession calling EnsureSession with ID: 787959] [] [] [] [ZENworks Agent] -> 787959: Session ID of logged-in User -> 999 is always the Device Session ID User Login starts: [DEBUG] [09/23/2015 08:02:09.966] [1684] [ZenworksWindowsService] [11] [] [RemotingService] [] [ZENLogin entered] [] [] [] [ZENworks Agent] A refresh starts: [DEBUG] [09/23/2015 08:02:11.308] [1684] [ZenworksWindowsService] [11] [iengels] [RefreshMgr] [] [(Thread=11; SessionId=787959; RefreshType=PartialRefresh) ProcessRefresh entered] [] [] [] [ZENworks Agent] Refresh triggers a module: [DEBUG] [09/23/2015 08:02:11.392] [1684] [ZenworksWindowsService] [11] [iengels] [RefreshMgr] [] [(Thread=11; SessionId=787959; RefreshType=PartialRefresh) Calling Refresh Handler: Assignment Manager Module] [] [] [] [ZENworks Agent] Module Refresh concludes: [DEBUG] [09/23/2015 08:02:11.651] [1684] [ZenworksWindowsService] [11] [iengels] [RefreshMgr] [] [(Thread=11; SessionId=787959; RefreshType=PartialRefresh) Finished Refreshing Assignment Manager Module: 259 ms] [] [] [] [ZENworks Agent] A refresh concludes: [DEBUG] [09/23/2015 08:02:11.727] [1684] [ZenworksWindowsService] [11] [iengels] [RefreshMgr] [] [(Thread=11; SessionId=787959; RefreshType=PartialRefresh) ProcessRefresh exited: 0,718 seconds] [] [] [] [ZENworks Agent]

Adaptive Agent Components User Management Image Management Bundle Management Policy Management Patch Management Asset Management (Inventory always enabled) Remote Management Endpoint Security Management Full Disk Encryption

User Management

%windir%\system32\zencredmanager.log: [ZenCredMgr] [] [NPLogonNotify called.] [ZenCredMgr] [] [NPLogonNotify Store update not required.] [ZenCredMgr] [] [NPLogonNotify called.] [ZenCredMgr] [] [NSSCSSetCredential credman successful!.] [ZenCredMgr] [] [Script string is C:\Windows\system32\ZAuthHandler.exe -D"WIN-7-SP1-X64" -U"admin" -L"141886" -H"0" ] %tmp%\zauthhandler.log: [ZAuthHandler] [] ZenNotifyLogin entered [ZAuthHandler] [] ZenNotifyLogin calling zenlgn - UserName = admin [ZAuthHandler] [] ZenNotifyLogin Success Domain= WIN-7-SP1-X64

%windir%\system32\zencredentialprovider.log: [ZenCredentialProvider] [] [CNotify::LocalPreLogonNotify() - Called] [ZenCredentialProvider] [] [CNotify::LocalPreLogonNotify() - Returning] %windir%\system32\zennotify.log: [ZenNotify] [] [ZenNotifyLogin entered] [] [ZenNotify] [] [ZenNotifyLogin returning 0] [ZenNotify] [] [ZENworks user authentication Success] HKLM/Software/Novell/CASA Key: [SessionID] = Value: ZenCredProvider/CredManager/ZIcon

%zenworks_home%\logs\localstore\zmd-messages.log: [ZenworksWindowsService] [] [RemotingService] [] [ZENIsServerAvailable entered] [ZenworksWindowsService] [] [RemotingService] [] [ZENIsServerAvailable returning SUCCESS] [ZenworksWindowsService] [] [RemotingService] [] [ZENLogin entered] [ZenworksWindowsService] [] [ZenCasa] [] [ObtainAuthToken entered] [ZenworksWindowsService] [] [ZenCasa] [] [ObtainSessionTokenFromServer entered] [ZenworksWindowsService] [] [ZenCasa] [] [ObtainSessionTokenFromServer returned with code 0] [ZenworksWindowsService] [] [ZenCasa] [] [ObtainAuthToken returned with code 0 ] [Persist credentials @HKLM/Software/Novell/ZCM/ZenLgn/History/Cache/[realm]/metadata] [ZenworksWindowsService] [] [RemotingService] [] [ZENStoreCredentials Entered] [ZenworksWindowsService] [] [RemotingService] [] [ZENStoreCredentials returning True]

[Disconnected Login] [ZenworksWindowsService] [] [RemotingService] [] [ZENIsServerAvailable entered] [ZenworksWindowsService] [] [RemotingService] [] [No good primary servers..need [ZenworksWindowsService] [] [RemotingService] [] [ZENVerifyCache entered] [ZenworksWindowsService] [] [RemotingService] [] [About to call VerifyCredentials ]

%ZENworks_HOME%\share\ats\etc\svc\ Ats.log [Realm configuration] [<%ZENworks_HOME%>\share\ats\etc\svc\IAREALMS.XML] [ATS] [] [(ClientAddr=10.71.55.62)invoke()- NamingException: (LDAP: error code 49 - NDS error: failed authentication (-669))Exception occured while adding connector specified at (XPath: /bci:realms/bci:realm(@id='blr-srm-r7s-tree'))] [ATS] [] [(ClientAddr=10.71.55.62)invoke()- Reason could be due to LDAP errors: (LDAP: error code 49 - NDS error: failed authentication (-669))Exception occured while adding connector specified at (XPath: /bci:realms/bci:realm(@id='blr-srm-r7s-tree'))] [ATS] [] [(ClientAddr=10.71.55.62)invoke()- Failed to resolve identity for entity user1]

[keystore corrupted:] %ZENworks_HOME%\share\tomcat\webapps\CasaAuthTokenSvc\WEB-INF\classes\casa_crypto.properties %ZENworks_HOME%\conf\security\trusted-ats-jks-store] [ATS] [] [(ClientAddr=10.71.67.22)Autheticated IdentID:CN=Indu,CN=Users,DC=epm,DC=blr, DC=novell,DC=com] [authtoksvc.pwdauthenticate] [ATS] [] [(ClientAddr=10.71.67.22)getSecureTokenUtilObj()- Exception caught, message = Keystore was tampered with, or password was incorrect] [authtoksvc.sessiontoken] [] [] [CASA] [ATS] [] [(ClientAddr=10.71.67.22)Constructor()- Failed to obtain secure token util object] [authtoksvc.sessiontoken] [ATS] [] [(ClientAddr=10.71.67.22)invoke()- Exception: java.lang.exception: SessionToken.Constructor() Failed to obtain secure token util object] [authtoksvc.authenticate] [] [] [CASA]

Image Management Novell ZENworks ISD Service installed in Windows 7 or newer. In Windows XP ziswin.exe gets launched. Updates or restores ZENworks Image Save Data at Windows startup The service stops itself after work is finished Can be launched after agent install but before reboot e.g. to restore device name Configured the -> %zenworks_home%\logs\preboot\novell-zisdservice.log ZISD can by viewed, edited or cleared with: %zenworks_home%\bin\preboot\ziswin.exe ziswin.exe also allows configuration of the Restore & Collection Mask

Bundle & Policy Management Having device related assignment with user account related system access Metadata & Schedules through configuration role Content Windows Explorer integration through nalshell.dll -> %zenworks_home%\logs\nalshell.txt -> %zenworks_home%\logs\nsnalwin.txt -> zmd-messages.log

Patch Management ZENworks Core Agent - vehicle to transfer patch related configuration & content -> zmd-messages.log Heat Software patch agent (analyze.exe & remediate.exe) Patch install & detection -> %zenworks_home%\zpm\debug*.txt Additional patch agent debug information: <Device GUID>.state -> Patch Scan result *plp_result.txt -> Patch Install result SnoozeList.xml -> Patch Scan scheduled for next device boot-up Application Event Log

Asset (Inventory) Management Knowledge Base Files Bundles %zenworks_home%\bin\*.kb Inventory Scan Enable Diagnostic Mode Collector Priority-> only Normal or Idle implemented -> %zenworks_home%\logs\colw32.log Usage Tracking HKLM\Software\Novell\ZCM\Usage: UMUserFullName(Reg_SZ)=0 -> Always lowercase user logon id UMDiagnostic (DWORD)=1 -> Debugging Scan Results -> %zenworks_home%\work\inventory\*.xml

Remote Management Timesync Mirror Driver JoinProxy connection Configuration through Remote Management policy -> zmd-messages.log & winvnc logs

Endpoint Security Management Security Policy Assignment / Effectiveness Location based Zone, Folder, Object Inheritance USB devices Folder encryption -> ZESM diag package

Full Disk Encryption Preboot Authentication & DMI settings Hardware (OPAL) vs. Software Encryption Emergency recovery -> FDE diag package

Q & A

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information