Zenworks patch deployment without Client

Similar Messages

• Patch deployment on second Primary SCCM 2007 site

  Dears,
  I have the following design on my SCCM infrastructure.
  1 Primary Site (Parent Site code H01)  - Located at HQ
  1 Primary Site (Site code D01) - Located at DR and reporting to HQ primary Parent site
  - clients located in DR location has the agent installed with site code ("D01")
  -clients located in HQ has the agent installed with site code "HQ1")
  My questions are:
  I have create a deployment management in HQ site and install patches to all clients belong to HQ with site code H01 without any problem.
  For clients belong to "D01" I want them to get the patches from D01 primary sccm server located in DR.
  Should I create another deployment management in DR sccm server separately or I can use the existing SCCM deployment management created in HQ1?
  Any suggestions are much highly appreciated.
  Many thanks guyz..
  MC

  Yes, they will appear locked at that site. You can't edit them. If I recall correctly though you can deploy them. I always perform all administration at the top site in the hierarchy though.
  Are you truly trying to use a child primary as a in a DR scenario? If so that's not a great idea.
  John Marcum | http://myitforum.com/myitforumwp/author/johnmarcum/

• Patch deployment with status "Enforcement state unknown"

  Hi All
  I am pretty new to the patch deployment.
  I generated a report and see there is Last State column with "Enforcement state unknown", not sure if it means failed for those hostnames or will be retried for the installation.
  Kindly clarify.
  Regards
  Ramesh
  Regards Ram

  They will only start to install updates automatically when there is an active update deployment with a scheduled deadline that has past. See for a lot more information:
  http://technet.microsoft.com/en-us/library/gg682168.aspx#BKMK_SUMCompliance
  Also, when Days since last communication is more than 0, that's usually an indication that the client is not communicating any more. That can be caused by a lot of things including something simple as that the device is turned of, or not
  connected with the network.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Cisco ISE (1.3) Posture without Client Provisioning

  Hello readers,
  Is it possible to set up Cisco ISE with posture without Client Provisioning?
  My customer deploys the NAC Agent via MS SCCM. We prefer a access accept + DACL during the pending state instead of redirecting to client provisioning. But the NAC Agent will only communicate when we redirect to client provisioning.
  Regards,
  Dennis

  With ISE you can perform 802.1x first and after that optionally you can perform posture. This is done with Radius, that's why it's really and completely out of band, and there's no such concept of trusted or untrusted port because the traffic is never inline.
  Still, with ISE you have another option of "inline Posture", in which there's trusted and untrusted ports. I guess that's for some specific cases in which you can't go out-of-band.
  On the other hand, so called "out-of-band" NAC was really always an inline solution, only after the user has authenticated and security policies have been verified then the user goes "out-of-band".

• Running without client

  Hello,
  is it possible to create ebj application that start some classes after succesful deploy to the j2ee server without client interaction?
  Regards
  Marian

  You can also specify servlets to run on load (can't remember the descriptor tag at the moment), which means they'll fire off when fully loaded by the servlet container. (That also explains why you generally see app servers loading EAR files and getting the EJBs up first - that and the ClassLoader architecture.)

• Zenworks patch management and databases

  Are there any known issues of Zenworks patch management deployment and corruption of Zenworks database? What would be best practices of Patch Managment and the Zenworks database?

  Originally Posted by craig_wilson
  Keep the Data Retention for Dashboard data low.
  (No more than 30-60 days.)
  Otherwise this table can grow very large and cause issues.
  I believe 11.3 will have some redesign that will reduce the overhead
  with that table and perhaps allow for longer retentions.
  On 8/22/2013 10:46 AM, sflegnc wrote:
  >
  > Are there any known issues of Zenworks patch management deployment and
  > corruption of Zenworks database? What would be best practices of Patch
  > Managment and the Zenworks database?
  >
  >
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Knowledge Partner
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.
  And if you have say, 4,000 devices or more, I'd suggest even setting it down to 1 day or 7 days at the max. And set it WHEN you setup ZCM, not afterwards, because the database purge/changing isn't optimized properly (at least for Oracle).
  Even with 7 days for us, it takes forever to delete a workstation/device along with a slew of other things. But Novell is aware of these things, and hopefully 11.3 will address most of the speed/performance issues.

• HTTPs without client authentication, error while posting through Altova

  Hi Experts
  I am doing a SOAP- XI-Proxy synchronous scenario where i have to use HTTPs without client authentication for the first time in my system.
  I have made the scenario and WSDL out of it.
  When i am trying to test it through Altova, i am getting the following error:
  <?xml version="1.0"?>
  <!-- see the documentation -->
  <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
      <SOAP:Body>
          <SOAP:Fault>
              <faultcode>SOAP:Server</faultcode>
              <faultstring>Server Error</faultstring>
              <detail>
                  <s:SystemError xmlns:s="http://sap.com/xi/WebService/xi2.0">
                      <context>XIAdapter</context>
                      <code>ADAPTER.JAVA_EXCEPTION</code>
                      <text><![CDATA[
  java.security.AccessControlException: https scheme required
      at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:918)
      at com.sap.aii.af.mp.module.ModuleLocalLocalObjectImpl0_3.process(ModuleLocalLocalObjectImpl0_3.java:103)
      at com.sap.aii.af.mp.ejb.ModuleProcessorBean.process(ModuleProcessorBean.java:296)
      at com.sap.aii.af.mp.processor.ModuleProcessorLocalLocalObjectImpl0_0.process(ModuleProcessorLocalLocalObjectImpl0_0.java:103)
      at com.sap.aii.af.mp.soap.web.MessageServlet.callModuleProcessor(MessageServlet.java:187)
      at com.sap.aii.af.mp.soap.web.MessageServlet.doPost(MessageServlet.java:496)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
      at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
      at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
      at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
      at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
      at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1060)
      at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
      at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
      at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
      at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
      at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
      at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
      at java.security.AccessController.doPrivileged(Native Method)
      at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
      at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
            ]]></text>
                  </s:SystemError>
              </detail>
          </SOAP:Fault>
      </SOAP:Body>
  </SOAP:Envelope>
  i saw a few discussion on web but nowhere the solution was provided.
  the url is
  http://abc.sap.point:1234/XISOAPAdapter/MessageServlet?channel=:system:communicationchannel&amp;version=3.0&amp;Sender.Service=x&amp;Interface=x%5Ex
  i changed it to https also but in that case it was not even posting the request.
  i have set the sender adapter like this
  is there any setting that i am missing.
  What is the setting the i need to do in SM59.
  Please help me getting through this.
  Your help is highly appreciated. Thanks in advance.
  Neha

  HI Neha,
  1. Enable the https service in the ICM: you can follow the way to do it like is pointed out in the page 4 of this document (PI 7.1 and PI 7.0 has the same smicm abap transaction) http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/60ff2883-70c5-2c10-f090-a744def2ba66?overridelayout=t…
  2. Generate the certificate. Use the STRUST transaction. Chech this document SSL Configuration in SAP ABAP AS and JAVA AS – Step-by-step procedure
  Hope this helps.
  Regards.

• HTTPS Without client authentication shows error of Certificate

  Hi Experts,
  I am trying to develop a SOAP to RFC scenario where in SOAP sender HTTP security level - HTTPS Without Client Authentication is selected.
  I have downloaded WSDL from Sender agreement and trying to test web service from SOAPUI.  Now as per my understanding simply placing request to HTTPS:<host>:<port>:XISOAPAdapter/....   with correct user should work and this scenario shouldn't need any certificates.
  However in SOAPUI and even in RWB SOAP Sender, I am receiving error that - Client Certificate required.
  Any comments on why would it be happening ?    In fact whatever option in HTTP Security level I select, error remains same. In NWA is there any other configuration to be done to make this work ?
  Is below understanding right ?
  -- >> HTTPS Without client authentication will not need certificate exchange and simply user authentication will do
  Thanks..
  regards,
  Omkar.

  Hello Omkar,
  What you are trying to do is Consume a SOAP->RFC scenario (synchronous) from SOAP UI and you want that to be secure. With this requirement, just having the certificates alone is not sufficient (sorry for late response..i just came across this post when i was searching something else )
  1)How did you generate the certificate and the private key? Because Key Generation plays a Big Part in it. The Key should have been signed by a CA. Though its not signed by a CA, a trick which would work is, at the time of Key generation, provide the Organization Name as SAP Trust Community and Country as DE.
  2) At the time of Key Generation definitely it shall ask for a password. You remember that.
  3) Export the Private Key as PCKS12 format and the certificate as Base64 format and have it in your local system, (shall be used later in SOAP UI and NWA)
  Here follows the major part
  4) Open NWA and go to Configuration Management->Authentication
  5) Go to Properties Taband click Modify
  6)  Under Logon Application select the check box "Enable Showing Certificate Logon URL Link on Logon Page" and save it.
  7) Now go to the Components Tab.
  8) Search for client_cert Policy Configuration name and Edit it it. Make sure the following Login Modules are maintained in the same Order
  ==> Name: com.sap.engine.services.security.server.jaas.ClientCertLoginModule
         Flag : Sufficient
  ==> Name: BasicPasswordLoginModule
         Flag: Optional
  9) Now Select the name com.sap.engine.services.security.server.jaas.ClientCertLoginModule and you can see lots of entries under the Login Module Options. Remove them all and add anew entry (case sensitive). Save it.
  ==>Name: Rule1.getUserFrom
         value : wholeCert
  10) Now search for the Policy Configuration name sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter
  and edit it.
  11) Under the Authentication stack select the template client_cert against the used template label. and save it
  12)If you are using AXIS Adapter, do the steps 11 for the Policy Configuration name sap.com/com.sap.aii.axis.app*XIAxisAdapter.
  13) Now in NWA navigate to Operation management->Identity Management
  14) Search for the user PIISUSER (or any user id which you thing has good amount of authorizations to access the service)
  15)Click Modify and go to the TAB Certificates and upload the certificate (not the private key) which you downloaded in step 3.
  16) With this setup what you have done is you have created proper certificate, enabled certificate based logon for SOAP and AXIS adapter and associated the certificate with a user id.
  17) usually in Dual stack PI, we will have the same certificate added to the server pse in strustsso2 tcode. But since its single stack, just make sure in the cert and keys you add this certificate to teh Trusted CAs and also to the Server Keystore.
  18) Now in SOAP UI Right Click on the Project Name->Select Show Project View->Under the WS Security Configurations->Go to Keystore and certificates and add the Private Key
  19) In SOAP UI under the operation name, in the Request, in stead of providing user credentials, choose the private key name against the SSL Keystore entry.
  20) Before you execute the scenario  make sure you have chosen the HTTPS url and https port is proper. Usually its 443, but some customers configure their own port.
  Scenario should work now. Else if you track it using XPI Inspector, you can find out easily at which step it has gone wrong.
  Good Luck!!
  Best Regards,
  Sundar

• HTTPS without client authentication

  Hi Friends,
  In SOAP adapter, we have three options for HTTP
  HTTP without SSL
  HTTP with SSL (= HTTPS) without client authentication
  HTTP with SSL (= HTTPS) with client authentication
  Please let me know if I use  "HTTP with SSL (= HTTPS) without client authentication" ,  is it Transport Layer Sceurity of Message level Security?
  Please answer only if you are confident. No guess please!!!
  Thanks,
  Sandeep Maurya

  Hi,
  Please let me know if I use  "HTTP with SSL (= HTTPS) without client authentication" ,  is it Transport Layer Sceurity or Message level Security?
  HTTPS is used to encrypt the traffic between the client and the Web server. SSL encrypt the segments of network connections at the Transport Layer end-to-end.
  Don't get confused with the Client Authentication (with / without), as SSL is already being used in both the forms and the network is secured.
  Regards,
  Neetesh

• Patching on oracle client

  I have a question about oracle patching e.g. 10.2.0.1 to 10.2.0.4
  We do patching of 10.2.0.4 for 10.2.0.1 on oracle server.
  Just wanted to know do we also perform patching on oracle client also?
  If yes then what is the advantage/purpose to do that?
  Thanks,

  CKPT wrote:
  Satish Kandi wrote:
  790066 wrote:
  Sir, i am confused with both your contradictory answers.... :)
  As per 1 reply we do patching for enhancements but i gues those will be helpful/useful at server side at the database level....
  how it wil useful for client side?This will help in preventing the issues which are result of client-side software code. F. ex. I can recall daylight savings time fix in 9.2.0.x (don't remember the exact patch number now, but I think it was 8) which included patching both client and server software.OP question is on We do patching of 10.2.0.4 for 10.2.0.1 on oracle server
  My answer included an "example". It has nothing to do with the versions that OP has mentioned.

• Determine Patch Level without opatch

  Does anyone know of a way to query the oracle inventory xml file to determine the oracle patch level without using opatch?
  I have a number of servers to check and not all of them have perl installed.
  Also which xml file does opatch use?
  the command 'opatch lsinventory -detail' gives one entry for the installed patches whereas 'opatch lsinventory' lists all the inventory.
  There must be someway to grep one of the xml files to obtain the installed patches?
  Which file and where in the xml file is it?
  Cheers,
  Jas

  In $ORACLE_HOME/inventory/ContentsXML/comps.xml, all the information related to oneoffs installed is kept. Infact OPatch reads this infor and reports during lsinventory.
  But it is recommended to handle this file very carefully, if this file is damaged, then its almost that your home is gone, coz....no update can be done without proper inventory.

• Deploy upk client with sccm

  hello guys!
  i need help
  how to deploy upk client 11.1.0.1 with sccm?
  thanks

  If you want to deploy lync by SCCM, you may utilize config.xml to do that. All the things you want to configure, you may find it can be achieved in config.xml
   Run the install by using the following command line:
  <path>\setup.exe /config <path>\config.xml
  http://technet.microsoft.com/en-us/library/jj204651.aspx
  How to deploy application by SCCM.
  http://technet.microsoft.com/en-us/library/gg682082.aspx
  Juke Chou
  TechNet Community Support

• Deploying SCCM Client through Group Policy

  Hi
   I want to deploy SCCM Clients to PCs using Group policy - I know that i  need the
  MSI file which is  included in the SCCM setup DVD but i dont have a fast internet to download the whole package as i just need  (CCMSETUP AND ADM Template) 
  Could someone please share a link where i can download these files? 
  Thanks Guys,...

  Just to help you, you can use this link to install or deploy configuration manager 2012 R2 clients to systems via group policy
  http://prajwaldesai.com/deploying-configuration-manager-2012-r2-clients-using-group-policy/
  Prajwal Desai, http://prajwaldesai.com

• Patch deployment and enabled modules

  Hello
  I have a 12.1.3 environment with no modules enabled as part of the base installation.
  So what I mean is when I installed 12.1.1 , I did not enable any module components.
  My aim is to enable them later based on our current licensing.
  Now my question is that if I apply module specific patches on top of this environment, does it apply it correctly or will it ignore applying changes since the underlying module has not been enabled yet.
  The patch deployment does go thru successfully.
  At this stage I am wondering if I should apply the patches first or enable the necessary modules first.
  Let me know.
  AU

  The patch deployment does go thru successfully.
  At this stage I am wondering if I should apply the patches first or enable the necessary modules first.Your products/modules should be licensed and installed (or shared) before patching them.
  How to check if certain Oracle Applications product/module is implemented? [ID 443699.1]
  Patching Shared Oracle E-Business Suite Products [ID 1069099.1]
  How To Determine What Products Are Installed in Applications 11i [ID 146139.1]
  How to License Products in R12 ? [ID 1133413.1]
  Thanks,
  Hussein

• BCC Deployment without name, project id

  Hi,
  What is a BCC deployment without name and project id?
  It has only deployment id in it and it hangs indefinitely.
  How it can start in BCC production?
  Can it cause catalogue sku deletion?
  Thanks,

  Hi,
  What is a BCC deployment without name and project id?
  It has only deployment id in it and it hangs indefinitely.
  How it can start in BCC production?
  Can it cause catalogue sku deletion?
  Thanks,