Disaster Recovery
131
n
ov
do
cx (e
n)
16
Ap
ril 20
10
6
(Conditional) If a Satellite in the Management zone has the Authentication role configured,
perform the following tasks:
6a
Remove the Authentication role from the device.
For more information on how to remove the Authentication role from the device, see
Section 7.3, “Removing the Roles from a Satellite,” on page 88
.
6b
Configure the Satellite with the new external certificates by entering the following
command at the Satellite's prompt:
zac import-authentication-cert(iac)[-pk <private-key.der>] [-c
<signed-servercertificate.der>] [-ca <signing-authority-public-
certificate.der>] [-ks<keystore.jks>] [-ksp <keystore-pass-phrase>] [-
a <signed-cert-alias>] [-ks<signed-cert-passphrase>] [-u username] [-p
password]
For more information about zac, view the zac man page (
man zac
) on the device or see
“
zac(1)
” in the
ZENworks 10 Configuration Management Command Line Utilities
Reference
.
6c
Add the Authentication role to the device.
For more information on how to add the Authentication role to a device, see
Section 7.2.1,
“Authentication Role,” on page 83
.
6d
(Conditional) If the Satellite has only the Authentication role configured, and if the device
had been included in the Closest Server rule, reconfigure the Closest Server rule to include
the Satellite.
1. In the default Closest Server rule, ensure that device has been correctly placed in the
Authentication Servers list. If necessary, change the placement of the device in the
list.
2. (Optional) Manually add the device to any other non-default Closest Server rule.
For more information on working with Closest Server rules, see
Chapter 9, “Closest
Server Rules,” on page 99
.
Replacing the Existing Certificate with the New External Certificate on the Managed
Devices
Perform the following steps at the command prompt of each managed device registered to the
Primary Server whose certificate you changed:
1
Locally unregister all the managed devices by entering the following command at the managed
device’s prompt:
zac unr -f
For more information about zac, view the zac man page (
man zac
) on the device or see
“
zac(1)
” in the
ZENworks 10 Configuration Management Command Line Utilities Reference
.
2
Clear the cache and delete the contents of the
ZENworks_installation_directory
\Novell\ZENworks\cache\zmd
directory by
entering the following commands at each managed device’s prompt.
zac cc
delete
ZENworks_installation_directory
>\Novell\ZENworks\cache\zmd\ /s
3
Restart the ZENworks Adaptive Agent Service.
4
Run the following command to register the device in the Management Zone: