10.6 Reconciling Devices with existing Device Objects During Registration

ZENworks enables you to create a device object in the zone prior to actually registering the device with the zone. This feature allows you to pre configure all the variables and other configurations for a given device prior to booting the device.

You can create dummy device objects and register them in the Management Zone by importing their information from a comma-separated value (CSV) file. This creates managed workstation device objects in the database. Later, when the Primary Agent is deployed to these devices, the ZENworks Reconcile settings (hostname, serial number, and MAC address) are used to reconcile the new Primary Agent to the device object that has already been registered in the database. This helps you to avoid the possibility of duplicates in the database during the registration of the devices in the Management Zone.

Review the following sections:

10.6.1 Creating Dummy Device Objects

You can create dummy device objects that are added to the ZENworks database in one of the following ways:

Manually Creating a Dummy Device Object

  1. Ensure that you have created registration keys as explained in Creating a Registration Key.

  2. In ZENworks Control Center, click the Devices tab.

  3. In the Devices Tasks panel, click Add Device.

    The Add Device wizard is displayed.

  4. On the Device Attributes and Registration Key page, provide the following information used to identify and register the device in the ZENworks database:

    Registration Key: Select a registration key to use when registering the device. The key must already exist.

    Host Name: Specify a hostname for the device. For example: workstation1.

    The hostname appears as the first part of the DNS name (for example, workstation1.company.com. Because of DNS limitations, the maximum number of characters that can be used in the hostname is 63.

    Serial Number: Specify the device serial number if you want to later reconcile a managed device with this dummy device object based on the serial number.

    MAC Address: Specify the device MAC address if you want to later reconcile a managed device with this dummy device object based on the serial number. MAC address is a 12-digit alphanumeric string in which you can use a hyphen (-) or a colon (:) as separator. You can specify the MAC address in one of the following formats.

    • xxxxxxxxxx

    • xx-xx-xx-xx-xx

    • xx:xx:xx:xx:xx

  5. Review the information and, if necessary, use the Back button to make changes to the information. Click Finish to add the device.

A workstation device object with the hostname that you specified in Step 4 is created in the ZENworks database and is registered in the Management Zone. To view the device object in ZENworks Control Center, click Devices > Managed > the Workstations folder.

Creating Dummy Device Objects by Using a CSV File

  1. Using a text editor, create a CSV file with the following fields as an entry for each device objects:

    • WS_1.0. This is the first field that must be specified for each entry. You must not change it.

    • hostname

    • serial number

    • MAC address

    Use the following format to list the devices in the file:

    WS_1.0, hostname of the device being registered or imported, serial number, MAC address

    The value for hostname is mandatory, and the values for serial number and MAC address are optional.

    A sample CSV file is as follows:

    WS_1.0,img-linux1,121456125622,000C298062A8
    WS_1.0,img-linux2,121456125623,000C29935FF8
  2. Log into ZENworks Control Center.

  3. Click the Devices tab.

  4. In the Device Tasks panel, click Import Managed Devices.

    The Import Devices dialog box is displayed.

  5. Specify or click to browse for and select a key to use when registering the device. The key must already exist.

    To create a registration key in ZENworks Control Center, see Creating Registration Keys and Rules.

  6. In the File Path option, browse for and select the CSV file that you created in Step 1.

  7. Click OK.

    The device entries listed in the CSV file are created as workstation device objects in the database and are registered in the Management Zone. To view the device objects in ZENworks Control Center, click Devices > Managed > the Workstations folder.

10.6.2 Reconciling the Devices

You can reconcile a new device that is being registered to an existing device object with its own bundles and policies. Reconciliation occurs only if the GUID of the new device that is getting registered does not match the GUID of the existing device object. Reconciliation does not occur with every refresh or registration call.

Device Reconciliation Settings

  1. In ZENworks Control Center, click the Configuration tab.

  2. In the Management Zone Settings panel, click Device Management, then click Registration to display the Registration page.

  3. Indicate the device attributes that are used in reconciliation.

    You can choose to reconcile the new devices with the existing device objects by using one or more of the following attributes:

    • Serial Number

    • MAC Address

    • Machine Name (hostname)

    1. Enable Differentiation:

      • If differentiation is enabled, it uses AND logic, meaning that all the selected attributes must match for a device to reconcile.

      • If differentiation is disabled, it uses OR logic, meaning that any one of the selected attributes must match for a device to reconcile.

      Differentiation disabled: If multiple device objects with matching attributes (such as Mac address or hostname) are found, the device object with the matching serial number gets the first preference, even if none of the attributes are selected.

  4. Click Apply.

By default, Serial Number and MAC Address are selected with differentiation enabled.

NOTE:For accurate reconciliation, we recommend that you select at least two attributes with differentiation enabled.

Sample Illustrations - Enable Differentiation and Reconciliation

Scenario 1

Serial Number and MAC Address are selected with differentiation enabled: For a device to reconcile to the existing device object, the Serial Number and MAC address of the existing device must match the Serial Number and MAC address of the new device.

Scenario 2

MAC Address and Machine Name selected with differentiation disabled: For a device to reconcile to the existing device object, the MAC Address or the Machine name of the existing device must match the MAC address or Machine name of the new device

Scenario 3

Serial Number and MAC Address selected with differentiation enabled and with device having multiple MAC addresses: The existing device object has multiple MAC addresses and the new device has multiple MAC addresses, which includes two new and one old. In this case, the new device object will still reconcile to the existing device object if any one of the MAC addresses and the Serial Number match the existing object.

Scenario 4

The new device and the existing device object have the same GUID but different passwords: Devices getting registered with new passwords, but with same device GUID was less secure option where password of any device can be updated. In order to provide security, by default, the password update of a device with same device GUID is not allowed. If this setting is set to false, by default, then a -34 is sent back to the device, when a registration request is received with incorrect credentials. If the device registration is failed due to this reason, it can be fixed by running the zac reg -r command where administrator credentials are required.

The default settings are as follows:

  • authreconcile disableAuthfailure = false [true: in case if above behavior is not desired]

  • enableReconcileignore = true [false: in case if configured reconcile settings are to be considered]

  • disableClientID = true [false: in case if device GUID needs to be considered for reconciliation]

  • createNewDevice = true [false: not to create new device object in case of reconciliation failure]

Devices getting registered with new passwords but with the same GUID is less secure. The option where the password of any device can be updated. To provide security, by default, the password update of a device with the same GUID is not allowed. This can be achieved by setting the disableAuthFailure flag to false.

In some scenarios, administrator credentials are required to update the password using the zac reg -r command.

NOTE:The authreconcile.xml file and it's settings that could be customized are considered only when there is a device which has the same GUID as the existing device object but with a different password.

The following table shows how different settings can help or fail device reconciliation:

 

Serial number(SN)

Mac Address

Hostname

Expected

Differentiation Enabled

Success: The attributes of the new device must match all attributes of the existing object for successful reconciliation.

Failure: If there is no match with even a single attribute, reconciliation fails and a new device object is created.

The reconciliation settings are not set and thus, a new device object is created for every new device.

Success: The Serial Number, as well as MAC address of the new device, must match the Serial Number and MAC address of the existing device object.

Failure: If only one of the two attributes match, then reconciliation of the new device with the existing object fails.

Success: The Serial Number, as well as the Hostname of the new device, must match the Serial Number and Hostname of the existing device object.

Failure: If only one of these two attributes match, then reconciliation of the new device with the existing object fails.

Success: The MAC address, as well as Hostname of the new device, must match the MAC address and Hostname of the existing device object.

Failure: If only one of these two attributes match, then reconciliation of the new device with the existing object fails.

Success: The Serial Number of the new device must match the Serial Number of the existing device object.

Failure: If the Serial Number doesn’t match, then reconciliation of the new device with the existing object fails.

 

Serial number(SN)

Mac Address

Hostname

Expected

Differentiation Enabled

Success: The MAC address of the new device must match the MAC address of the existing device object.

Failure: If the MAC address doesn’t match, then reconciliation with the existing object fails.

Success: The Hostname of the new device must match the Hostname of the existing device object.

Failure: If the Hostname doesn’t match, then reconciliation of the new device with the existing object fails.

(multiple≥2)

Success: If a device consists of multiple MAC addresses, all of them are queried and stored with the reconciliation request. Any one of the multiple MAC addresses and the Hostname of the existing device must match with any one of the MAC addresses and the Hostname of the new device for successful reconciliation.

Failure: If none of the MAC addresses match, reconciliation fails.

(same≥2)

Success: If two or more devices have the same MAC addresses, then devices are distinguished by the Serial Number, and the device with the matching Serial Number is reconciled with the existing object.

(same≥2)

If two or more devices have the same Hostname, then the devices are distinguished by the Serial Number. The new device with the matching Serial Number is reconciled with the existing object.

 

Serial number(SN)

Mac Address

Hostname

Expected

Differentiation Disabled

Success: New device attributes must match with either the attributes of the existing object for successful reconciliation.

Failure: If none of the attributes match, reconciliation fails and a new device object is created.

If the settings for device reconciliation are not set, then a new device object is created for every new device.

NOTE:If multiple device objects with matching attributes (such as MAC address or hostname) are found, the device object with the matching serial number gets the first preference, even if none of the attributes are selected.

Success: Either the Serial Number or the MAC address of the new device must match the Serial Number or the MAC address of the existing device object.

Failure: If neither of these two attributes match, then reconciliation of the new device with the existing object fails.

Success: Either the Serial Number or the Hostname of the new device must match the Serial Number or the Hostname of the existing device object.

Failure: If neither of these two match, then reconciliation of the new device with the existing object fails.

Differentiation Disabled

Success: Either the MAC address or the Hostname of the new device must match the MAC address or the Hostname of the existing device object.

Failure: If neither of these two match, then reconciliation of the new device with the existing object fails.

Success: The Serial Number of the new device must match the Serial Number of the existing device object.

Failure: If the Serial Number of the new device doesn’t match, then reconciliation of the new device with the existing object fails.

Success: The MAC address of the new device must match the MAC address of the existing device object.

Failure: If the MAC address of the new device doesn’t match, then reconciliation of the new device with the existing object fails.

Success: The Hostname of the new device must match the Hostname of the existing device object.

Failure: If the Hostname of the new device doesn’t match, then reconciliation of the new device with the existing object fails.

IMPORTANT: For better management of VDI devices in the management zone use registration keys or rules, since reconciliation settings are included as part of Registration Keys and Rules from ZENworks 11 SP4 release onwards.

In VDI environment, if you are using Citrix XenDesktop 7.x or VMware view 5.2 (the recompose of Desktop pools) onwards, you must set the reconcile settings to Machine Name with Enable Differentiation.

Undoing /Resetting Device Reconciliation Settings

The changes in reconciliation settings will not reset or un-reconcile the device, because reconciliation is triggered only when a new device GUID is found.

To undo device reconciliation, do the following on the device after selecting the appropriate settings in ZENworks Control Center:

  1. Unregister the device by using the zac unr command.

  2. Clear the Workstation GUID by using the zac fsg –d command.

  3. Run the following commands:

    1. On Windows: Open the command prompt as an administrator, go to %ZENworks_Home%\bin\preboot folder, then run the ZISWIN.exe -w command to clear Image-safe Data.

    2. On Linux: Run the commands export LD_LIBRARY_PATH=/opt/novell/zenworks/preboot/lib:${LD_LIBRARY_PATH} and /opt/novell/zenworks/preboot/bin/novell-zislnxd clearISD.

  4. Clear the cache by using the zac cc command.

  5. Register the agent zac reg <server url>.

10.6.3 Importing Managed Devices

You can use the Import Devices dialog box to register one or more devices in the Management Zone by importing the information from a comma-separated value (CSV) file. Before importing the managed device, ensure that the registry keys have been created. Also ensure that there are limited and unlimited usage registration keys. You are allowed to execute the Import Managed Devices action regardless of whether you have registration rights or not, if you select an unlimited usage registration key.

  1. In ZENworks Control Center, click the Devices tab.

  2. In the Device Tasks panel, click Import Managed Devices to display the Import Devices dialog box.

  3. Click to browse for and select a key in the Registration Key dialog box.

    The key must already exist. For more information on creating registration keys, see Section 9.2.1, “Creating a Registration Key,” on page 66.

  4. Click OK.

  5. In the File Path option, browse for and select the CSV file that you created earlier. For more information see Creating Dummy Device Objects by Using a CSV File.

  6. Click OK.

Choose an unlimited usage registration key to execute Import Managed Devices action, even when you do not have registration rights.

If you choose a limited registration key and if you do not have registration rights, the following error message is displayed:

Unable to proceed as you do not have sufficient rights on /~keys~. Contact your ZENworks Administrator.