You need to be aware of or take actions on the applicable requirements below if you are migrating Patch Management:
Your current subscription key will continue to work after the migration if you downloaded it from the Micro Focus Software and Downloads portal.
If you are not using a subscription key from the portal and instead are using one that was issued prior to the launch of the SLD portal in March 2021, that key will not work. This should only apply to multi-year subscriptions purchased before March 2021.
Why? When we moved to SLD for licensing, we continued to support the pre-SLD license keys to ensure continuity of service. We are now 18 months past the move to SLD so the Advanced Patch Platform will only support keys from SLD.
REQUIRED: All Primary Servers and Satellites must be at least ZENworks 2020 Update 3 or ZENworks 23.3.
RECOMMENDED: Upgrade managed devices to the ZENworks 2020 Update 3 or ZENworks 23.3 Agent before migrating.
OPTIONAL: You can continue to use older ZENworks 2020 and 2017 Agents on managed devices if the device . . .
. . . has Microsoft .NET Framework 4.8 or newer installed.
The new Patch Agent will fail if .NET 4.8 or newer is not present. Not all Windows operating system versions support .NET 4.8. For reference, see Microsoft’s .NET Framework system requirements article: .NET Framework system requirements
Before using an older ZENworks agent, you should also be aware that because of changes in the Advanced Patch Platform, the following limitations apply to the older agents:
The reboot prompt for patch deployments does not display on devices.
In ZENworks Control Center on the device Patches page, the “Installed by” field will always show “Other”, even when installed by ZENworks.
. . . is an operating system that is supported for patching by ZENworks 2020 Update 3.
See the Supported Patch Content document: ZENworks Patch Management - Content Report
Specific details are included below:
The Patch Server must be able to contact the Micro Focus licensing service to verify the Patch subscription license.
An Ondemand Content Master is a Primary Server that can request patch content from an external site. You can assign one or more Primary Servers as Ondemand Content Masters depending on the size and configuration of your ZENworks zone. Each of these Ondemand Content Masters must be able to access the external sites from which patch content is downloaded. See the diagram below for more detail:
You can configure both the Patch Server and the Ondemand Content Masters to use a proxy server for external access:
Patch Server: Uses the System Update proxy server setting (ZCC > Configuration > Infrastructure Management > System Update Settings)
On the Primary Server on which the Ondemant Content Master is configured to run, navigate to the lpm-server.properties file.
The lpm-server.properties is available in the following location:
Linux: /etc/opt/microfocus/zenworks/
Windows: %ZENSERVER_HOME%\conf
An example of the content within the lpm-server.properties file is displayed below:
Debug=false
TTL=24
subscription-proxyaddress=
subscription-proxyport=
subscription-proxyuser=
subscription-proxypassword=
subscription-useNTLM=false
Modify and save the file with the following subscription proxy details:
Set the value of subscription-proxyaddress to the IP address of the proxy server.
Set the value of subscription-proxyport to the port number of the proxy server.
(Conditional) If the proxy is authentication-based, set the value of subscriptionproxyuser to the name of the proxy user.
(Conditional) If the proxy is authentication-based, set the value of subscriptionproxypassword to the password associated with the proxy user name.
It is recommended to use the zman srpp command to specify an obfuscated password instead of specifying the raw password.
(Conditional) If the proxy server uses an NTLM realm, set the value of subscriptionuseNTLM to true. By default, the value is false.
Restart the ZENworks services.
Enable firewall access to patch vendor URLs provided in this downloadable spreadsheet: https://www.microfocus.com/documentation/zenworks-resources/ZPM_URLs.xlsx
For information, see Enabling Firewall Access to Patch Vendor URLs.
You must remove links from bundles outside the ZPM folder to patch bundles inside the ZPM folder. See the details below:
The Migration wizard cannot remove patch bundles in the ZPM folder if they are referenced by bundles outside the ZPM folder.
This scenario only exists if you or another ZENworks administrator have created the scenario; ZENworks never does this by itself.
You can either delete a referencing bundle or edit it to remove the link to the bundle inside the ZPM folder.
If you do not know if you have this scenario, run the Migration wizard. It will detect the situation and list the referencing bundles.
Take the following applicable steps immediately before starting the Patch migration:
Back up the ZENworks database. The closer you do this to migration the fresher the data will be if you need to restore it for some reason.
Make sure that all Primary Servers in the zone are up and all ZENworks services are running.
If you are using ZENworks Reporting, stop any reports from being generated during the migration.
If you have any third-party processes that access Patch data in the ZENworks or Vertica databases, stop those processes.
If you are using the CVE subscription, disable it so that it is not running during the migration.
The Airgap solution is not currently supported with the new Patch Management implementation. If you need to continue to use the Airgap solution, do not migrate your Airgap zones until support becomes available.
If you want to discontinue using Airgap in a zone that you want to migrate, remove the Airgap system variables in ZENworks Control Center by navigating to Configuration > Management Zone Settings > Device Management > System Variables before you run the migration.