The Patch Server Configuration settings define the server for patch-related maintenance tasks as well as the default server for an Ondemand Content Master. To access these settings, navigate to Security > Getting Started > Mitigating Vulnerabilities, and click Select Patch Server in the Enable Patch Management section. You can also access the settings under Security in the Management Zone Settings.
One Primary Server needs to be designated as the Patch Server to perform Patch-related maintenance tasks for your zone. This server also functions as an Ondemand Content Master (OCM) by default. The OCM fetches patches from the ZENworks and vendor patch repositories when they are needed by devices. If you designate one or more additional Primary servers as OCMs in the zone, the OCM designation can be removed from the server selected in this configuration as the Patch Server. You can make that change via the Server Hierarchy configuration.
Any Primary servers designated as OCMs need to meet the Ondemand Content Master requirements. For more information, see
The Patch Server performs maintenance once a day, which includes rebuilding the patch scan files (DAU bundles), disabling outdated patches, and generating an email notification.
You can define the time that scheduled maintenance occurs and run a manual maintenance task at will.
This option enables you to set all Patch Management settings, including deployments and patch policies, back to the default state. All patch-related configuration settings, policies, deployments, and data will be removed from the database. The patch content stored on the Content Server will be cleaned up based on the Ondemand Content clean-up schedule for each server.
When you initiate the Patch Management Reset, the following actions will be performed:
Patch Management Settings clean-up
Database clean-up
Patch Bundle clean-up
Patch Policy clean-up
Patch Settings clean-up
If the Patch license is currently in the evaluation mode or all licenses have expired, then the evaluation period will be reset so that you can evaluate ZPM again. The current valid licenses will remain unchanged.
Patch services will be stopped on all the servers.
Before resetting the Patch Management:
Ensure that the CVE subscription, Bundle or Device deletion is not in progress.
Ensure that the Patch Maintenance is not in progress.
The Ondemand Content Master requires an Internet connection to communicate with and download content from external sites.
Configuring a proxy: If the OCM requires a proxy to access the service, the OCM server’s Subscription proxy configuration file is used.
If you have configured your network to use a proxy server, you must configure the proxy server subscriptions.
On the Primary Server on which the Ondemant Content Master is configured to run, navigate to the lpm-server.properties file.
Linux: /etc/opt/microfocus/zenworks/
An example of the content within the lpm-server.properties file is displayed below:
Debug=false
TTL=24
subscription-proxyaddress=
subscription-proxyport=
subscription-proxyuser=
subscription-proxypassword=
subscription-useNTLM=false
Modify and save the file with the following subscription proxy details:
Set the value of subscription-proxyaddress to the IP address of the proxy server.
Set the value of subscription-proxyport to the port number of the proxy server.
(Conditional) If the proxy is authentication-based, set the value of subscriptionproxyuser to the name of the proxy user.
(Conditional) If the proxy is authentication-based, set the value of subscriptionproxypassword to the password associated with the proxy user name.
It is recommended to use the zman srpp command to specify an obfuscated password instead of specifying the raw password.
(Conditional) If the proxy server uses an NTLM realm, set the value of subscriptionuseNTLM to true. By default, the value is false.
Restart the ZENworks services.
Accessing the CDN: The following URL must be open to access the CDN: https://microfocus-2dcb60a8-26c9-4560-9cc2-34a16ea5f6e6.2d7dd.cdn.bitdefender.net