We are trying to establish access to ZCM primary server in DMZ through Access Manager reverse proxy.
I think, that there is problem with ZCM agent. It starts regstration, connects to server, bu then allways says "Could not determine device type from <OS> tag: unsupported".
It's definitely supported OS : Windows 10 22H2.
I set agent's logs to DEBUG. I think (correct me if I'm wrong) that agent connects to server, resolves it's IP (which is IP of Access manager serving multiple "hosts" by name) and then tries all of it's communication using IP in URL's. Thes communication can not be passed by AM further to ZCM server, beaciuse it does not know to whom to pass it - lacking hostname in URL.
Is there a way to persuade Agetn to use hostname in communication?
This is what I get (I changed real IP and gost name in this post.) :
NAM (Access Manager) public IP : 88.88.88.88
Our Zenworks DMZ server hostname, publicly resolvable to AM's IP 88.88.88.88 : mdm.server.si
Machine's ZEN agent is istalled with custom package that has only hostname mdm.server.si as primary server (no IP's). There are also no unresolvable IP's in server's configuration.
---------------
Zen-agent cheks certificate and finds no errors (it's certificate for *.server.si on access manager)
[TRACE] [12/13/2024 10:50:38.812] [2740] [ZenworksWindowsService] [100] [] [RegistrationModule-CertValidation] [] [Certificate Details: Subject: CN=*.server.si
...
[TRACE] [12/13/2024 10:50:38.812] [2740] [ZenworksWindowsService] [100] [] [RegistrationModule-CertValidation] [] [SslPolicyErrors.None] [] [] [] [ZENworks Agent]
Tries registration URL (we see that communication on mdm resource on NAM and on MDM server)
[DEBUG] [12/13/2024 10:50:38.890] [2740] [ZenworksWindowsService] [100] [] [RegistrationManager] [] [Registration ping successful at https://mdm.server.si/zenworks-registration/registration] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:38.906] [2740] [ZenworksWindowsService] [100] [] [CertManager] [] [Input list of host names : mdm.server.si, output List : mdm.server.si->88.88.88.88] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:38.906] [2740] [ZenworksWindowsService] [100] [] [ZenCache] [] [(Thread 100) PutObject(certManager.CertSubjectAltName::*.server.si, UserContext{_LocalId=none; _RemoteId=(Public)}) called] [] [] [] [ZENworks Agent]
Obviously resolves server name to IP and tries to connect to IP (and gets forbidden -403) because IP is the same, but holds more than one hostname (it is reverse proxy and does not knnow this traffic is intended to MDM)
[DEBUG] [12/13/2024 10:50:38.953] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [FindFirstContent()] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:38.953] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [Connection status of host: mdm.server.si is not known] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:38.953] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [FSR: called with following sources: ] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:38.953] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [https://mdm.server.si/zenworks-registration/v2/ostargets.xml] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:38.953] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [ST:GetInstance Creating new instance] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:38.953] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [ST:GetInstance Added the new instance with id 69 into _instanceList] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:38.953] [2740] [ZenworksWindowsService] [28] [] [ConnectMan] [] [ST:CTS id = 69 Checking https://mdm.server.si/zenworks-registration/v2/ostargets.xml] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:38.953] [2740] [ZenworksWindowsService] [28] [] [ConnectMan] [] [ST:CHS id = 69 Adding host: mdm.server.si, status: Unknown] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:38.953] [2740] [ZenworksWindowsService] [75] [] [ConnectMan] [] [ST:FFGS id = 69 Waiting on status of https://mdm.server.si/zenworks-registration/v2/ostargets.xml] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:38.953] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [ST:FSR id = 69 Waiting for the first good source to be found] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:38.953] [2740] [ZenworksWindowsService] [28] [] [ConnectMan] [] [ST:GIP id = 69 Resolving DNS for mdm.server.si] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:38.953] [2740] [ZenworksWindowsService] [28] [] [ConnectMan] [] [ST:CTS id = 69 Host: mdm.server.si, IP address: 88.88.88.88] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:38.953] [2740] [ZenworksWindowsService] [28] [] [ConnectMan] [] [ST:GIP id = 69 Adding IP address: 88.88.88.88] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:38.953] [2740] [ZenworksWindowsService] [28] [] [ConnectMan] [] [ST:CIPL id = 69 Adding IP Uri https://88.88.88.88/zenworks-registration/v2/ostargets.xml status: Unknown] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:38.953] [2740] [ZenworksWindowsService] [28] [] [ConnectMan] [] [ST:PIMS id = 69 Pinging location: https://88.88.88.88/zenworks-registration/v2/ostargets.xml] [] [] [] [ZENworks Agent]
DEBUG] [12/13/2024 10:50:38.984] [2740] [ZenworksWindowsService] [28] [] [ConnectMan-ping] [] [ Protocol error connecting to: https://88.88.88.88/zenworks-ping/ HTTP status: 403 - Forbidden] [] [] [] [ZENworks Agent]
In spite of getting 403 it marks 88.88.88.88 as good ? And trying to get ostargets.
[DEBUG] [12/13/2024 10:50:38.984] [2740] [ZenworksWindowsService] [28] [] [ConnectMan] [] [ Setting location name https://88.88.88.88/zenworks-registration/v2/ostargets.xml to status Good] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:38.DEBUG] [12/13/2024 10:50:38.984] [2740] [ZenworksWindowsService] [28] [] [ConnectMan-ping] [] [ping returned: True] [] [] [] [ZENworks Agent]
[DEBUG]984] [2740] [ZenworksWindowsService] [28] [] [ConnectMan] [] [ST:PIMS id = 69 Setting location https://88.88.88.88/zenworks-registration/v2/ostargets.xml, IP address 88.88.88.88, and host mdm.server.si to status: Good] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:38.984] [2740] [ZenworksWindowsService] [28] [] [ConnectMan] [] [ST:CTS id = 69 Done with checking: https://mdm.server.si/zenworks-registration/v2/ostargets.xml] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [75] [] [ConnectMan] [] [ST:FFGS id = 69 Found good source location https://88.88.88.88/zenworks-registration/v2/ostargets.xml] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [ST:FSR id = 69 first good source found] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [ST:FSR id = 69 Decremented _currentCallersCount to 0] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [ST:FSR id = 69 Returning https://88.88.88.88/zenworks-registration/v2/ostargets.xml] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [81] [] [ConnectMan] [] [ST:Cleanup id = 69 Waiting for all threads to finish] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [81] [] [ConnectMan] [] [ST:Cleanup id = 69 _currentCallersCount = 0] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [81] [] [ConnectMan] [] [ST:Cleanup id = 69 Removing this instance from _instanceList] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [FSR: ServerTracker returned https://88.88.88.88/zenworks-registration/v2/ostargets.xml] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [FSR returning null] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [Entered FindServerFromBusyList] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [Connection retry count from settings handler is: 21] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [FindServerFromBusyList() Found host: mdm.server.si, status: Good] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [ IP address 88.88.88.88 marked Good] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [GetGoodOrBusyIp() returning 88.88.88.88] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [Exited FindServerFromBusyList with server https://88.88.88.88/zenworks-registration/v2/ostargets.xml] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [FindFirstContent()] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [Connection status of host: 88.88.88.88 is not known] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [FSR: called with following sources: ] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [https://88.88.88.88/zenworks-registration/v2/ostargets.xml] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [ST:GetInstance Creating new instance] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [ST:GetInstance Added the new instance with id 70 into _instanceList] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [108] [] [ConnectMan] [] [ST:CTS id = 70 Checking https://88.88.88.88/zenworks-registration/v2/ostargets.xml] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [108] [] [ConnectMan] [] [ST:CHS id = 70 Adding host: 88.88.88.88, status: Unknown] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [108] [] [ConnectMan] [] [ST:CTS id = 70 Host: 88.88.88.88, IP address: 88.88.88.88] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [108] [] [ConnectMan] [] [ST:CIP id = 70 Using IP address: 88.88.88.88, status: Good] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.266] [2740] [ZenworksWindowsService] [108] [] [ConnectMan] [] [ST:GIP id = 70 Built location: https://88.88.88.88/zenworks-registration/v2/ostargets.xml using IP address 88.88.88.88] [] [] [] [ZENworks Agent]
And gets 403 ...... and says "Could not determine device type from <OS> tag: unsupported"
[DEBUG] [12/13/2024 10:50:39.297] [2740] [ZenworksWindowsService] [100] [] [ZenFile] [] [Unexpected exception getting ZenFileInfo for https://88.88.88.88/zenworks-registration/v2/ostargets.xml: The remote server returned an error: (403) Forbidden.
at System.Net.HttpWebRequest.GetResponse()
at Novell.Zenworks.ZenFileInfo..ctor(String fileName)] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.297] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [FindNextContent: badUri: https://88.88.88.88/zenworks-registration/v2/ostargets.xml, Exception: The remote server returned an error: (403) Forbidden.] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.297] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [FindNextcontent called with following sources:] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.297] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [https://88.88.88.88/zenworks-registration/v2/ostargets.xml] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.297] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [WebException: The remote server returned an error: (403) Forbidden., Status: ProtocolError] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.297] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [FindNextContent: Not trying to retry. Ignoring this retry] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.297] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [Marking IP Location https://mdm.server.si/zenworks-registration/v2/ostargets.xml: Bad] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.297] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [WebException] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.297] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [The remote server returned an error: (403) Forbidden.] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.297] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [WebExceptionStatus: ProtocolError] [] [] [] [ZENworks Agent]
[DEBUG] [12/13/2024 10:50:39.297] [2740] [ZenworksWindowsService] [100] [] [ConnectMan] [] [ at System.Net.HttpWebRequest.GetResponse()
at Novell.Zenworks.ZenFileInfo..ctor(String fileName)] [] [] [] [ZENworks Agent]
Manually (by browser) opening 88.88.88.88/.../ostargets.xml gets Access managers response "Access forbidden! Host name received is not for this web site." That's what Agent tries.
Manually (by browser) opening zen.server.si/.../ostargets.xml opens ostargets.xml file. So this is what we want !
The question is : Is there a way to persuade Agetn to use hostname in communication?