We have been running ZCM for quite a long time and the internal certificate expired. Single Primary Server, running 11.4.2.0.

Another tech acted on the remint process and it appeared to succeed. Windows clients running agents with a version of 11.4.2.12471 have been reconnecting on their own.

Many workstations are still running version 11.3.1.39328 and cannot connect.

I tried enabling debug logging and am seeing the following message(s):

[INFO] [08/20/2018 14:37:46.058] [1868] [ZenworksWindowsService] [61] [] [ZenCertificatePolicy] [ZMD.CertificateChainError] [Error in the TLS certificate chain. Message: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.


[DEBUG] [08/20/2018 14:37:46.060] [1868] [ZenworksWindowsService] [61] [] [ConnectMan-ping] [] [web request exception: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationExcep tion: The remote certificate is invalid according to the validation procedure.


We have been working around the issue by running:

zac unr -f
zac reg https://server.loc/


We haven't found an easy way to automate this process or any other process to get the bulk of our workstations to reconnect.

A "ZENworks update for certificate remint" System Update was created and has been trying to run for many days but it is not progressing. I have rebooted the Primary Server.

Has anyone else run into this issue?

Thanks in advance to anyone who can offer assistance!