the client I am currently with are about to start sub-netting their
network (as its a completely flat structure at the moment), and they plan
to do this over the next couple of months.

The current system is:

2 x Windows 2003 primary servers (same lan segment)
1 x MS SQL server (external database)

1800 client workstations (Zenworks adaptive agent installed)

There are 3 sites (all on the same flat lan), which they intend to segment
off, along with various vlans and a backbone onto which they intend to put
the new data centers & servers.

Unfortunately when the original consultants came in to install the first
ZCM 10 server, they created an internal certificate based upon the server
IP Address.

Subsequently all the managed devices now use a certificate containing the
ip address and not the FQDN of the server.

I have checked and confirmed this on the managed devices by examining the
..cer file found in c:\windows\zenworks\bin and also by looking at the
certificate stored via Internet Explorer and examining the
\\hklm\Software\Novell\Zenworks\CASubject (which gives a value of
"O=Internal Certificate Authority, OU=ZENworks, CN=")

I believe that they intend to change the ip address of the server during
the move, but not its FQDN and would like to make some recommendations to
protect their current & future investment in the product.

I have read the documentation for Zenworks 10.2, zcm_system_admin.pdf,
section II, chapter 11, para 11.4 and para 11.5 to do with changing the
servers ip address and/or dns name/ip address, but it is not clear in para
11.4 whether it has been assumed that the certificate has been issued with
the FQDN or the ip address of the server.

Could someone clarify for me please and point us in the right direction to
remedy the situation as section 11.4 has far, far, far less work/impact
than section 11.5.

Many thanks,