I'm with a school district and using ZenWork 11.3.2, to manage all the computers in the district. All school sites are connected back to the district office by 100 Mb fiber with no ZCM primary server at the school, I do have e-dir server at the school sites. We have 2 primary ZCM 1 ZCM DB server at the district office. Looking for a way to have the schools to still login if the WAN link is down with out getting the Zen login box popping up and they have to click cancel to go on to desktop.

I have been testing with at satellite server with authentication role enabled and pointed it to the LDAP server on site for the user source. Then I simulate a WAN failure so the workstation can not talk to the primary server or the e-dir servers other than the one on site at the school. My test results show the computer can authenticate to e-dir successfully but then in a few second it throws the Zen login box up. I put the user password in it and it comes back with an error (Unable to log into the network because the login credentials or the server certificate is incorrect). So the only thing I can do is click cancel to move on to desktop. Not being able to login to ZCM the user does not get user group-policy or user bundles. It also corrupts the user ZCM cache so even when connection has been reestablished to ZCM primary server the user group-policy will not apply to the user until you do a zac cc, zac ref, and reboot the computer.

So is there a way to make the site survivability if the WAN link is down with a satellite server or is a primary server required to login even if you have a satellite server that is handling the authentication. Is there more I need to do to the satellite server, like some how importing the CA in to it?