See other articles in the series:
In the first article, we went over the basic architecture. Now we are going to go about installing XenMobile Device Manager on our PHDC-XENDM01 server.
First, lets go to www.citrix.com and download the needed software:
Besides that, we also need to install Java on the server. At the time of this writing, I used Java version 7 Update 51:
We also need to download a specific Java policy, Java Cryptography Extension Unlimited Strength from http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
Once, we have the software, lets log into PHDC-XENDM01, which is running Windows Server 2012 STD.
First, lets disable IPV6 on the server. Run the following command from powershell:
|New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters -Name DisabledComponents -PropertyType DWord -Value 0xffffffff|
Also, run msconfig and disable UAC:
After, reboot the server.
Once it comes back up, it’s time to install Java. This is a simple, next, next finish install:
Next, we need to go into UnlimitedJCEPolicy folder. We need to copy the two files local_policy.jar and US_Export_policy.jar:
To the following two locations:
If you don’t complete the above steps, you will get an error when you launch the Device Manager console, and iOS devices will not be able to register.
Next, lets get SQL ready. We need to open SQL Management Studio on PHDC-SQL01. Navigate to Security->Logins->New Login
Make sure you create the login as SQL Server authentication. We will use the login name xenmobile and set the password to whatever you like. Next click the server roles tab, and we will select sysadmin. Make sure that this security is allowed in your environment before making this setup.
Before we start the install of Device Manager, if we are registering iOS devices, we need to request a certificate from Apple for an APNS certificate. We then need to submit that request to XenMobile helpdesk for them to sign the request before completing the request with apple.
On a server with IIS installed (not the XenMobile Device Manager server, as IIS will break Device Manager), we need to create a certificate request for our Device Manager namespace, which in our case is mobile.accessabacus.com . Open IIS Manager and click on Server Certificates:
Then click on create Certificate Request, and fill out the certificate. Ensure the common name is the one that devices will be hitting to register with Device Manager. Again ours is mobile.accessabacus.com
Select Next, and on Cryptographic Service Provider Properties, change the Bit Length to 2048:
Select next, and save the request to your c drive:
Next create an email to firstname.lastname@example.org and request to have the certificate signed, ensure to attach the request you created above. You will receive an email back with the signed request.
Take the file you get back, and log into https://identity.apple.com/pushcert. If you don’t have a developer ID, create one, its free.
Click Create a Certificate:
Accept the agreement, and upload the signed request file. You can then download your complete certificate request:
Now, log back into the same server where you created the certificate request and go back to IIS->Server Certificates. Now click on Complete Server Certificate, and select the file you downloaded from the Apple website. Give it a friendly name so you can easily identify it. In my case I’ll call it iOS MDM.
Next, open up MMC on the same server you completed the certificate request on. Click on File->Add/Remove Snap in, select certificates and add it, select local computer:
Navigate to Certificates->Personal->Certificates. Select the iOS MDM you created before, right click and select all tasks, export:
Ensure you select Yes Export the private key:
It will ask you to password protect the file, ensure you remember it as you will need it when you install Device Manager.
Select a file name and save the file:
Okay, we are FINALLY ready to install Device Manager.
Copy the PFX file you exported to PHDC-XENDM01. Then, lets run the XenMobileDeviceManager Installer.
Select Next until you get to the component screen. Unselect Database Server. This will allow us to use Microsoft SQL and not the Postgres SQL that comes with Device Manager:
Select the default install path and click next, let the installer begin. It will ask you for the license file for the install, browse to it and select the file. You can request free trials from Citrix as well:
Next brings you to Configure Database Connection. Select SQL Server/jTDS. Fill out the info:
The user name should be the user we created in SQL before. The database name can be anything you want. the installer will realize its missing and ask if you want to create it when you select Check the connection:
Click create, and then next.
Leave this screen blank, and select next:
Select next at the Configure iOS usage screen:
Then click on next through all the IP configuration:
Next we will come to the Define the Root Certification Authority. This will create a self signed certificate store. Enter a keystore password to create, to the same for the next three screens:
For the last one, define a certificate for HTTPS, you need to add the FQDN that users are connecting to this server on. In our case, its mobile.accessabacus.com:
**If after you want to replace this certificate with your own, complete the install and then follow my article here: http://port25guy.com/2013/11/18/import-a-3rd-party-certificate-into-xenmobile/**
Next page, browse to the PFX file that holds your Apple APNS certificate, and enter the password you used to protect it:
Select next, leave the default port for Remote Support tunnels:
Next, select the default admin username and password:
Click Next, and then finish.
Next time, we will go over configuring the XenMobile Device Manager Server and publishing it using the Netscaler.