Step by Step: Install Mobile Device Legacy Client in System Center 2012 Configuration Manager

  • Article

In System Center 2012 Configuration Manager, there’re multiple ways to manage a device: https://technet.microsoft.com/en-us/library/gg682022.aspx. In this blog, we will give the detailed step by step guidance on how to install the mobile device legacy client.

In general, there’re five steps:

1.      Prepare the necessary PKI certificate

Follow the link https://technet.microsoft.com/en-us/library/gg699362.aspx for the PKI certificate requirements for Management Point, Distribution Point and mobile devices.

Follow the link https://technet.microsoft.com/en-us/library/gg682023.aspx for step by step guidance on deploy the certificate for Management Point, Distribution Point, and mobile device.

2.      Configure CA Web Enrollment server to use SSL

This is required for CM 2012

3.      Enable Device Management Point and Configure Distribution Point on CM Site Server

4.      Prepare client installation files

5.      Transfer the installation files to device and start install

 

Now we will give the details on step 3 & 4.

Enable Device Management Point (DMP)

Open SCCM Admin Console, and go to Administration \ Overview \ Site Operations \ Servers and Site Systems roles. In the Site System Roles panel, right click “Management Point”, and choose “Allow mobile devices to use this management point”.

 To verify DMP is installed successfully, you can either check the DMPSetup.log or use self-test URL: https://<siteserName>/devicemgmt?selftest

 

Configure Distribution Point (DP) with HTTPS

Open SCCM Admin Console, and go to Administration \ Overview \ Site Operations \ Servers and Site Systems roles. In the Site System Roles panel, right click “Distribution Point”, in the “General” Panel, select “Allow intranet and Internet connections”

 

Prepare Client Installation Files

To install mobile device legacy client, we need to prepare for the installation files. Each device platform has its own specific installation files. Generally, for all the platforms, they will need 7 files:

  • EXE File to start the setup – dmclientsetup_$(arch).exe

The file is located under

%SCCM_Installed_Dir%\DeviceClientDeployment\ClientTransfer\00000409.

  • EXE File to enroll the client authentication certificate – enroll_$(arch).exe

The file is located under

%SCCM_Installed_Dir%\DeviceClientDeployment\ClientTransfer\00000409.

Re-name is required. Please rename the file to “enroll.exe”.

  • CAB File to install the client – deviceclient_$(platform)_$(arch).cab

The file is located under

%SCCM_Installed_Dir%\DeviceClientDeployment\ClientTransfer\00000409.

Don’t rename this file. It will fail to install if the file names changes.

  • INI configuration file – clientsettings.ini

The sample setting file is located under

%SCCM_Installed_Dir%\DeviceClientDeployment\ClientTransfer\.

Don’t rename this file.

In the ClientSettings.ini, we need configure below settings before kick-off the installation.

Setting name

How to configure

CertEnrollServer

FQDN of the machine which hosts the CA.

DMServerName

FQDN of the machine which hosts the DMP site system role

SiteCode

Site code the primary site which DMP belongs to.

FSPServerName

FQDN of the machine which hosts the FSP site system role. If your site has no FSP, please ignore this setting

SMSPublicRootKey

You can get the key from file

%SCCM_Installed_Dir%\bin\i386\MobileClient.tcf (open the file with notepad)

 

  • CA’s root certificate to trust all the certificates this CA issues.
  • Site Server Signing Certificate(SSSC.cer)---The site server cert. It's under SMS in the computer cert store and has subject name hard coded to "Site Server"
  • MPCERT.cer---The Web Server certificate of the DMP machine

 

After file preparation, we will have 7 files for each platform. Let’s take WinCE 6.0 for example, and assuming the CE machine is ARM. We will have below files.

  1. Dmclientsetup_arm.exe
  2. Enroll.exe (renamed from enroll_arm.exe)
  3. Deviceclient_wince6.0_arm.cab
  4. Clientsettings.ini
  5. Root.cer
  6. SSSC.cer
  7. MPCERT.cer

Now to install client agent becomes easier.

Copy files to the device

Kick off the process dmclientsetup_arm.exe

Log files are located at CE machine’s \Temp\ folder. If the installation failed, please check the network connectivity between CE machine and CA, between CE machine and DMP.

 

--Nina Qin