How to Install or Upgrade the Mobile Device Management Client
Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
Before a mobile device can be managed by Microsoft System Center Configuration Manager 2007, the mobile device client must be installed on the mobile device. The mobile device client can be deployed using one of the following methods:
Distribute a Configuration Manager 2007 package to an ActiveSync-connected or a Mobile Device Manager-connected client computer. For more information about mobile device synchronization, see the Device Synchronization web page (http://go.microsoft.com/fwlink/?LinkId=86558).
Manually install via an ActiveSync-connected or a Mobile Device Center-connected client computer.
Manually transfer and run installation files on the mobile device using a memory card or transferring files from a shared directory
Upgrade an already managed mobile device over-the-air
The deployment process is also used to install, upgrade and uninstall the policy-aware password program for Pocket PC 2003 mobile devices.
Installation of the Configuration Mangier 2007 mobile device client on mobile devices requires the following:
A properly configured Mobile Device Client Agent. For more information, see How to Configure the Mobile Device Client Agent.
A mobile device client deployment folder containing all necessary client installation files. For more information, see How to Create a Folder for Mobile Device Client Deployment.
A DMCommonInstaller.ini file or ClientSettings.ini file properly configured for your environment. For more information, see How to Edit the Mobile Device Client Configuration .ini File.
In addition, using Configuration Manager 2007 software distribution to install the device management client requires the following:
One or more management points enabled for mobile device management. For more information, see How to Enable a Mobile Device Management Point.
One or more distribution points enabled for mobile device management. For more information, see How to Enable Distribution Points to Support Mobile Devices.
To target collections of Configuration Manager 2007 managed computers that synchronize with mobile devices the hardware inventory of those computers must be extended. For more information, see How to Distribute Inventory Extension to Client Desktop Computers for Mobile Device Management.
If your environment is configured for native mode or server authentication mode, certificate enrollment will be required. Certificate enrollment allows the mobile device user to use a certification authority (CA) to enroll a user authentication certificate. This certificate will be used for SSL authentication when the mobile device communicates with Configuration Manager 2007 servers and for registration in native mode. In order to be issued a certificate the user will need to authenticate to the CA one time during the client installation process. This may require a corporation network connection as most certification authorities are not exposed to the Internet. Enforcing certificate enrollment is configured in either ClientSettings.ini or DMCommonInstaller.ini using the CertEnrollAction=Enroll setting. For more information, see How to Edit the Mobile Device Client Configuration .ini File. The enrollment process can use the enrollment software included with Configuration Manager 2007 or enrollment software produced by the enterprise.
The Mobile Device Client Install and Upgrade Processes
Once the files necessary are on the mobile device, the upgrade or installation process calls the DMInstaller_[platform].exe program. In order to be allowed to run on the device, DMInstaller_[platform].exe is signed with an unprivileged version of the Mobile2Market certificate.
Signing does not apply to Windows Mobile Pocket PC 2003 or Windows CE devices.
The Mobile2Market unprivileged certificate will be trusted by most devices but will not have elevated permissions on the device. DMInstaller_[platform].exe then attempts to install the Microsoft Authenticode code-signing certificate in the privileged execution store and software publishing certificates (SPC) store of the mobile device. If the installation fails and the device is connected via an already managed Configuration Manager 2007 client, a status message will also be sent describing the failure. DMInstaller_[platform].exe will exit the installation process without calling the client setup files. An error log message will also be left on the device in the DMInstaller.log which reads "Access Denied (0x8007005)."
If the mobile operator or mobile device vendor has not restricted privileges on the mobile device and the Mobile2Market unprivileged certificate is trusted by the mobile device then the mobile device is assumed to be unlocked and available to be managed. The Microsoft Authenticode certificate will be installed with elevated privileges. DMInstaller_[platform].exe then calls DMClientSetup_[platform].exe which installs the mobile device management client on the mobile device.
The DMClientSetup.exe then exits and mobile device client installation is complete. For more information about how to verify mobile device installation, see How to Verify Mobile Device Client Installation or Upgrade.
Installing, Upgrading and Uninstalling the Mobile Device Client
The mobile device client setup program (DMClientSetup_[platform].exe) is used to install, update and uninstall the mobile device client on the mobile device. The client installation action is configured in either DMCommonInstaller.ini or ClientSettings.ini using the ClientInstallAction setting. The
ClientInstallAction accepts three values:
None - Reconfigure the client settings.
Install - Installs the mobile device management client or upgrades the device management client if the mobile device client is older than the client deployed with the client installation package
Uninstall - Remove the device management client
Mobile device management settings will be set depending upon the state of the mobile device client:
Device state at connection time
Client deployment action
Install deployed client
Older client than deployed client
Upgrade to deployed client
Same client as staged client
Reconfigure client settings
Newer client than staged client
Any Configuration Manager 2007 client settings on the mobile device that do not conform to the new client configuration will be overwritten by the newly installed settings. This includes any settings the user may have changed on the device
Repairing the Mobile Device Client
To repair a damaged mobile device client, uninstall the damaged mobile device client and then reinstall the mobile device client on the mobile device. For more information on uninstalling the mobile device client, see How to Remove the Mobile Device Client.
Log Files for Mobile Device Client Installation
As client installation proceeds on the mobile device, log files are generated on the device. The log files can be used to confirm that the installation was completed. After successful client installation, the following log files can be found on the mobile device:
DMCertEnroll[date:time].log will only be present if the mobile device client installation enrolled certificates.
For more information, see How to Configure Logging for Windows Mobile and Windows CE Devices.
Reports for Client Installation
The following reports can be used to verify the progress or success of mobile device client installation:
Software Distribution Status Report for DM client install program
Configuration Manager client computers reporting ActiveSync-connected devices Device Client
Device Client Agent Deployment Status Details
Device Client Agent Deployment Failure Report
Device Client Agent Deployment Success Report
Device Client Agent Health Summary
Device Clients in Healthy condition
Device Clients in unhealthy condition due to certificate issues
Device Clients in unhealthy condition due to communication issues
Device Clients in unhealthy condition due to local client issues
In This Section
- How to Manually Transfer and Install the Mobile Device Management Client
Provides the steps to create a client deployment package and manually install it on a mobile device.
- How to Install the Mobile Device Management Client Using Software Distribution to a Desktop Computer Running ActiveSync or Mobile Device Center
Provides the steps to create a client transfer package and then distribute and install it via a Configuration Manager 2007 managed computer that synchronizes with a mobile device.
- How to Upgrade the Mobile Device Management Client Over the Air
Provides the steps to create a client transfer package and then distribute and install it to Configuration Manager 2007 managed mobile devices.
- How to Manually Install the Mobile Device Client via ActiveSync or Mobile Device Center Synchronization
Provides the steps to create a client deployment package and then install it via a computer that synchronizes with mobile devices.
Checklist for Mobile Device Management
How to Configure Logging for Windows Mobile and Windows CE Devices
How to Distribute Inventory Extension to Client Desktop Computers for Mobile Device Management
How to Verify Mobile Device Client Installation or Upgrade
For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.