11/11/2008

You can use command-line commands to install and uninstall System Center Mobile Device Manager (MDM) system components. To use these commands, you must enter them at a command prompt in the directory for the relevant Setup file.

Msiexec.exe

You can use Msiexec.exe to perform all Microsoft Windows Installer functions at a command prompt. The following table shows the parameters for Msiexec.exe.

/i: Msiexec parameter: This is a standard Msiexec command to install or configure a product.

/l*xv <logfile>

Msiexec parameter: Turns on verbose logging with extra debugging information written to the log at the <logfile>location.

Note:
You should always turn on verbose logging when you run .msi, especially at a command prompt.

/qb: Msiexec parameter: Specifies the user interface level to Basic UI. Quiet mode, no user interaction. See the Setup log files and Event Viewer for warnings, errors, successes, failures, and other details.

/x: Msiexec parameter: Standard Msiexec parameter to uninstall a product.

For more information about the command-line options for Msiexec, see Msiexec at this Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkId=108053

Other Parameters

DeviceManagement.msi

Parameter	Required or Optional	Description
SQL_SRVR	This is required for the first MDM Device Management Server or MDM Enrollment Server installation (whichever comes first).	The fully qualified domain name (FQDN) of the computer that is running SQL Server where you will install MDM Databases. The installing administrator must have permissions to install databases, stored procedures and logins on the database.
SQL_ACCOUNT_TYPE	Optional (if DB_USER and DB_PWD are used)	The database authentication mode for the computer that is running SQL Server. By default, this value is "Current" for Windows Integrated Authentication. MDM sets this value to "Other" for SQL database authentication.
SRVR_CA	Recommended	The server certification authority to use to request certificates for MDM Device Management Server during Setup. You can omit this only if SKIP_SRVR_CERT_REQ is set to TRUE.
URI	Required for the first MDM Device Management Server installation	MDM Device Management Server or MDM Device Management Server load balancer FQDN. We recommend that you use a load balancer.
DMWEB_SSL_PORT	Optional	If unspecified, the default is 8443. The port that MDM Device Management Server Web site uses to listen.
ADMINWEB_SSL_PORT	Optional	If unspecified, the default is 8446. The port that MDM Device Management Server Administration Web site uses to listen.
DB_USER	Optional (not recommended)	We do not recommend that you use this optional value. Only specify this value if you do not use Windows Integrated Authentication to connect to a SQL database.
DB_PWD	Optional (not recommended)	We do not recommend that you use this optional value. Only specify this value if you do not use Windows Integrated Authentication to connect to an SQL database.
SKIP_SRVR_CERT_REQ	Optional (not recommended)	Optional. If set to TRUE it will skip server certificates requests from the specified certification authority (in SRVR_CA) during Setup. You must obtain and apply certificates manually. We do not recommend that you use this optional value.

For Enrollment.msi:

Parameter	Required or Optional	Description
SQL_SRVR	Required for the first MDM Device Management Server or MDM Enrollment Server installation (whichever comes first)	The FQDN of the computer that is running SQL Server on which you will install MDM databases. The installing administrator must have permissions to install databases, stored procedures and logins on the database.
SQL_ACCOUNT_TYPE	Optional (if DB_USER and DB_PWD are used)	The database authentication mode for the computer that is running SQL Server. By default, this value is "Current" for Windows Integrated Authentication. MDM sets this value to "Other" for SQL database authentication.
DEVICE_CA	Required for the first MDM Enrollment Server installation	The device certification authority to request certificates for device enrollment on to the domain.
SRVR_CA	Recommended	The server certification authority to request certificates for MDM Enrollment Server during Setup. You can omit this value only if SKIP_SRVR_CERT_REQ is set to TRUE.
EXT_URI	Required for the first MDM Enrollment Server installation	The FQDN for the external (device facing) MDM Enrollment Server or the external (device facing) MDM Enrollment Server load balancer. We recommend that you use a load balancer.
INT_URI	Required for the first MDM Enrollment Server installation	The FQDN for the internal (management tool facing) MDM Enrollment Server or the internal (management tool facing) MDM Enrollment Server load balancer. We recommend that you use a load balancer.
ADMINWEB_SSL_PORT	Optional	If unspecified, the default is 8445. The port that the MDM Enrollment Server Administration Web site uses to listen.
DB_USER	Optional (not recommended)	We do not recommend that you use this optional value. Only specify this value if you do not use Windows Integrated Authentication to connect to the SQL database.
DB_PWD	Optional (not recommended)	We do not recommend that you use this optional value. Only specify this value if you do not use Windows Integrated Authentication to connect to the SQL database.
SKIP_SRVR_CERT_REQ	Optional (not recommended)	We do not recommend that you use this optional value. If set to TRUE, this value skips requests for server certificates from the specified certification authority (in SRVR_CA) during Setup. You must obtain and apply certificates manually.
SKIP_URI_CHECK	Optional (not recommended)	We do not recommend that you use this optional value. If set to TRUE, this value skips FQDN validation on internal and external enrollment. This means that Setup will not try to validate and resolve these FQDNs. Use this option only if you have problems resolving FQDNs.
ENWEB_SVC_ACC	Optional	If you install MDM Enrollment Server in a language that differs from that of the Microsoft SQL Server® installation, and you connect to the server that is running SQL Server remotely, you must specify the name of the Anonymous account on the server that is running SQL Server by using the ENWEB_SVC_ACC parameter. The following example shows you how to run Setup if you install the English version of MDM Enrollment Server but use a remote connection to a computer that is running the German version of SQL Server: msiexec /i Enrollment.msi ENWEB_SVC_ACC="NT-AUTORITÄT\ANONYMOUS-ANMELDUNG"

For AdminTools.msi

Parameter	Required or Optional	Description
ADDLOCAL	Required	Lets the installing administrator specify which components to install. This can be a comma separated values (.csv) list that has the following values: MDM_MANAGEMENT: MDM Management Console SOFTWARE_DISTRIBUTION: MDM Software Distribution Console GROUP_POLICY_EXT: MDM Group Policy Extensions ALL: install all components Examples: The following will install MDM Console only silently, with basic UI: Msiexec /i AdminTools.msi ADDLOCAL="MDM_MANAGEMENT" /qb /lxv <path of log file>* The following will install all components silently, with basic UI: msiexec.exe /i AdminTools.msi ADDLOCAL="ALL" /qb /lxv <path of log file>*

Parameter

Required or Optional

Description

ADDLOCAL

Required

Lets the installing administrator specify which components to install. This can be a comma separated values (.csv) list that has the following values:

MDM_MANAGEMENT: MDM Management Console
SOFTWARE_DISTRIBUTION: MDM Software Distribution Console
GROUP_POLICY_EXT: MDM Group Policy Extensions
ALL: install all components

Examples:

The following will install MDM Console only silently, with basic UI:

Msiexec /i AdminTools.msi ADDLOCAL="MDM_MANAGEMENT" /qb /l*xv <path of log file>

The following will install all components silently, with basic UI:

msiexec.exe /i AdminTools.msi ADDLOCAL="ALL" /qb /l*xv <path of log file>

For Gateway.msi

Parameter	Required or Optional	Description
VPN_IP	Required	The IP address for MDM Gateway Server management. This should be the company network-facing address. Note This IP address is not validated. Make sure that you type the correct address.
VPN_PORT	Required	The port for MDM Gateway Server management. This should be the same port that you used for the Add MDM Gateway Wizardfor MDM Gateway Server management.
CERT_SSL_HASHCODE	Required	The Gateway Authentication certificate hash code. To find the hash code or thumbprint for a certificate, see the following Note.
CERT_CTL_HASHCODE	Required	The certification authority certificate hash code for the root certificate. To find the hash code or thumbprint for a certificate, see the following Note. The certification authority must be a root certification authority.

Note:
When you install MDM Gateway Server at a command prompt, you must supply the certificate hash codes to determine which certificates that you want to configure with IIS. You can obtain certificate information by using the Certificate MMC snap-in. To find the hash code, double-click the certificate, choose the Detailstab, and then locate the Thumbprintvalue. The thumbprint is a hexadecimal string that you can copy and paste on to the command line. Make sure that you omit any spaces in the hexadecimal string. Another way to obtain these values is to use MDM Gateway Server Setup in UI mode. In the Certificate Pickerdialog box, choose the Detailstab.

Note:

When you install MDM Gateway Server at a command prompt, you must supply the certificate hash codes to determine which certificates that you want to configure with IIS. You can obtain certificate information by using the Certificate MMC snap-in. To find the hash code, double-click the certificate, choose the Detailstab, and then locate the Thumbprintvalue. The thumbprint is a hexadecimal string that you can copy and paste on to the command line. Make sure that you omit any spaces in the hexadecimal string. Another way to obtain these values is to use MDM Gateway Server Setup in UI mode. In the Certificate Pickerdialog box, choose the Detailstab.

MDM Enrollment Server

Install Command

	Copy Code
msiexec.exe /i enrollment.msi SQL_SRVR=<SQL_SRVR_NAME> DEVICE_CA=<CA_SRVR_NAME>\<CA_INSTANCE_NAME> SRVR_CA=<CA_SRVR_NAME>\<CA_INSTANCE_NAME> EXT_URI=<EXT_URI_NAME> INT_URI=<INT_URI_NAME> /l*xv d:\logs\enrollmentLog.txt /qb

Copy Code

msiexec.exe /i enrollment.msi SQL_SRVR=<SQL_SRVR_NAME>
DEVICE_CA=<CA_SRVR_NAME>\<CA_INSTANCE_NAME>
SRVR_CA=<CA_SRVR_NAME>\<CA_INSTANCE_NAME>
EXT_URI=<EXT_URI_NAME> INT_URI=<INT_URI_NAME> /l*xv
d:\logs\enrollmentLog.txt /qb

Uninstall Command

	Copy Code
msiexec.exe /x enrollment.msi /qb SQL_SRVR= "dbsrvr" remove_db=<true\|false> /l*xv <logfile>

You should only use the remove_db parameter when you want to remove the whole MDM system from your environment.

MDM Device Management Server

Install Command

	Copy Code
msiexec.exe /i DeviceManagement.msi SQL_SRVR=<SQL_SRVR_NAME> SRVR_CA=<CA_SRVR_NAME>\<CA_INSTANCE_NAME> URI=<DM_URI_NAME> DMWEB_SSL_PORT=<DM_SSL_PORT> ADMINWEB_SSL_PORT=<ADMIN_SSL_PORT> /l*xv d:\logs\DMLog.txt /qb

Copy Code

msiexec.exe /i DeviceManagement.msi SQL_SRVR=<SQL_SRVR_NAME>
SRVR_CA=<CA_SRVR_NAME>\<CA_INSTANCE_NAME>
URI=<DM_URI_NAME> DMWEB_SSL_PORT=<DM_SSL_PORT>
ADMINWEB_SSL_PORT=<ADMIN_SSL_PORT> /l*xv d:\logs\DMLog.txt
/qb

Uninstall Command

	Copy Code
msiexec.exe /x DeviceManagement.msi /qb SQL_SRVR="dbsrvr" remove_db=<true\|false> /l*xv <logfile>

You should only use the remove_db parameter when you want to remove the whole MDM system from your environment.

MDM Gateway Server

Install Command

	Copy Code
msiexec.exe /i Gateway.msi /qb VPN_IP=<InternalIP> VPN_PORT=<SSL_PORT> CERT_SSL_HASHCODE=<Gateway Authentication certificate hash code> CERT_CTL_HASHCODE=<Certification Authority certificate hash code for the root certificate>

Copy Code

msiexec.exe /i Gateway.msi /qb VPN_IP=<InternalIP>
VPN_PORT=<SSL_PORT> CERT_SSL_HASHCODE=<Gateway
Authentication certificate hash code>
CERT_CTL_HASHCODE=<Certification Authority certificate hash code
for the root certificate>

Note:
When you install MDM Gateway Server at a command prompt, you must supply the certificate hash codes to determine which certificates that you want to configure with IIS.

MDM Administrator Tools

Install Command

	Copy Code
msiexec.exe /i AdminTools.msi ADDLOCAL="MDM_MANAGEMENT,SOFTWARE_DISTRIBUTION,GROUP_POLICY_EXT" ALLUSERS=1 /l*xv d:\logs\AdminLog.txt /qb

Important:
The ADDLOCAL property accepts only case-sensitive values. The input must be in uppercase letters. For example, ADDLOCAL="MDM_MANAGEMENT,GROUP_POLICY_EXT,SOFTWARE_DISTRIBUTION"

Uninstall Command

	Copy Code
msiexec.exe /x AdminTools.msi /qb

Remove Features Command

	Copy Code
msiexec /i AdminTools.msi /qb REMOVE="<Feature List>"



Command-Line Options