Before a mobile device can be managed by Microsoft System Center Configuration Manager 2007, the mobile device client must be installed on the mobile device. The mobile device client can be deployed using one of the following methods:

Distribute a Configuration Manager 2007 package to an ActiveSync-connected or a Mobile Device Manager-connected client computer. For more information about mobile device synchronization, see the Device Synchronization web page (http://go.microsoft.com/fwlink/?LinkId=86558).

The deployment process is also used to install, upgrade and uninstall the policy-aware password program for Pocket PC 2003 mobile devices.

Prerequisites

Installation of the Configuration Mangier 2007 mobile device client on mobile devices requires the following:

In addition, using Configuration Manager 2007 software distribution to install the device management client requires the following:

Certificate Enrollment

If your environment is configured for native mode or server authentication mode, certificate enrollment will be required. Certificate enrollment allows the mobile device user to use a certification authority (CA) to enroll a user authentication certificate. This certificate will be used for SSL authentication when the mobile device communicates with Configuration Manager 2007 servers and for registration in native mode. In order to be issued a certificate the user will need to authenticate to the CA one time during the client installation process. This may require a corporation network connection as most certification authorities are not exposed to the Internet. Enforcing certificate enrollment is configured in either ClientSettings.ini or DMCommonInstaller.ini using the CertEnrollAction=Enroll setting. For more information, see How to Edit the Mobile Device Client Configuration .ini File. The enrollment process can use the enrollment software included with Configuration Manager 2007 or enrollment software produced by the enterprise.

The Mobile Device Client Install and Upgrade Processes

Once the files necessary are on the mobile device, the upgrade or installation process calls the DMInstaller_[platform].exe program. In order to be allowed to run on the device, DMInstaller_[platform].exe is signed with an unprivileged version of the Mobile2Market certificate.

Note
Signing does not apply to Windows Mobile Pocket PC 2003 or Windows CE devices.

The Mobile2Market unprivileged certificate will be trusted by most devices but will not have elevated permissions on the device. DMInstaller_[platform].exe then attempts to install the Microsoft Authenticode code-signing certificate in the privileged execution store and software publishing certificates (SPC) store of the mobile device. If the installation fails and the device is connected via an already managed Configuration Manager 2007 client, a status message will also be sent describing the failure. DMInstaller_[platform].exe will exit the installation process without calling the client setup files. An error log message will also be left on the device in the DMInstaller.log which reads "Access Denied (0x8007005)."

If the mobile operator or mobile device vendor has not restricted privileges on the mobile device and the Mobile2Market unprivileged certificate is trusted by the mobile device then the mobile device is assumed to be unlocked and available to be managed. The Microsoft Authenticode certificate will be installed with elevated privileges. DMInstaller_[platform].exe then calls DMClientSetup_[platform].exe which installs the mobile device management client on the mobile device.

The DMClientSetup.exe then exits and mobile device client installation is complete. For more information about how to verify mobile device installation, see How to Verify Mobile Device Client Installation or Upgrade.

Installing, Upgrading and Uninstalling the Mobile Device Client

The mobile device client setup program (DMClientSetup_[platform].exe) is used to install, update and uninstall the mobile device client on the mobile device. The client installation action is configured in either DMCommonInstaller.ini or ClientSettings.ini using the ClientInstallAction setting. The ClientInstallAction accepts three values:

  • None - Reconfigure the client settings.

  • Install - Installs the mobile device management client or upgrades the device management client if the mobile device client is older than the client deployed with the client installation package

  • Uninstall - Remove the device management client

Mobile device management settings will be set depending upon the state of the mobile device client:

Device state at connection time

Client deployment action

No client

Install deployed client

Older client than deployed client

Upgrade to deployed client

Same client as staged client

Reconfigure client settings

Newer client than staged client

No action

Note
Any Configuration Manager 2007 client settings on the mobile device that do not conform to the new client configuration will be overwritten by the newly installed settings. This includes any settings the user may have changed on the device

Repairing the Mobile Device Client

To repair a damaged mobile device client, uninstall the damaged mobile device client and then reinstall the mobile device client on the mobile device. For more information on uninstalling the mobile device client, see How to Remove the Mobile Device Client.

Log Files for Mobile Device Client Installation

As client installation proceeds on the mobile device, log files are generated on the device. The log files can be used to confirm that the installation was completed. After successful client installation, the following log files can be found on the mobile device:

  • DMInstaller[date:time].log

  • DMClientSetup[date:time].log

  • DMSvc[date:time].log

  • DMCertEnroll[date:time].log will only be present if the mobile device client installation enrolled certificates.

For more information, see How to Configure Logging for Windows Mobile and Windows CE Devices.

Reports for Client Installation

The following reports can be used to verify the progress or success of mobile device client installation:

  • Software Distribution Status Report for DM client install program

  • Configuration Manager client computers reporting ActiveSync-connected devices Device Client

  • Device Client Agent Deployment Status Details

  • Device Client Agent Deployment Failure Report

  • Device Client Agent Deployment Success Report

  • Device Client Agent Health Summary

  • Device Clients in Healthy condition

  • Device Clients in unhealthy condition due to certificate issues

  • Device Clients in unhealthy condition due to communication issues

  • Device Clients in unhealthy condition due to local client issues

In This Section

How to Manually Transfer and Install the Mobile Device Management Client

Provides the steps to create a client deployment package and manually install it on a mobile device.
How to Install the Mobile Device Management Client Using Software Distribution to a Desktop Computer Running ActiveSync or Mobile Device Center

Provides the steps to create a client transfer package and then distribute and install it via a Configuration Manager 2007 managed computer that synchronizes with a mobile device.
How to Upgrade the Mobile Device Management Client Over the Air

Provides the steps to create a client transfer package and then distribute and install it to Configuration Manager 2007 managed mobile devices.
How to Manually Install the Mobile Device Client via ActiveSync or Mobile Device Center Synchronization

Provides the steps to create a client deployment package and then install it via a computer that synchronizes with mobile devices.

See Also