Install and Configure IIS for MDM
2/9/2009
Before you install Internet Information Services (IIS) 6.0, you must consider configuration and integration issues that can affect System Center Mobile Device Manager deployment and operation. To help make sure that MDM implementation goes smoothly, follow the best practices for installing and managing IIS in this section.
IIS Installation Best Practices
As you plan your IIS installation, follow these best practices:
- Back up the IIS metabase: Before and after you install each System Center Mobile Device Manager server, make sure that you back up the IIS metabase. For more information about how to back up the IIS metabase, see Back Up and Restore the IIS Metabase (IIS 6.0) at this Microsoft Web page: https://go.microsoft.com/fwlink/?LinkId=103605.
- Do not change the Web configuration files: Each Web service in MDM includes a Web.config file. Do not modify this file. If you modify a Web.config file, any changes can reduce MDM performance or result in system failure.
- Do not co-host other Web-based services: Do not host other Web-based services on MDM servers, except for Windows Server Update Services (WSUS).
- Avoid service conflicts with WSUS: If you install WSUS on an MDM Enrollment Server, make sure that you install it correctly to avoid service conflicts between IIS and MDM Device Management Server Web services. Make sure that you specify the correct ports during installation, and do not rely on the default settings. For more information, see Install WSUS 3.0 SP1 on MDM Servers.
- Install IIS after you install the .NET Framework 2.0: If, after you install IIS, .NET-connected Web services do not appear as available services in IIS, you might have to repair .NET. To obtain a script to help repair .NET in this scenario, see How to repair IIS mapping after you remove and reinstall IIS on the Microsoft Knowledge Base Web page here: https://go.microsoft.com/fwlink/?LinkId=105657.
For more information about how to install and enable IIS 6.0 on Windows Server 2003, see the following Microsoft Web pages:
https://go.microsoft.com/fwlink/?LinkID=88380
https://go.microsoft.com/fwlink/?LinkId=105658
Changing IIS Settings
We strongly recommend that you do not change the IIS settings on any MDM server unless a Microsoft representative instructs you to change these settings. The following lists the server types for the templates in which to apply this recommendation:
MDM Device Management Server
Usage | Certificate Template |
---|---|
Administration Web site |
SCMDMWebServer (InstanceName) |
Device Management Web site |
SCMDMWebServer (InstanceName) |
Gateway Central Management (GCM) |
SCMDMGCM (InstanceName) |
MDM Enrollment Server
Usage | Certificate Template |
---|---|
Enrollment Web site |
SCMDMWebServer (InstanceName) |
Administration Web site |
SCMDMWebServer (InstanceName) |
MDM Gateway Server
Usage | Certificate Template |
---|---|
Gateway Web site |
SCMDMWebServer (InstanceName) |
Managed device
Usage | Certificate Template |
---|---|
Device authentication |
SCMDMMobileDevice (InstanceName) |
Set IIS to Allow x64-bit Applications
MDM server roles require x64-bit hardware and software for successful operation. To make sure that IIS enables 64-bit programs to run, follow these steps on any server that is currently running 32-bit applications and will have an MDM Device Management Server, MDM Enrollment Server, and MDM Gateway Server role. 32-bit applications will no longer function after the script is run. World Wide Web Publishing service does not support running 32-bit and 64-bit worker processes concurrently on the same server.
Note
It is not necessary to run this script on a newly installed 64-bit operating system on which no 32-bit applications are running.
To configure and verify IIS x64-bit configuration
On the Start menu, choose Run.
At the command prompt, type cmd, and then press ENTER.
Type the following command to disable 32-bit mode, and then press ENTER:
Cscript %SYSTEMDRIVE%\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 0
The output expected is <boolean> False.
In Internet Information Services Manager, make sure that the status of ASP.NET version 2.x is displayed as Allowed in the Web service extension list.