Windows Server 2008 R2 Enterprise, minimo SP1- Instalar Windows Server 2008 R2 Enterprise, minimo SP1.Windows 2003 CA Server is not compatible with Apple iOS4

RemoteDesktop- Activar RemoteDesktop (PC → Properties → Remote Settings → “Allow connections”)

Internet Explorer 8 (máximo)- Afaria no soporta oficialmente el nuevo IE9, y yo me encontré con muchos problemas de configuración. Para desinstalar la versión IE9 y volver a la anterior, debes ir a Inicio → Windows Update → Actualizaciones Instaladas → quitar el IE9. Deberás reiniciar.+info: http://frontline.sybase.com/support/resolutionDetails.aspx?KBID=7058

Redistributables- Instalar los programas de la carpeta Redistributables:- Instalar .NET Framework 3.5- Instalar .NET Framework 4.0- Instalar CrystalReportsRuntime para x64 y x86. - Instalar VC_RunTime para x64 y x86.

Servidor de IIS- Instalar el IIS con ASP .NET

ADDS: Active Directory Domain Servicies- Instalar el Active Directory Domain Servicies. Luego ejecutar dcpromo.exe para configurar el nuevo dominio. +Esto es necesario para poder instalar el servidor de certificados.+

ADCS: Active Directory Certificate Servicies- Instalar el Active Directory Certificate Servicies con los siguientes componentes, en este orden:Entidad de certificaciónInscripción web de identidad de certificaciónRespondedor en línea (Exclusivo Enterprise Edition)Servicio web de directivas de inscripción de certificados(SCEP) Servicio de inscripción de dispositivos de red (Exclusivo Enterprise)X Servicio web de inscripción de certificados (Exclusivo Enterprise ed.)Más info sobre este sub-rol visitar:http://technet.microsoft.com/en-us/library/cc772393%28WS.10%29.aspx

Servidor SMTP- Instalar el servidor SMTP para el envío anónimo de emailshttp://frontline.sybase.com/support/resolutionDetails.aspx?KBID=7514

iOS Push Notifications Services- Para poder trabajar con dispositivos iOS debemos crear un certificado valido de Apple iOS Push Notifications. Para ello debemos seguir los pasos del documento “Crear un certificado de Apple válido para Afaria 6.6” en el siguiente enlace:https://docs.google.com/document/d/1Lvhq12xknqOxSwXpdb2HusYEhbmbpsB2wfuAgOO-d0w/edit?hl=ca También podeis visitar el doc web de sybase (info original en inglés): http://frontline.sybase.com/support/resolutionDetails.aspx?KBID=6673

CESP de Microsoft- La parametrización del CESP se debe hacer después de realizar todas las

instalaciones, asi que más adelante se informará de que se debe hacer.http://frontline.sybase.com/support/resolutionDetails.aspx?KBID=6823http://frontline.sybase.com/support/resolutionDetails.aspx?KBID=6679  Usuario para Afaria

Creamos usuario admin de afria

Pass: Sybaseadmin01 Añadimos el usuario al grupo de administrators

Revisamos prerequiasitos de Afaria:MS .Net Framworks Runtime 3.5Microsoft C++ Runtime 2008Microsoft XML Core Services 6.0Microsoft windows installer 3.1

En nuestro caso, el framworks lo habilitamos en el server manager dado que es un 2008. El resto lo descargamos de Microsoft y lo instalamos:

(Everis)SQL Server 2008 R2Instalacion SQL server:Instalación de la BBDD en SQL Server Enterprise 2008 R2 edition

Lanzamos el instalador y realizamos los chequeos del sistema:

Le damos al OK y proseguimos la instalación

Next

Next

Instalaremos todos los componentes dado que hemos visto que sino da problemas.

Es muy importatnte seleccionar SQL_ Latin1_general_cp1_ci_as en el collation ya que sino la instalación no funciona.

Next

Sapadmin01

Next

Install

5. When you have finished the installation, enable the Named Pipes and TCP/IP protocol in the SQL Server Configuration Manager as follows:

Choose Start All Programs Microsoft SQL Server 2008 Configuration Tools SQL Server Configuration Manager.

Expand SQL Server Network Configuration and select one of the following:For a default instance, select Protocols for MSSQLServerFor a named instance, select Protocols for <SAPSID>

In the right-hand pane, under Protocol Name, right-click Named Pipes and TCP/IP, and select Enable.

Reiniciamos servicios

Una vez instalado el sql, vamos a crear la bbdd de afaria:

1. Create a database with these attributes:• Datafiles – Automatically Grow File, Unrestricted Filegrowth.• Transaction Log – Minimum size 25 MB, Automatically Grow File, UnrestrictedFilegrowth.

Procedemos borrar la BBDD ccreada y a ejecutar una nueva::

Generamos los roles:2. Create a role called “db_executor” with the execute right.

CREATE ROLE db_executorGRANT EXECUTE TO db_executor

3. For the user you plan to use for Afaria operations with the database, ensure the user hasthese attributes for your Afaria database:• Default schema – dbo• Role – db_ddladmin• Role – db_datawriter• Role – db_datareader• Role – db_executor• Password – does not contain the semicolon (;) character

Generamos el usuario

Configuring the SQL Server Database for OperationsFor Microsoft SQL Server operations, prepare your database environment for sustainabilityand availability.Verify that logs are truncated on checkpoint:1. Right-click the database and select Properties.2. In the Properties window, click the Options tab.3. In the Recovery section, click the Model list box and select Simple.

(Everis)Obteining Apple Certificates for Managing Afaria DevicesOnce per Afaria environment, obtain root and application integration certificates to install inyour Afaria environment, so that any APNS certificates you or your tenant customers installhave a valid chain to the root. You will install the certificates when you are installing andconfiguring for iOS operations.1. Go to the Apple Root Certification Authority site at http://www.apple.com/certificateauthority.2. Download Apple Inc. Root Certificate.3. Download Application Integration.

(Everis)Obtaining a Google API KeyTo create enrollment policies for Afaria device enrollment, the Google URL Shortener APImust be accompanied by an API key that identifies your organization as the calling entity.If you are planning to use TinyURL as your only URL shortening service, you need not have aGoogle API key.1. Go to developers.google.com2. In the Developer Tools group, click API Console.3. After logging in, create a new API project or using an existing project, navigate to the listof all services, and activate the URL Shortener API.4. Navigate to the API Access page, locate the Simple API Access item.5. Record the API key for use in Afaria configuration for enrollment codes.

Instalación afaria:

Procedemos con el setup:

Entering or Updating Your License KeyEnter or update your license key, which defines available setup menu options, any time youreceive a new key.Perform the update on each Afaria server.1. Start the setup program (setup.exe).2. In the Set Up menu, click License Key.3. Type your license key into the key box, then click Licensing Details to review yourlicensing information.The maximum number of concurrent sessions supported per server depends on yourlicensing. The ability to run the maximum number of licensed concurrent sessionsdepends upon the amount of memory, the speed, and number of the processors on yourserver.4. ClickApply to save the license key and return to the setup menu with your licensed optionsavailable.5. On the setup menu, click Install > Install Server and complete the server installation.The reinstallation updates the server as necessary to support the license change.6. Click Next.Usaremos licencia temporal de momento:12500J-RCEB-TGAU-79BY-FHAR-3PZG-YMNM-S58S-C9K2-5KUA-QQHV-LST4-4D5Q-PBXP-TVDG-2GJM-3X6F

Le damos a apply.

Ahora le damos a insrtall

Starting the Setup ProgramStart the Afaria server setup program and install an Afaria server.PrerequisitesInstall, configure, and start your database for Afaria server. Establish a user account forinstalling and operating Afaria server.Task1. Start the setup program (setup.exe).2. On the setup menu, click Install.Installing Afaria ServerInstallation Guide 353. Click Install Afaria Server .The End User License Agreement dialog displays.4. Click Yes or No to indicate your acceptance or rejection, then click Next to continue withthe installation wizard, and specify the server installation type (master or farm) anddirectory.The installation continues only when you accept the agreement.

Procederemos a instalar el SP1En la pagina de Microsoft:

windows6.1-KB976932-X64.exe: esta aplicación instala Sp1 en un equipo de 64 bits que está ejecutando Windows 7 o Windows Server 2008 R2.

Paramos el SQLserver e instalamos el service pack.

Proseguimos con la instalación de afaria

Nos da el error. Descragaremos el visual c++ 2010 sp01 runtimehttp://www.microsoft.com/en-us/download/details.aspx?id=14632Instalamos los componentes que solicita y reintentamos la instalación

Nos pedirá confirmación para crear el nuevo directorio

Installing Afaria API Service and Administrator

Install Afaria API Server and Administrator on either the Afaria server or a different server.1. Start the setup program (setup.exe) in the Afaria installation directory.2. On the setup menu, click Install.3. Click Install Afaria and API Service Administrator, and click Next.4. On the Select Database engine dialog, select the applicable iAnywhere SQL Anywhere orMicrosoft SQL database you configured previously and click Next.

5. On the SQL Anywhere Server Set Up dialog, select a Server Name and confirm theexisting or enter the applicable field values.

All the database fields will be pre-populated if the Afaria server is installed on the samemachine. If not, you will need to enter them manually.

6. On the SQL Anywhere Server Database dialog, enter the Database name and clickNext.

7. On the Directory Selection dialog, change the default install path, if desired and clickNext . Create a directory for the installation if required.

8. On the Service Account dialog, define the domain or local account associated with theAfaria API Service and Administrator Next.

The account credentials should be the same as those used for the Afaria server install.

9. Click Install to start the Afaria API Service installation set up and click Next on theresulting welcome dialog.

10. On the Set Up complete dialog, celect to start the service now or later.The Administrator installation will stop the API Service automatically if required.

Le damos a YES

11. On the Select Virtual Directory dialog, define the virtual directory for AfariaAdministrator in IIS. If you created a directory, select it from the list. If you have notcreated a directory, type the name for the directory to create it.The directory appears in the IIS directory under Default Web Site.

12. On the Select Physical Directory dialog, enter or browse to the Physical directoryto install Afaria Administrator files.If you are installing Afaria Administrator on the same server as the Afaria server, installAfaria Administrator in a different directory.

Creamos el direcotrio del admin:

13. On the Domain Selection dialog, enter the domain for selecting Afaria Administrator usersto administer the Afaria server. To limit selection to only local users, keep <none> as thedomain.

14. On the Ready To Start Installation dialog, click Install to begin the installation. The SetupComplete dialog box opens at completion.

The Afaria Administrator installation will stop the API Service prior to installation, ifrequired.

15. If you receive a message that a file is in use, choose an appropriate action.• Abort – quits the installation.If you are reinstalling and you abort the installation, you may find that some of the fileshave been updated and some have not, leaving the installation in an undesirable state.Re-run the installation program to restore stability and normal operations. If normaloperations do not resume, uninstall the program and install it again.• Retry – close the application using the file specified, and then select Retry to install thefile again. If the installation does not continue, select Ignore.• Ignore – continues the process but requires you to restart the computer to complete theinstallation.You may be prompted to restart your computer when the file copying process iscompleted. After the restart, the installation program continues from the point at whichit was interrupted.

16. On the Setup Complete dialog, and click Finish.

An Afaria Administrator shortcut appears on the desktop.

17. If you used a predefined virtual directory for this installation rather than allowing the setupprogram to create one for you, verify the API Service and Afaria Administrator settings in

the directory before operating the Afaria Administrator program.

Verifying Afaria Administrator IIS Settings

If you used a predefined virtual directory when installing Afaria Administrator (instead ofallowing the setup program to create one for you, or if you are having problem accessingAfaria Administrator from a browser) verify the Afaria API Server and Administrator and IISsettings.1. From the Afaria Administrator, select Start > Administrative Tools > InternetInformation Services (IIS) Management.2. Click the Basic Settings link on the right toolbar.3. In the Edit Application dialog, verify that the physical path is the one you set duringinstallation.4. Open Default Document and verify that default.aspx appears in the list.5. Open Authentication and ensure that only Windows authentication is enabled.6. Click Back and click Browse on the right toolbar.Note: If you have stopped and restarted IIS at any time before opening AfariaAdministrator, ensure that when you restarted IIS that theWWWPublishing Service alsostarted. If it is not started, you can reset IIS, or you can restart it manually. This servicemust be running for you to open Afaria Administrator.

Changing the IIS Connection Timeout ValueChange the IIS connection timeout value to prevent the Afaria server from disconnecting withan inactive browser user. Disconnected sessions can result in data loss.1. From the Afaria home page, select Administrative Tools > Internet InformationServices (IIS) Manager.2. Right-click Default Website on the left pane.3. In the connections section, increase the timeout value to meet your needs, then clickOK.When you change this value, it impacts all the DefaultWeb Site members. Ensure you havedetermined an acceptable value for all sites.

Installing Enrollment Server - BasicTo support device enrollment for Android, BlackBerry, iOS, and Windows Mobile devices,install and configure the Afaria enrollment server. Record the address and virtual directoryvalues as you complete the installation; you will need them for subsequent configurationtasks.Install the server first in its basic implementation, without payload-signing enabled. Payloadsigning is an advanced feature for iOS device support.

1. On the installation image, start the setup program (setup.exe).2. On the setup menu, click Additional Installations and Resources > EnrollmentServer.

3. On the Specify Credentials page, accept or define the account name and password used torun the Afaria service on the Afaria server.The enrollment server uses these credentials to contact the Afaria server for databasecredentials.

4. On the Specify Virtual Directory Names page, accept or define these settings:• Unauthorized virtual directory name – user-defined name, populated with a defaultvalue.The unauthorized directory accepts an initial device connection and processes anyrequired user authentication.• Authorized virtual directory name – user-defined name, populated with a defaultvalue.The authorized directory accepts device connections in the connection series after thedevice connects to the unauthorized directory.

Select on Browse… the same certificate that you have on IIS for HTTPS.

5. On the Specify Server Address page, accept or define the address for the Afaria server.The enrollment server uses this address to reach the Afaria server.

6. On the Specify Certificates for Signing page, unselect Sign Messages to disable thefeature; it is not part of the basic implementation.

7. Only if you are a self-signing entity and managing iOS devices, on the Specify SSLCertificate page, select the certificate that is bound to IIS for SSL.By selecting the certificate, Afaria can traverse the certificate chain and ensure that iOSdevices that need intermediate certificate for operations, get them seamlessly from theenrollment server.Your Apple APNS certificate is not valid for this step.8. Follow the setup wizard to completion.The enrollment server installation is now complete, and you can observe serviceAfariaiPhoneServer in the Windows service list. The installation process also populates theEnrollment Server configuration page with corresponding values if the Afaria server is on thesame server.

Installing Package ServerInstall the package server to deliver Afaria enterprise application packages to Android andiOS devices.Record values as you complete the installation; you will need them for subsequentconfiguration tasks.You can install the package server on the same server as the Afaria Administrator server or on aseparate server.1. On the installation image, start the setup program (setup.exe).2. Click Install.3. On the setup menu, click Additional Installations and Resources > Package Server.4. On the Directory Selection page, accept the default location or click Browse to navigate toa new location.

5. On theWelcome page, click next, accept the default location or click Browse to navigateto a new location.6. On the Specify Credentials page, specify the account name and password used to run theAfaria service on the Afaria server.

The package server uses these credentials to contact the Afaria server for database credentials.7. On the SpecifyVirtual Directory Name, accept the default virtual directory name or type ina new virtual directory name.

UseWindows Authentication – select to requireWindows Authentication for access tothe package server.8. On the Specify Server Address page, type in the IP or fully qualified domain name of theAfaria server.

9. On the Ready to Start Installation page, click Install.10. Follow the wizard to completion.

Configuring Afaria Server for Package ServerConfigure the Afaria server for the package server, without enabling SSL on the HTTPS port,and without enabling relay server.For application onboarding certificate provisioning, the server facilitates obtaining devicecertificates as required from the CA.1. On the Afaria Administrator Server page, click Configuration on the left toolbar, expandthe Component list, and click Package Server.2. Accept or define the virtual directory name, as defined during the package serverinstallation..

3. In the Package Server Direct Access group, accept or define the IP or fully qualified serveraddress devices use to connect to the package server.The address must be externally accessible.4. Click Save.

Configuraciones de AfariaArrancar el Afaria Administrator

Cuando se instaló el Afaria Administrator, se pararon varios servicios.Aseguraros que los siguientes servicios y aplicaciones estan iniciados/as:- Servicio de publicación World Wide Web (WWW Publishing Service)    - Verifica que el IIS esté iniciado.

Ahora configuraremos el Afaria Administrator, y este no necesita que esté ningúno de los servicios siguientes iniciados para funcionar:

- Afaria API    - Afaria Server    - Afaria Client Server    - Afaria IPhoneServer    - Afaria Backend Portal Package Server

Ahora podemos arrancar el Afaria Administrador con el acceso directo del escritorio o desde el IIS Server Manager → Web Server IIS → IIS Administrator → Sites → Default Web... → AfariaSi no funciona, hay que seguir estos pasos:(instrucciones del Windows Server 2003 aplicable al 2008)- Abre el IIS y busque el directorio virtual creado por Administrador Afaria. (el IIS se encuentra en “Mi PC”→ botón derecho → Administrar → Servicios y

aplicaciones)

- Haga clic en el directorio virtual “Afaria” y seleccione Propiedades en el menú contextual. - Asegúrate de que este directorio virtual tiene las siguientes opciones:•      En la Virtual Directory page: Comprueba que es la ruta correcta a la ubicación de Afaria Administrator, y que tiene accceso a lectura y escritura.

•      En la Documents page: Asegúrese de Default.asp cómo Default.aspx aparecen en la lista.•      En la Directory Security page: En el área de autenticación y acceso, haga clic en Editar. En el cuadro de diálogo “Métodos de autenticación”, compruebe que la casilla de verificación acceso anónimo esta desactivado, y que el cuadro de autenticación de Windows integrada está activada.

- Para probar el directorio virtual, seleccione nuevo en IIS y haga clic derecho y seleccione Examinar en el del menú contextual. Esto debería iniciar el navegador, y el Administrador Afaria debería aparecer. Si no aparece, revisa los servicios, alguno estara parado...

Configurando el AfariaConfigurar el servidor (desde el rol Administrador)Pulsamos en “Server configuration → properties” en la cabecera.Pulsamos en “Client communications”. Si solo trabajamos con iOS, NO HACE FALTA activar el HTTP (de momento no arranca con HTTP...). En caso contrario, ponemos un puerto exclusivo para Afaria (p.ej. 6002). Es recomendable no usar ninguno de los puertos conocidos (ni 80, ni 8080, etc).En el caso que la IP no sea directa (por router) aqui pondremos la puerta exterior (por ejemplo el puerto 7002, que por router se redirige al 6002).

Este puerto si que se configura en el cliente, con que es necesario que sea accesible desde el exterior.Más abajo, hay que definir la dirección del SERVER+HOST, con lo cual no vale LOCALHOST. Hay que poner la dirección real tal y como indica la imagen de abajo.

Apunte: para configurar una conexión SSL, abrir el documento “AfariaReferencePlataform.pdf” e ir al apartado “Server SSL Certificate Requirements for Server Authentication” (página 111).

Ahora nos desplazamos a la siguiente carpeta SERVER.Seleccionamos Acces Control Config, miramos que puerto está asignado ( 3010 por defecto ) y lo abrimos para el servidor o en el router.

El siguiente paso es Enrollment Services.Aqui tenemos que seleccionar uno de los dos Enrollment Services.Hay que habilitar al menos un servicio de acortamiento de URL antes de crear las “políticas de matrícula”. Afaria requiere un servicio para acortar direcciones URL de conexión del cliente y crear un código de inscripción para una política.

NOTA: según Sybase, TinyURL no puede ser usado con un Proxy definido en el servidor para conectar a Internet. En ese caso debe usarse Google.Para más información sobre este apartado, puedes leer el archivo “Afaria7_Release_Notes.chm” apartado Installing the Afaria 7 → Configuring URL Shortening Services for Enrollment Policies.

El siguiente paso es verificar la información en el apartado Security.Verifica que los datos sean iguales que en la imagen:Enable auth. debe estar desactivadoClient approval activado.Domain: deber estar asignado el Dominio que hemos creado. En este caso EVERIS.NT default..: EVERISNT assig..: EVERIS

Ahora configuramos el Afaria SMTP.Ponemos como server localhost, usuario Afaria Server y como replica el mismo correo que pusimos anteriormente.

TRUBLES de la instalación

Abrimos nota a sap y dice:Hi,

I recieved your case regarding the ADO errors that you are receivingwhen trying to install Afaria. It looks like you are using the wrongcollation on the Afaria databse. Could you please try creating a newdatabase with a case insensitive collation likeLatin1_general_cp1_ci_as and see if that resolves the issue? Let meknow the results.

Regards,

Nos aparece el error de que no tenemos permisos suficientes en el schema DBO:

Ahora el error ha estado resuelto, pero aparece otro:

Reinstalando la base de datos con todos los componentes y con el collation igual que habíamos puesto ya funciona: