Deploy a discovery service to simplify Windows 10 activations
The following steps describe how to deploy the discovery service web application in the environment described below.
Verify that the following software is installed and running in your environment:
- Windows Server2012 R2
- JavaJRE 1.8 or later
- Apache Tomcat8 Version 8.0 or later
- Configure a static IP address for the computer that will host the discovery service.If you want to allow users to activate devices when they are outside of your organization's network, the IP address must be externally accessible on port 443.
- Create a DNS Host A record for the nameenterpriseenrollment.<that points to the static IP address that you configured in Step 1.email_domain>
- In the directory where you installedApache Tomcat, search the server.xml file for8080and apply comment tags as shown in the example below:<!-- <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> -->
- Searchserver.xmland change all instances of8443to443.
- Search for the<Connector port="443"section, remove the comment tags above and below, and modify it as shown in the example below:<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Users\<account _name>\.keystore" />
- While logged in as the account you specified in the example above, generate a certificate by running the two commands shown in the example below. When asked for your first and last name, typeenterpriseenrollment.<as shown in the step result below:email _domain>C:\Program Files (x86)\Java\jre1.8.0_60\bin>keytool -genkey -alias tomcat -keyalg RSA -keysize 2048C:\Program Files (x86)\Java\jre1.8.0_60\bin> keytool -certreq -alias tomcat -keyalg RSA -file <filename>.csrC:\Program Files (x86)\Java\jre1.8.0_60\bin>keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 Enter keystore password: changeitWhat is your first and last name? [Unknown]:enterpriseenrollment.example.comWhat is the name of your organizational unit? [Unknown]:IT DepartmentWhat is the name of your organization? [Unknown]:Manufacturing Co.What is the name of your City or Locality? [Unknown]:WaterlooWhat is the name of your State or Province? [Unknown]:OntarioWhat is the two-letter country code for this unit? [Unknown]:CAIs CN=enterpriseenrollment.example.com, OU=Business Unit, O=Example Company, L=Waterloo, ST=Ontario, C=CA correct? [no]:yesC:\Program Files (x86)\Java\jre1.8.0_60\bin>keytool -certreq -alias tomcat -keyalg RSA -file <enterpriseenrollment.example.com>.csr Enter key password for <enterpriseenrollment.example.com> (RETURN if same as keystore password):
- Send the certificate signing request to a certification authority. The certification authority will send back a .p7b file. For the example above, the certification authority would return the fileenterpriseenrollment.example.com.p7b.
- If you send the certificate signing request to a major external certification authority, users should not have to take any additional action to trust this certificate during the activation process.
- If you send the certificate signing request to an internal certification authority, users must install the CA certificate on the device before starting the activation process.
- Install the certificate using the command shown in the example below:C:\Program Files (x86)\Java\jre1.8.0_60\bin>keytool -import -trustcacerts -alias tomcat -file <filename>.p7b
- StopApache Tomcat.
- Visit myAccount to download the Auto Discovery Proxy Tool. Extract the contents of the .zip file and runW10AutoDiscovery-.<version>.exeThe .exe file will extract the fileW10AutoDiscovery-to<version>.warC:\BlackBerry.
- In the directory where you installedApache Tomcat, check for the folder\webapps\ROOT. If it already exists, delete the\ROOTfolder.
- RenameW10AutoDiscovery-as<version>.warROOT.war. Move it to the folder\webappsin the directory where you installedApache Tomcat.
- StartApache Tomcat.Apache Tomcatwill deploy the new webapp and create a\webapp\ROOT folder.
- Run notepad.exe as an administrator. In the directory where you installedApache Tomcat, open\webapps\ROOT\WEB-INF\classes\config\wdp.properties.
- Add the Host ID for yourBlackBerry UEMdomain to the linewdp.whitelisted.srpidas shown in the example below. You can find the Host ID for yourBlackBerry UEMdomain in theBlackBerry UEMmanagement console. If you have multipleBlackBerry UEMdomains, specify the Host ID for each one. Perform the following actions:
wdp.whitelisted.srpid=<Host ID>, <Host ID>, <Host ID>
- On the menu bar, clickSettings > Licensing > Licensing summary.
- ClickActivate licenses.
- In theLicensing activation methoddrop-down list, clickHost ID.
- RestartApache Tomcat.