Deploy a discovery service to simplify Windows 10 activations Skip Navigation

Deploy a discovery service to simplify
Windows 10
activations

The following steps describe how to deploy the discovery service web application in the environment described below.
Verify that the following software is installed and running in your environment:
  • Windows Server
    2012 R2
  • Java
    JRE 1.8 or later
  • Apache Tomcat
    8 Version 8.0 or later
  1. Configure a static IP address for the computer that will host the discovery service.
    If you want to allow users to activate devices when they are outside of your organization's network, the IP address must be externally accessible on port 443.
  2. Create a DNS Host A record for the name
    enterpriseenrollment.<
    email_domain
    >
    that points to the static IP address that you configured in Step 1.
  3. In the directory where you installed
    Apache Tomcat
    , search the server.xml file for
    8080
    and apply comment tags as shown in the example below:
    <!-- <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> -->
  4. Search
    server.xml
    and change all instances of
    8443
    to
    443
    .
  5. Search for the
    <Connector port="443"
    section, remove the comment tags above and below, and modify it as shown in the example below:
    <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Users\<
    account _name
    >\.keystore" />
  6. While logged in as the account you specified in the example above, generate a certificate by running the two commands shown in the example below. When asked for your first and last name, type
    enterpriseenrollment.<
    email _domain
    >
    as shown in the step result below:
    C:\Program Files (x86)\Java\jre1.8.0_60\bin>keytool -genkey -alias tomcat -keyalg RSA -keysize 2048
    C:\Program Files (x86)\Java\jre1.8.0_60\bin> keytool -certreq -alias tomcat -keyalg RSA -file <filename>.csr
    C:\Program Files (x86)\Java\jre1.8.0_60\bin>keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 Enter keystore password: changeit
    What is your first and last name? [Unknown]:
    enterpriseenrollment.example.com
    What is the name of your organizational unit? [Unknown]:
    IT Department
    What is the name of your organization? [Unknown]:
    Manufacturing Co.
    What is the name of your City or Locality? [Unknown]:
    Waterloo
    What is the name of your State or Province? [Unknown]:
    Ontario
    What is the two-letter country code for this unit? [Unknown]:
    CA
    Is CN=enterpriseenrollment.example.com, OU=Business Unit, O=Example Company, L=Waterloo, ST=Ontario, C=CA correct? [no]:
    yes
    C:\Program Files (x86)\Java\jre1.8.0_60\bin>keytool -certreq -alias tomcat -keyalg RSA -file <enterpriseenrollment.example.com>.csr Enter key password for <enterpriseenrollment.example.com> (RETURN if same as keystore password):
  7. Send the certificate signing request to a certification authority. The certification authority will send back a .p7b file. For the example above, the certification authority would return the file
    enterpriseenrollment.example.com.p7b
    .
    • If you send the certificate signing request to a major external certification authority, users should not have to take any additional action to trust this certificate during the activation process.
    • If you send the certificate signing request to an internal certification authority, users must install the CA certificate on the device before starting the activation process.
  8. Install the certificate using the command shown in the example below:
    C:\Program Files (x86)\Java\jre1.8.0_60\bin>keytool -import -trustcacerts -alias tomcat -file <
    filename
    >.p7b
  9. Stop
    Apache Tomcat
    .
  10. Visit myAccount to download the Auto Discovery Proxy Tool. Extract the contents of the .zip file and run
    W10AutoDiscovery-
    <version>
    .exe
    .
    The .exe file will extract the file
    W10AutoDiscovery-
    <version>
    .war
    to
    C:\BlackBerry
    .
  11. In the directory where you installed
    Apache Tomcat
    , check for the folder
    \webapps\ROOT
    . If it already exists, delete the
    \ROOT
    folder.
  12. Rename
    W10AutoDiscovery-
    <version>
    .war
    as
    ROOT.war
    . Move it to the folder
    \webapps
    in the directory where you installed
    Apache Tomcat
    .
  13. Start
    Apache Tomcat
    .
    Apache Tomcat
    will deploy the new webapp and create a
    \webapp\ROOT folder
    .
  14. Run notepad.exe as an administrator. In the directory where you installed
    Apache Tomcat
    , open
    \webapps\ROOT\WEB-INF\classes\config\wdp.properties
    .
  15. Add the Host ID for your
    BlackBerry UEM
    domain to the line
    wdp.whitelisted.srpid
    as shown in the example below. You can find the Host ID for your
    BlackBerry UEM
    domain in the
    BlackBerry UEM
    management console. If you have multiple
    BlackBerry UEM
    domains, specify the Host ID for each one. Perform the following actions:
    1. On the menu bar, click
      Settings > Licensing > Licensing summary
      .
    2. Click
      Activate licenses
      .
    3. In the
      Licensing activation method
      drop-down list, click
      Host ID
      .
    wdp.whitelisted.srpid=<
    Host ID
    >, <
    Host ID
    >, <
    Host ID
    >
  16. Restart
    Apache Tomcat
    .