MobileGuard Installation Guide
This guide is for the preparation and installation of MobileGuard’s On Premise application. MobileGuard Installation Guide Version 1.0 rev 7 MobileGuard Overview This guide will prepare your organization for the installation and deployment of MobileGuard’s on premise mobile device monitoring solution. The guide will include the installation of the application on the mobile devices, deployment requirements, configuration of servers, review of Administrative Console and integration of messages with your organization’s archiving system. After completion of the installation/deployment process, the MobileGuard solution will help your organization be in compliance with the electronic communication rules and guidelines set forth by the regulatory agencies of your industry. Hardware, Software & Other Requirements Hardware & Software • • Web Server – Windows Server 2008 R2 Standard or higher, 64 bit Operating System Database Server – Windows SQL server 2008 R2 Web, Standard or Enterprise Note: You may combine the database and web server onto a single machine if the employee count and/or message volume is low, e.g. a single combined server (4GB RAM, 80 GB Disk, 8 Core Processor) can comfortably handle 45,000/messages a day. Configurable to the size of your organization. Other Requirements • • • • • • • • Domain URL must be set-up (Example: mobileguard.YourCompanyDomain.com) SSL Certificate must be purchased for the above domain. And must be installed on the Web server. Two Ports must be open for incoming traffic on the web server (Port 80 & Port 443) Port 443 must be open for outgoing traffic from Web server to access "api.att.com" URL (NetGuard Only) A user such as "MobileGuardUser" must be created to use on the Web Server. This user must also have access to MobileGuard database. Or create an active directory user to be used on the Web server as local admin and must be able to read, write & execute queries on MobileGuard database. Allow Web server to access database server (default MS SQL port is 1433) Allow Web server to access SMTP server (default SMTP port is 25) to send emails to administrators and to archive with Enterprise Vault. Allow Web server to access Active Directory / LDAP server (default ports are 389 & 636) if system needs to get/verify information from LDAP o For AD/LDAP access, the system requires credentials to read data from the AD/LDAP server. o Create following roles/groups in AD to utilize AD credentials by administrators TG_Admin: Super user of MobileGuard system. TG_Auditor: Administrator that can view messages and run reports. TG_Employee_Manager: Cannot view messages but able to add/remove/update empoyees. TG_Integration_Support: Cannot view messages but able to configure archiving integration. MobileGuard Installation Guide Version 1.0 Page 1 • TG_Level_One_Support: Cannot view messages but able to see configuration for 6.empoyees/users. TG_Policy_Manager: Can view/add/update policies. TG_User_Manager: Cannot view messages but able to add/remove/update administrators. Recommend having two partitions (C Drive, D Drive) on the Web Server Determining MobileGuard Features SMS, MMS, Call Logs, GPS Capture and Archive Method. Administrator can turn on/off the particular type of messages to capture from MobileGuard system. Integration method for your Organization’s archiving system. Features There are several optional features available in MobileGuard’s system that allows it to interact with other systems. Most of the features are optional and are only needed if you have a business requirement for the feature. WORM The WORM feature allows the system to write copies of all message sent from the employee devices to a network location. The message will be in raw XML form exactly as it was sent from the device. The system will automatically create a sub-folder layout based on days to aid in searching. This feature can create thousands of small files a day so use only if necessary and configure a path to a second drive (D drive). FTP Integration The system supports FTP integration to and from other systems. The FTP feature integrates directly with the MobileGuard user list and allows a daily download of messages in different formats as well as file uploads from BES servers. The data export feature deposits files on the FTP server every night for the previous day. The format of the files is configurable for each domain and can be simple CSV files or complex XML files. LDAP Integration The normal MobileGuard employee registration process requires the employee to activate their device and then a system administrator approves the activation. These two steps can be automated using the MobileGuard LDAP adapter. MobileGuard Installation Guide Version 1.0 Page 2 The LDAP adapter can query a LDAP server to confirm employees are valid. The system will also query the LDAP server at regular intervals and automatically terminate employees that are no longer found. Network Design The standard installation footprint is to have a single web server receive messages from a company or organization’s mobile devices along with a user interface that is located in your DMZ which is connected to a database server. You can provide a web farm for hosting the web applications if you will have a high volume of employee messages, e.g. a single web server (4GB RAM & 320GB disk) can handle about 40,000/messages a day. The following diagram illustrates the standard MobileGuard on premise network footprint. Employees’ mobile devices will access the web application using a public IP address that is part of the auto-registration process. MobileGuard Installation Guide Version 1.0 Page 3 Private Data Network An organization can avoid exposing MobileGuard to a public IP address if all mobile devices use a private network to access the Internet. Encryption for Data between Carrier and MobileGuard Server All data communication between carrier and MobileGuard is secured using the encryption provided by the SSL Certificate Authority. MobileGuard recommends using a SSL Certificate of 2048 bits for encryption for the web server. Installing the Application The basic infrastructure needed to run the MobileGuard application is a web server and a database server. You may combine the database and web server onto a single machine if the employee count and/or message volume is low. Application User The application will run under a domain account. This domain account, hereafter MobileGuardUser, will be used to access resources on the webserver and access the database. Please create this user in your active directory. Web Server The MobileGuard application runs on Windows 2008 R2 Standard (Full Installation) version. You can install the Enterprise version if you expect to create a server farm on the web server. It is possible to run the web application outside of a domain; however, this will affect your SQL Server authentication mode. Once Windows 2008 R2 has been installed and all updates have been applied, add the following roles and settings; Web Server 1. Open Server Manager, select “Add Role”, and then select “Web Server (IIS)”. 1.1. Select “ASP.NET” under “Application Server”. 1.2. Select “FTP Server”. 1.3. You may select any other options needed for your data center. 2. Open Server Manager, select “Add Feature”, then select “.NET Framework 3.5.1 Features”. 3. Install the 4.5 .NET Framework. 3.1. Currently this can be done using the Microsoft Web Installer: http://www.microsoft.com/en-us/download/confirmation.aspx?id=30653 4. Install Microsoft Report Viewer. 4.1. Currently this can be done using the download at: http://www.microsoft.com/en-us/download/details.aspx?id=6610 MobileGuard Installation Guide Version 1.0 Page 4 5. Create a folder for the MobileGuard application. This can be anywhere on the webserver and our recommended location would be: C:\inetpub\mobileguard. 5.1. Copy contents of \WebApp from MobileGuard installation package to the new folder. 5.2. Give permission to access the new application folder. 5.2.1. Add the IIS IUSR to the folder and confirm “Read & Execute”, “List folder contents”, and “Read” permission. 5.2.2. Add the MobileGuardUser to the folder and confirm “Read & Execute”, “List folder contents”, and “Read” permission. 6. Create the database for the application on your database server. We recommend using SQL Server 2008 for the MobileGuard application. Select a name for your database. It will be referenced later when the connection strings are configured. 6.1. Create a database using your preferred name. 6.2. Run the “database\ OnPremiseInstall.publish.sql” script from the installation package on the new database. 6.3. Run the “database\InsertFeatures.sql” script from the installation package on the new database. 6.4. Give the MobileGuardUser permission to access the new database. 6.4.1. Give the user db_datareader and db_datawriter permission. 7. Create the web application on the web server. 7.1. From IIS Manager, create an application for the MobileGuard application. 7.1.1. Right+Click on Application Pools and select “Add Application Pool”. 7.1.2. Enter “MobileGuardApp” as the Name. 7.1.3. Select “.NET Framework v4.0.30319” as the Framework version. 7.1.4. The pipeline mode must be integrated. 7.1.5. After creating, select “Advanced Settings…” (In the right panel). 7.1.6. Set “Idle Time-out (minutes)” value to 0 to avoid shutting down the web site. 7.1.7. Enter the MobileGuardUser in the Identity entry under Process Model. 7.2. Create the web application. 7.2.1. You may remove the default website if preferred. 7.2.2. Right+click on Sites and select “Add Web Site…”. 7.2.2.1. Enter “MobileGuard” as the site name. 7.2.2.2. Select “MobileGuardApp” for application pool. 7.2.2.3. Select the folder where the application was copied for physical path. 7.2.2.4. You can select “Test Settings…” to make sure everything is ok. 7.2.2.5. You may select any settings for the remaining entries. 7.2.3. Select the new MobileGuard website and double click on Connection Strings from the right panel. 7.2.3.1. You may delete “LocalSqlServer”. MobileGuard Installation Guide Version 1.0 Page 5 7.2.3.2. Go to Start menu > Administrative Tools > Internet Information Service (IIS) Manager. Choose the website from the left, then go to “Connection Strings” and double click to update “ApplicationServices” connection string. Set the “ApplicationServices” value with the following value and replace the server and other information as per your environment. Data Source=.; Initial Catalog=mobile_guard_live; Integrated Security=True; Note: Remember system will be connecting using the identity of “MobileGuardApp” which was created as a User when you created the database. Make sure to keep the same database name in the connection strings as you have set-up in Step 6.1. Also add “”Connection Timeout=120” attribute in connection strings. 7.2.3.3. Go to Start menu > Administrative Tools > Internet Information Service (IIS) Manager. Choose the website from the left then go to “Connection Strings” and double click to update “MobileGuardContext” connection string. MobileGuard system uses a different connection string for reporting. Set the “MobileGuardContext” value with the following value and replace the server and other information as per your environment. metadata=res://*/Model1.csdl|res://*/Model1.ssdl|res://*/Model1.msl;provider =System.Data.SqlClient;provider connection string=" Data Source=.; Initial Catalog=mobile_guard_live; Integrated Security=True; MultipleActiveResultSets=True; App=EntityFramework" Note: Remember system will be connecting using the identity of “MobileGuardApp” which was created as a User when you created the database. Make sure to keep the same database name in the connection strings as you set-up in Step 6.1. Also add “”Connection Timeout=120” attribute in connection string. MobileGuard Installation Guide Version 1.0 Page 6 7.2.4. Select the new MobileGuard website and double click on Application Settings from the right panel. 7.2.4.1. Refer to the Application Settings section to configure the application. 7.2.5. Select the new MobileGuard website and double click on Default Documents from the right panel. 7.2.5.1. Please move ‘default.aspx’ at top position or add default.aspx if it does not exist and move it to top position. 8. Create the Event Log. 8.1. Run a CMD window that has administrator permissions. 8.2. Run “CreateEventLog” from the Utility folder of the installation package. 9. Setup SSL on IIS. 9.1. If you are not using SSL, make sure the Application Setting “UseHTTPS” is set to “False”. 9.2. If you are using SSL: 9.2.1.Install a suitable certificate according to IIS instructions, 9.2.2.Bind the certificate to the MobileGuard website. MobileGuard Installation Guide Version 1.0 Page 7 Application Settings You must change the default application settings to run the server properly. You can edit “Application Settings” under your Website in Internet Information Services (IIS) on your web server. Email Communication Values are automatically inserted into outgoing emails that are useful in linking back to the server. These setting must be set to your environment. ServerAddress The URL to your server as visible to the employee, e.g. the MobileGuard default is http://app.mobileguard.com FtpConnectionPath The FTP URL as visible from the employee’s perspective, e.g. the MobileGuard default is ftp://app.mobileguard.com CompanyName The name of your company CompanyAddress The physical address of your company SupportName Name of the level 1 support group SupportDevice The device number to the level 1 support group MobileGuard Installation Guide Version 1.0 Page 8 SupportEmail The email address to the level 1 support group. Email Server Settings The system uses these SMTP settings to send the archiving emails. These settings are for an account the system can use to send the emails. MailServerName URL to the mail server, e.g. smtp.company.com MailServerPort Port to use for the mail server, e.g. 25 MailUseSSL Flag set to true or false if the connection should be secure. MailAccountName The optional username to log into the mail server. MailAccountPassword The optional password to log into the mail server. MailAccountAddress The “from” email address for the sent emails. MailAccountDisplay The display name for the sent email MailSendToOverride This is an override email address that will receive all email sent from the system. In normal operation this should be blank; however, it can be useful during installation. AlertEmailDestination System send alert to the address when new companies signup. This is used for resellers. DataUploadRootPath This folder is used to process incoming BES logs & if the system needs to export files for the FTP service. The system will look at this location for uploaded files and will write out all export files. The MobileGuardUser must read & write permissions to this folder. This is used when BES Log files are processed and/or messages are exported in files. If you are not using the BES or exporting files using FTP export, it is recommended to set this field to your Drive temporary folder. WORMPath This is the location to store all message communication if you want to store them on the file system. You can set this to blank if you do not want to write the files. The MobileGuardUser must read & write permissions to this folder. At times, the system may need to have a folder name called Conversations within this WORMPath. (For Example: C:\WORMPath\Conversations) MobileGuard Installation Guide Version 1.0 Page 9 WhiteLabel This setting is for reseller hosted instances and should be ignore for on premise installation. UseHTTPS The system will redirect to HTTPS for pages containing passwords or sensitive data. Set this to “false” if you do not have HTTPS enable or do not have a certificate for the server. When “false” all traffic is routed through HTTP WebAppBack, WebAppFront & WarmServer These attributes are used when 2 sites are installed in the environment. The mobile application accesses the WebAppBack site. The administrator or monitoring service (F5 load balancer) accesses the WebAppFront site. For a single server environment, set the value to “true” for WebAppFront and WebAppBack. Set the value of the WarmServer to “false”. For distributed environment where multiple servers are installed: 1) First server set the value to “true” for WebAppFront and WebAppBack. Set value to “false” for WarmServer. 2) For other servers, set the value of the WarmServer to “true”. Set the WebAppFront and WebAppBack values to “false”. Secure Port & UnSecurePort These attributes are used when WebAppBack and WebAppFront are running under the same IIS and require using different ports for SSL and non-SSL access. Default value should be 443 and 80 for the secure port and the unsecure port. MobileGuard Installation Guide Version 1.0 Page 10 Running the Application for the first time The application will initialize the database the first time you access the site. Navigate to the site URL to start up the threads and see the “Run Once” page. This page creates the initial domain in the system and the initial user. The system works by group messages under one or more domain names used as email addresses for the employees. For example, company.com can be used or us.company.com and eu.company.com can work together. Sample value for domain: mobileguard.com. MobileGuard Installation Guide Version 1.0 Page 11 Logging into the Application Log in to the application using the “admin” user name and password to view the “Dashboard”. The dashboard is the landing page for all features and data. MobileGuard Installation Guide Version 1.0 Page 12 Determining MobileGuard Features Administrator has to enable at least one feature from SMS, MMS, Voice Logs, GPS & etc. Administrator can turn on/off particular types of messages to capture from the Administrative console for the mobile application. To set feature go to Dashboard > Admin (top link) > Edit the company ( MobileGuard Installation Guide Version 1.0 ) Page 13 Integration with Active Directory Please enable AD integration. Go to Dashboard > Administrator Settings > Active Directory Settings section > Enable Active Directory and enter Active Directory server & object root. Sample server & object root value: LDAP://localhost:389 Please make sure the Active directory contains the following sevens (7) groups. An administrator must belong to a particular group (be a member of a group) to have the required permissions to access the MobileGuard system. 1. TG_Admin Super user of MobileGuard system. 2. TG_Auditor Administrator that can view messages and run reports. 3. TG_Employee_Manager Cannot view messages but able to add/remove/update empoyees. 4. TG_Integration_Support Cannot view messages but able to configure archiving integration. 5. TG_Level_One_Support Cannot view messages but able to see configuration for 6. empoyees/users. 6. TG_Policy_Manager Can view/add/update policies. 7. TG_User_Manager Cannot view messages but able to add/remove/update administrators. MobileGuard Installation Guide Version 1.0 Page 14 Integration with LDAP Please enable LDAP integration. Go to Dashboard > Employee Settings > LDAP Integration section > Enable LDAP integration > and Enter appropriate values. Please check all three boxes for LDAP Auto-Registration (Automatically register found employees, Automatically approve found employee, Automatically terminate missing employee). MobileGuard Installation Guide Version 1.0 Page 15 Integration with CRM Web Service Please enable CRM Web Service integration. Go to Dashboard > Employee Settings Integration section > Enable this service and enter appropriate values. Select Type of service to MS from drop down. Sample Server address (URL): http://dd783c1n12:9993 > CRM MobileGuard Installation Guide Page 16 Version 1.0 Integration with Archiving System Please enable SMTP Archiving Service. Go to Dashboard > Integration Settings > SMTP Message Export Settings > SMTP Message Export section > Enable SMTP Message Export and enter appropriate values. Select the archiving format to None. Check the box “Use RFC 2822 for email format” and enter “Export RFC 2882 Format Department” value. MobileGuard Installation Guide Version 1.0 Page 17 Add Custom SMTP server for reporting emails Please add a SMTP server for reporting/email alerts. Go to Dashboard > Integration Settings > SMTP Message Export Settings > Reporting SMTP Settings section > Enable Use custom SMTP for reporting and enter appropriate values. MobileGuard Installation Guide Version 1.0 Page 18 Employee Registration Settings Please set Employee registration settings. Go to Dashboard > Employee Settings > Employee registration section: Please set Mode to Open registration. Check all three boxes (Automatically change status to Active, Automatically change status to Register, Do not send activation email to employee). MobileGuard Installation Guide Version 1.0 Page 19 Add Support Information for Mobile Devices Please set the Mobile support information for employee’s mobile devices. Go to Dashboard > Mobile Devices Settings > Mobile support information section: Enter Support Contact Name, Device number, and Email address. Check “Forward device report in email” box and submit. This Contact will receive device information in email log. MobileGuard Installation Guide Version 1.0 Page 20 Enable System Alert (Operation Team) Please enable Operation team alerts. Go to Dashboard > Expand Report > Expand System Report > Operation Team Settings section: Enter the email to receive alerts. Set the time interval for the alerts. Check both boxes (Missing email domain alert & Missing LDAP employee alert) Enable Daily Missed Heartbeat Report Please enable Daily Missed Heartbeat alerts. Go to Dashboard > Expand Report > Expand System Report > Missed Heartbeat Report Settings section: Check the box “Enable daily missed heartbeat report”. Enter the email to receive alerts. If an administrator needs a report at any time, they may “Generate Manual Report”. Missed Heartbeat Report Log will show the status of the service with time stamp. MobileGuard Installation Guide Version 1.0 Page 21 Missed Heartbeat Report Add BES Database Entry A Company may want to cross-check the Missed Heartbeats with a device’s BES Connection status. Go to Dashboard > Expand Report Report Settings > Expand System Report > Missed Heartbeat > Add BES Database Entry. Enter a “friendly” name for the specific BES that is being referenced. Then Add the BES Connection String and Submit. BES Database List The Administrator will see a list of the BES servers being utilized for cross-checking purposes. An Administrator may update this list. Enable SMTP Message Count Alert Please enable daily SMTP Message Count alert. Go to Dashboard > Expand Report > Expand System Report > Operation Team Settings section: Check the box “Enable SMTP daily report”. Enter the email to receive alerts. Submit. MobileGuard Installation Guide Version 1.0 Page 22 Troubleshooting There are two places to check for errors. Please check the Event Viewer and look under the Administrator’s view in order to see the errors caught by the operating system. You may also visit our support system at http://support.mobileguard.com to view tips and submit a ticket. Here are the following Event ID Codes: Low Priority Error Code 1 = Login: In the case of any exception or error in the login process Problem: This error occurs during the login process. Solution: 1. Make sure the MobileGuard website user can access the database server. In the case of a timeout, the database server must be accessible with minimum delay. Use the command prompt and send a Ping to the database server and find out the connection delay between the MobileGuard server and database server. 2. Make sure that the Active Directory is accessible from the MobileGuard server. Also, the Active Directory must be accessible to the USER who is assigned in the application pool to the MobileGuard website. Low Priority Event Code 2 = LoginAD: In the case of any exception or error in the active directory validation process Problem: This error may occur during the Active Directory validation process. Solution: 1. Make sure that the Active Directory is accessible from the MobileGuard server. 2. Make sure that the Active Directory is accessible to the USER who is assigned in the application pool to the MobileGuard website. Low Priority Event Code 3 = GLogin: In the case of any exception or error in the ghost login process. Problem: Solution: Low Priority Event Code 4 = WormPath: In the case of any exception or error in zipping/processing Worm files. Problem: Solution: Critical Event Code 11 = MessageWebProcess: In the case of an exception or error in the processing of a request Problem: The server has failed to process a HTTP request that was received from the device or MobileGuard Installation Guide Version 1.0 Page 23 application. Solution: The request was not processed because it contained invalid data or most likely was corrupted during the transmission. In this case, the server responds with a failed status and the application resends the data. The application will send the data over and over (tries every 10 minutes) until the request is processed successfully. This error can be ignored in the following cases: 1. Connection Timeout exception 2. Thread abort exception Otherwise, please open a support ticket. Critical Event Code 12 = MessageQueueProcess: In the case of an exception or error in processing of a message Problem: The service failed to process a queued message, most likely due to: 1. Failed to communicate properly with database server. 2. A database action is taking a longer time to execute Solution: 1. In the case of a timeout, the database server must be accessible with minimum delay. Use the command prompt and send a PING to the database server and find out if there is a connection delay between the MobileGuard server and the database server. 2. A transaction may take too much time and fail to execute. Increase the transaction execution time from 30 seconds to 120 seconds or more in database connection string. Under IIS>MobileGuard Website>Connection String 3. The error would be critical if this is occurring very frequently. Make sure that the server machine can access the database server. Critical Event Code 18 = ConversationService: In the case of any exception or error in closing the conversation service Problem: The service has failed to close a conversation which is essential to export messages to the archiving system. This may be due to: 1. A database transaction is taking a longer time to execute. 2. Failed to communicate properly with database server. 3. An internal bug that is causing this problem. Solution: 1. In the case of a timeout, the database server must be accessible with minimum delay. Use the command prompt and send a PING to the database server and find out if there is a connection delay MobileGuard Installation Guide Version 1.0 Page 24 between the MobileGuard server and the database server. 2. A transaction may take too much time and fail to execute. Increase the transaction execution time from 30 seconds to 120 seconds or more in database connection string. Under IIS>MobileGuard Website>Connection String 3. If this error occurs frequently, please open a support ticket. Critical Event Code 21 = SMSExport: In the case of any exception or error in SMTP message export service Problem: The service has failed to export messages to archiving. Solution: 1. Make sure the SMTP server settings are correct under IIS MobileGuard Website application settings. Also, make sure the MobileGuard server has no restrictions sending an email to the SMTP server. 2. Make sure the destination address and other settings are correct in SMTP Message Export. Go to Dashboard > Expand Integration > SMTP Messages Export (gear) settings. Verify settings. 3. Verify the settings by sending an email to the destination address (from step 2) using the SMTP server (from step 1) via command prompt. Visit http://support.microsoft.com/kb/153119/en-us for "Telnet to Port 25 to Test SMTP Communication" Low Priority Event Code 22 = SMSExportReport: In the case of any exception or error in the SMTP report service Problem: An error has occurred in a service while generating the SMS message count report. Solution: 1. Make sure the custom SMTP server settings are correct. To verify go to Dashboard > Integration > SMTP Message Export (gear) settiings > verify "Reporting SMTP Settings" values. 2. Make sure the destination email is a valid email address. Go to Dashboard > Reports > System Reports > SMTP Message Count Report Settings > verify "SMTP daily report destination" value. 3. Make sure the custom SMTP server is accessible from the MobileGuard server. Verify the settings by sending an email to the destination address (from step 2) using the SMTP server (from step 1) via command prompt. Visit http://support.microsoft.com/kb/153119/en-us for "Telnet to Port 25 to Test SMTP Communication". Low Priority Event Code 23 = GeneralReport: In the case of any exception or error in the reporting emails. Problem: An error has occurred in a service while generating the SMS message count report. Solution: 1. Make sure the custom SMTP server settings are correct. To verify go to Dashboard > Integration > SMTP Message Export (gear) settiings > Verify "Reporting SMTP Settings" values. 2. Make sure the destination email is a valid email address. Go to Dashboard > Reports > System Reports MobileGuard Installation Guide Version 1.0 Page 25 > Operation Team Settings > Verify "SMTP daily report destination" value. 3. Make sure the custom SMTP server is accessible from the MobileGuard server. Verify the settings by sending an email to the destination address (from step 2) using the SMTP server (from step 1) via command prompt. Visit http://support.microsoft.com/kb/153119/en-us for "Telnet to Port 25 to Test SMTP Communication". Low Priority Event Code 26 = BESIntegration: In the case of any exception or error when system checks the BES database. Problem: An error has occurred in a service which accesses the BES database. Solution: 1. Make sure that BES databases credentials are valid and have not expired. To update the BES database, go to Dashboard > Reports > System Reports > Missed Heartbeat Report Settings > Click on setting icon (gear) and update the BES database. 2. Make sure that all BES databases can be accessible from the MobileGuard server using the USER account which is used in application pool for MobileGuard website. To see the BES databases list, go to Dashboard > Reports > System Reports > Missed Heartbeat Report Settings > Click on setting icon (gear) to see the BES databases list. Critical Event Code 31 = LDAP: In the case of any exception or error in LDAP process to register an employee Problem: The service has failed to communicate with LDAP server. Solution: 1. Make sure the LDAP settings are correct in LDAP Integration. Go to Dashboard > Employee (gear) settings. Verify LDAP settings. 2. Make sure the LDAP server is accessible from the MobileGuard server. Critical Event Code 36 = LDAPTerminate: In the case of any exception or error in the LDAP termination process Problem: The service has failed to lookup a record in the LDAP server. Solution: 1. Make sure the LDAP settings are correct in LDAP Integration. Go to Dashboard > Employee (gear) settings. Verify LDAP settings. 2. Make sure the LDAP server is accessible from the MobileGuard server. Low Priority Event Code 41 = CRM: In the case of any exception or error in the CRM web service Problem: An error has occurred during CRM interaction. Solution: 1. Verify that the CRM service path is valid. To see/update the CRM service path, go to Dashboard > Employee settings (gear) > CRM Integration > Check "Type of service" & "Service address (URL)" values. MobileGuard Installation Guide Version 1.0 Page 26 2. Make sure the service request and response is still valid. Below is a sample of a server: Type = Proprietary (MS) Request Sample: <?xml version="1.0"?> <SOAP-Env:Envelope xmlns:SOAP-Env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:msdwHdr="http://xml.msdw.com/ns/appmw/soap/1.0/header"> <SOAP-Env:Body> <Lookup xmlns="http://xml.msdw.com/ns/appmw/MobileEng/1.0"><Message>19178815721</Message></Lookup> </SOAP-Env:Body> </SOAP-Env:Envelope> Response Sample: <?xml version="1.0"?> <SOAP-Env:Envelope xmlns:SOAP-Env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:msdwHdr="http://xml.msdw.com/ns/appmw/soap/1.0/header"> <SOAP-Env:Header xmlns:msdwHdr="http://xml.msdw.com/ns/appmw/soap/1.0/header"> <msdwHdr:ServiceID>Lookup</msdwHdr:ServiceID> <msdwHdr:Timestamp>1367341845000</msdwHdr:Timestamp> </SOAP-Env:Header> <SOAP-Env:Body> <Lookup Response xmlns="http://xml.msdw.com/ns/appmw/MobileEng/1.0">email,fname,lname,devicenumber</Lookup> </SOAP-Env:Body> </SOAP-Env:Envelope> The second place to check for errors is the “syslog” table in the database. This table records many incidents in the system. Level 1 and level 2 entries in syslog are information only entries, whereas level 0 entries are critical errors. The Level 0 entries are also recorded in the MobileGuard event list. To see syslog, go to Dashboard > Admin (top link) > Admin Menu section > System Log. MobileGuard Installation Guide Version 1.0 Page 27
© Copyright 2026