ESET Online Help

Search English
Select the category
Select the topic

Install ESET PROTECT Mobile Device Connector (Standalone)

warning

ESET PROTECT Mobile Device Management/Connector (MDM/MDC) component (on-premises only) reached End of Life in January 2024. Read more. We recommend that you migrate to Cloud MDM.

To install Mobile Device Connector as a standalone tool, on a different computer than ESET PROTECT Server, complete following steps.

warning

Mobile Device Connector must be accessible from the internet so that mobile devices can be managed at all times regardless of their location.

note

Take into account that a mobile device communicates with Mobile Device Connector which inevitably affects usage of mobile data. This applies especially to roaming.

Follow the steps below to install Mobile Device Connector on Windows:

1.Please read the prerequisites first and make sure all are met.

2.Double-click the installation package to open it, select Install and click Next.

package_installation_select

3.Select the Participate in product improvement program check box to send anonymous telemetry data and crash report to ESET (OS version and type, ESET product version and other product-specific information).

4.After accepting the EULA, click Next.

5.Select only the check box next to Mobile Device Connector (Standalone). ESET PROTECT Mobile Device Connector requires a database for operation. Select Microsoft SQL Server Express if you want to install the database, or leave the check box empty. If you would like to connect to an existing database, you will have the option to do so during installation. Click Install to proceed with the installation.

package_installation_mdm

6.If you installed the database as part of this installation in step 5, the database will now be installed automatically and you can skip to step 8. If chose not to install a database in step 5, you will now be prompted to connect the MDM component to your existing database.


note

You can use the same database server you are using for the ESET PROTECT database, but we recommend that you use a different DB server if you are planning to enroll more than 80 mobile devices.

7.The installer must connect to an existing database that will be used by Mobile Device Connector. Specify the following connection details:

Database: MySQL Server/MS SQL Server/MS SQL Server via Windows Authentication

ODBC Driver: MySQL ODBC 5.1 Driver/MySQL ODBC 5.2 Unicode Driver/MySQL ODBC 5.3 Unicode Driver/MySQL ODBC 8.0 Unicode Driver/SQL Server/SQL Server Native Client 10.0/ODBC Driver 11 for SQL Server/ODBC Driver 13 for SQL Server/ODBC Driver 17 for SQL Server/ODBC Driver 18 for SQL Server

Database name: We recommend using the pre-defined name or changing it if required.

Hostname: hostname or the IP address of your database server

Port: used for connection to the database server

Database admin account Username/Password

Use Named Instance - If you use a Microsoft SQL database, you can select the Use Named Instance check box to use a custom database instance. You can set it in the Hostname field in the form HOSTNAME\DB_INSTANCE (for example, 192.168.0.10\ESMC7SQL). For a clustered database, use only the cluster name. If this option is selected, you cannot change the database connection port - the system will use default ports determined by Microsoft. To connect the ESET PROTECT Server to the Microsoft SQL database installed in a Failover Cluster, type the cluster name in the Hostname field.

mdm_setup07

8.If the connection was successful, you will be prompted to verify that you want to use the provided user as a database user for ESET PROTECT MDM.

9.After the new database is successfully installed, or the installer successfully connected to the existing database, you can proceed with the MDM Installation. Specify your MDM hostname: this is the public domain or public IP address of your MDM server as it is reachable by mobile devices from the internet.

MDM hostname must be typed in the same form it appears in your HTTPS Server certificate, otherwise the iOS mobile device will refuse to install the MDM Profile. For example, if there is an IP address specified in the HTTPS certificate, type in this IP address into the MDM hostname field. If an FQDN is specified (for example, mdm.mycompany.com) in the HTTPS certificate, type this FQDN in the MDM hostname field. Also, if a wildcard * is used (for example, *.mycompany.com) in the HTTPS certificate, you can use mdm.mycompany.com in the MDM hostname field.

warning

Be very careful what you fill in the MDM Hostname filed in this step of installation. If the information is incorrect, or in a wrong form, the MDM Connector will not work properly and the only way to fix it will be re-installation of the component.

mdm_setup03

10. In the next step, verify the connection to the database by clicking Next.

11. Connect the MDM Connector to the ESET PROTECT Server. Fill in the Server host and Server port required for connection to the ESET PROTECT Server and select either Server Assisted installation or Offline Installation to proceed:

Server assisted installation - Provide ESET PROTECT Web Console administrator credentials and the installer will download the required certificates automatically. Also check the permissions required for server-assisted installation.

1.Type your Server host - name or IP address of your ESET PROTECT Server and Web Console port (leave default port 2223 if you are not using custom port). Also, provide Web Console administrator account credentials - Username/Password.

2.When asked to Accept the Certificate, click Yes. Continue to step 11.

Offline installation - Provide a Proxy certificate and Certification Authority which can be exported from ESET PROTECT. Alternatively, you can use your custom certificate and appropriate Certification Authority.

1.Click Browse next to the Peer certificate and navigate to the location of your Peer certificate location (this is the Proxy certificate you have exported from ESET PROTECT). Leave the Certificate password text field blank as this certificate does not require a password.

2.Repeat the procedure for Certificate Authority and continue to step 11.

note

If you are using custom certificates with ESET PROTECT (instead of the default ones that were automatically generated during ESET PROTECT installation), these should be used when you are prompted to supply a Proxy certificate.

12. Specify the destination folder for Mobile Device Connector (we recommend using the default), click Next > Install.

After the MDM installation is finished, you will be prompted for an Agent installation. Click Next to start the installation and accept the EULA if you agree with it and follow these steps:

1.Type the Server host (hostname or IP address of your ESET PROTECT Server) and Server port (the default port is 2222, if you are using a different port, replace the default port with your custom port number).

important

Make sure the Server host matches at least one of the values (ideally be FQDN) defined in Host field of the Server certificate. Otherwise you will get an error saying "Received server certificate is not valid". The only exception is when there is a wildcard (*) in Server certificate Host field, which means it will work with any Server host.

2.If you are using proxy, select the check box Use Proxy. When selected, the installer will continue with offline installation.

note

This proxy setting is used only for (replication) between ESET Management Agent and ESET PROTECT Server, not for the caching of updates.

Proxy hostname: hostname or IP address of the HTTP Proxy machine.

Proxy port: default value is 3128.

Username, Password: type the credentials used by your proxy if it uses authentication.

You can change proxy settings later in your policy. Proxy must be installed before you can configure an Agent - Server connection via Proxy.

3.Select one of the following installation options and follow the steps from the appropriate section below:

Server assisted installation - You will need to provide ESET PROTECT Web Console administrator credentials (installer will download the required certificates automatically).

Offline installation - You will need to provide an Agent certificate and a Certification Authority which can be both exported from ESET PROTECT. Alternatively, you can use your custom certificate.

To continue server-assisted Agent installation follow these steps:

1.Type the hostname or IP address of your ESET PROTECT Web Console (same as ESET PROTECT Server) in the Server host field. Leave Web Console port set to the default port 2223 if you are not using custom port. Also, type your Web Console account credentials in the Username and Password fields. To log in as a domain user, select the check box next to Log into domain.

important

Make sure the Server host matches at least one the values (ideally be FQDN) defined in Host field of the Server certificate. Otherwise you will get an error saying "Received server certificate is not valid". The only exception is if there is a wildcard (*) in Server certificate Host field, which means it will work with any Server host.

You cannot use a user with two-factor authentication for server-assisted installations.

2.Click Yes when asked if you want to accept the certificate.

3.Select Do not create computer (computer will be created automatically during the first connection) or Choose custom static group. If you click Choose custom static group you will be able to select from a list of existing Static groups in ESET PROTECT. The computer will be added to the group you have selected.

4.Specify a destination folder for the ESET Management Agent (we recommend that you use the default location), click Next and then click Install.

To continue offline Agent installation follow these steps:

1.If you selected Use Proxy in the previous step, provide the Proxy hostname, Proxy port (the default port is 3128),Username and Password and click Next.

2.Click Browse and navigate to the location of your Peer certificate (this is the Agent certificate you exported from ESET PROTECT). Leave the Certificate password text field blank as this certificate does not require a password. You do not need to browse for a Certification Authority - leave this field empty.

note

If you are using a custom certificate with ESET PROTECT (instead of the default ones that was automatically generated during ESET PROTECT installation), use your custom certificates accordingly.

 

warning

The certificate passphrase must not contain the following characters: " \ These characters cause a critical error during the initialization of the Agent.

 

3.Click Next to install to the default folder or click Change to choose another folder (we recommend that you use the default location).

After the installation is complete, check to see if Mobile Device Connector is running correctly by opening https://your-mdm-hostname:enrollment-port (for example https://mdm.company.com:9980) in your web browser or from a mobile device. If the installation was successful, you will see following message:

mdm_check

You can now activate MDM from ESET PROTECT.