good connect 2 - blackberryhelp.blackberry.com/en/good-connect-administrators/2.1/install...2.4...

Good Connect 2.1

Server Installation and Administration Guide for Microsoft OCS 2007 R2 March 18, 2013

Good Connect: Server Installation and Administration Guide for Microsoft OCS 2007 R2 2.1 of 36

Table of Contents 1 Overview .............................................................................................................. 3

2 Requirements ....................................................................................................... 4

2.1 System and network requirements ................................................................ 4

2.2 Good Dynamics requirements ....................................................................... 5

2.3 Microsoft .NET Framework 3.5 Service Pack 1, or later service packs ......... 5

2.4 Microsoft Unified Communications Managed API 2.0 SDK (64-bit) .............. 5

2.5 A SSL certificate ........................................................................................... 6

2.6 The Good Connect Database ..................................................................... 11

2.6.1 Setting up Oracle XE database ............................................................ 12

2.6.2 Setting up Microsoft SQL Server 2008 R2 ........................................... 12

3 Provisioning the Good Connect Servers with Microsoft OCS ............................. 14

4 Installing the Good Connect Server ................................................................... 17

4.1 Good Connect Server Windows Service ..................................................... 24

4.2 APNS Web Proxy Support .......................................................................... 25

4.2.1 Setting the configuration parameters ................................................... 26

4.2.2 Storing the user credentials ................................................................. 26

4.3 Configuring the Good Connect Server to use the Global Catalog ............... 27

5 Repairing/Upgrading the Good Connect Server ................................................. 28

5.1 Repairing the Good Connect Server ........................................................... 28

5.2 Upgrading from 1.2 Good Connect Deployment ......................................... 28

5.3 Upgrading from 2.1 Good Connect Deployment ......................................... 28

6 Administering the Good Connect Server ............................................................ 29

6.1 The server configuration file ........................................................................ 29

7 Configuring Good Control .................................................................................. 32

7.1 Entering the Good Connect Server Pool information and IM platform type . 32

7.2 Listing the approved Good Connect Server hostnames and ports .............. 33

7.3 Enabling Disclaimer Text (Optional) ............................................................ 33

A. Troubleshooting ................................................................................................. 35

Legal Notice .............................................................................................................. 36


1 Overview This manual provides step-by-step instructions for installing version 2.1 of the Good Connect Server in your OCS 2007 R2 environment. Be sure to carefully read and confirm that you meet all the listed requirements before you start the installation.

There is also a detailed administration portion of this document for your reference after you finish installing the server.

The following diagram shows how the Good Connect Server works with both the enterprise IM infrastructure and the Good Dynamics (GD) servers behind the enterprise firewall. The Good Connect server communicates with the Good Dynamics Network Operation Center (NOC) to securely communicate with the mobile device.


2 Requirements This section lists the requirements for the Good Connect Server software.

Warning If you don’t install the required software, or fail to configure them correctly before starting the installation of the Good Connect Server, the Good Connect Server may fail or may behave in an unexpected manner.

2.1 System and network requirements You must meet the following requirements before installing the Good Connect server.

Note: The Good Connect Server does not support Microsoft OCS 2007. You must use Microsoft OCS 2007 R2.

• Microsoft Windows Server 2008 SP2 (64-bit) or Microsoft Windows Server 2008 R2 (64-bit)

• 4GB of RAM.

• 20+ GB disk.

• 4 core processor to support 10,000 concurrent connections.

• The installing user must have local administrative privileges on the host computer.

• The Good Connect Server must be in the same domain as Microsoft OCS 2007 R2.

• The Good Connect Server must be able to communicate with the Microsoft Active Directory.

• The local Windows Firewall must be disabled.

Note: A Group Firewall Policy causes the installer to fail prerequisite checks, even if the local firewall is disabled.

• Disable Local anti-virus software during the install.

• The following inbound ports must not be blocked by any firewall:

o 8080 from the Good Proxy server

o 49555 from OCS 2007 R2 Server

• The following outbound ports must not be blocked by any firewall:

o 80 to the Good Technology NOC/Apple Push Notification Service

o 443 to the Good Technology NOC/Apple Push Notification Service

o 5060 to the OCS 2007 R2 server

o 5061 to the OCS 2007 R2 server

o 17080 to the Good Proxy server

o 17433 to the Good Proxy server

• Good Connect also requires TCP/IP port access to the database used.

o 1433 to the Microsoft SQL server default.

o 1521 to the Oracle XE server default


2.2 Good Dynamics requirements • At least version 1.3.26.40 of the Good Control server

• At least version 1.3.26.10 of the Good Proxy server

You can download the Good Dynamics servers here: https://begood.good.com/docs/DOC-1053

2.3 Microsoft .NET Framework 3.5 Service Pack 1, or later service packs • Windows Server 2008 SP 2

Download Microsoft .NET Framework 3.5 here: http://www.microsoft.com/en-us/download/details.aspx?id=21

• Windows Server 2008 R2

Enable Microsoft .NET Framework 3.5 feature using Server Manager.

2.4 Microsoft Unified Communications Managed API 2.0 SDK (64-bit) The UCMA 2.0 SDK (UcmaSdkWebDownload.msi) can be downloaded here:

http://www.microsoft.com/en-us/download/details.aspx?id=9781

UcmaSdkWebDownload.msi will expand its contents in C:\Microsoft Unified Communications Managed API 2.0 SDK Installer package\

UcmaSdkWebDownload.msi will install a number of additional installers as part of the SDK. Only the following four individual components of the UCMA SDK are required for Good Connect Server. Please install them in the order listed here.

• Microsoft SQL Server Native Client C:\Microsoft Unified Communications Managed API 2.0 SDK Installer package\amd64\sqlncli_x64.msi

• Microsoft Visual C++ Redistributable C:\Microsoft Unified Communications Managed API 2.0 SDK Installer package\amd64\vcredist_x64.msi

• Microsoft UCMA Redistributable C:\Microsoft Unified Communications Managed API 2.0 SDK Installer package\amd64\Setup\UcmaRedist.msi

• Microsoft OCS 2007 R2 Core Components (OCSCore) C:\Microsoft Unified Communications Managed API 2.0 SDK Installer package\amd64\Setup\OCSCore.msi

https://begood.good.com/docs/DOC-1053




2.5 A SSL certificate The Good Connect Server must form a mutual trust relationship for MTLS communications with the Lync server. Mutual trust requires a SSL certificate which meets the following criteria:

• The private certificate which is issued by a trusted CA must be stored in the Good Connect computer's Console Root\Certificates local_host_name\Personal\Certificates folder.

• Both the computer’s private certificate and the Lync server’s internal computer certificate must be trusted by root certificates in the Good Connect computer’s Console Root\Certificates local_host_name\ Trusted Root Certification Authorities \Certificates folder.

• Any intermediate certificates for both the Good Connect Server’s private certificate and the Lync server’s internal computer certificate must be located in the Good Connect computer's Console Root\Certificates local_host_name\ Trusted Root Certification Authorities \Certificates folder.

• The account used to run the Good Connect server application must have read access to the certificate store and the private key.

• The Subject Name (SN) of the certificate must contain the Common Name (CN) for the Good Connect server's fully-qualified domain name such as “CN=server.subdomain.domain.tld”.

• The certificate must be signed by by a CA that is mutually-trusted by both the Lync server and the Good Connect server.

The following Lync documentation details SSL Certificate requirements:

http://msdn.microsoft.com/en-us/library/lync/hh347354.aspx

The following steps explain how to create a certificate for your Good Connect Server through your Enterprise Certificate Authority.

1. Launch the Microsoft Management Console (MMC).

2. Select File -> Add/Remove Snap-in -> Select Certificate.

3. Select Computer Account, Next, Local Computer, Finish

4. Select Certificates -> Personal -> Certificates. Note that the final Certificates option is only available if there is at least one certificate in the MMC. If not, just select Personal.

http://msdn.microsoft.com/en-us/library/lync/hh347354.aspx


5. Select Actions -> All Tasks -> Request New Certificate.

6. Click Next when the Certificate Enrollment wizard displays the Before You Begin screen.

7. Select Active Directory Enrollment Policy in the next screen and click Next.


8. Select Computer as the type of certificate and click Enroll.

9. Click Finish when the enrollment process succeeds. The MMC now lists the new certificate. If you don’t see the new certificate, expand the tree view in the left-hand pane by clicking Console Root -> Certificates (Local Computer) -> Personal -> Certificates.


10. Verify that your new certificate lists the fully qualified domain name of your Good Connect Server in the Subject attribute of your newly issued certificate as shown below. This is the default behavior of the Certificate Authority. However, if your CA uses custom certificate templates, an administrator may need to explicitly add that field for inclusion.


11. Right click on the newly created certificate and select More Actions -> All Tasks -> Manage Private Keys.

12. Click Add in the Security tab of the Permissions dialog box to see the Select Users, Computers, Service Accounts or Groups dialog box.

13. Enter the Good Connect service account and click OK to grant permission to this certificate’s private key.

14. Click OK in the Permissions dialog box.


2.6 The Good Connect Database As of version 2.1, Good Connect server requires a relational database, either existing in your environment or installed per this document. The currently supported databases are Oracle and Microsoft SQL Server.

A database must be installed and prepared before you start the Good Connect Server installation.

SQL scripts must be executed before you start the Good Connect Server installation. These scripts can be found in the zip file containing the Good Connect installer.

Microsoft and Oracle have visual and command line tools to assist you with database and schema creation (Microsoft Management Studio, sqlcmd, Oracle SQL Developer, sql*plus etc).

Supported Oracle Versions

Oracle 10g (Standard/Enterprise) Oracle 11g (Express/Standard/Enterprise)

Download Oracle 11g Express http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html Download Oracle ODAC (Client libraries, 64-bit ODAC 11.2 Release 5 for Windows x64) *You must to install client libraries on the Good Connect Server http://www.oracle.com/technetwork/database/windows/downloads/index-090165.html Supported Microsoft SQL Server Versions

SQL Server 2008 (Express/Standard/Enterprise) SQL Server 2008 R2 (Express/Standard/Enterprise)

Download MS SQL Server 2008 R2 Express http://download.microsoft.com/download/5/5/8/558522E0-2150-47E2-8F52-FF4D9C3645DF/SQLEXPRWT_x64_ENU.exe

http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html

http://www.oracle.com/technetwork/database/windows/downloads/index-090165.html

http://download.microsoft.com/download/5/5/8/558522E0-2150-47E2-8F52-FF4D9C3645DF/SQLEXPRWT_x64_ENU.exe

http://download.microsoft.com/download/5/5/8/558522E0-2150-47E2-8F52-FF4D9C3645DF/SQLEXPRWT_x64_ENU.exe


2.6.1 Setting up Oracle XE database Prior to running the installer, you must create a schema named “GoodConnect” in your instance as well as a user account with privileges for executing schema, store procedures and creating table for said schema.

1. Start the Run SQL Command Line Program:

Start Menu > All Programs > Oracle Database Express Edition > Run SQL Command Line

Enter ‘connect system’ and provide password when prompted to do so

2. Run the following commands:

create user GoodConnect identified by password; grant connect, resource to GoodConnect; alter user GoodConnect default role all; grant create table to GoodConnect; @<unzip directory>\Sql\Oracle\1_Balboa_Schema.sql; @< unzip directory>\Sql\Oracle\1_Balboa_storedProcedures.sql; grant execute on GOODCONNECT.USP_CREATENEWADTABLE to GoodConnect; grant execute on GOODCONNECT.USP_SWITCHADTABLES to GoodConnect; grant execute on GOODCONNECT.UTILS to GoodConnect;

2.6.2 Setting up Microsoft SQL Server 2008 R2 SQL Server Management Studio, which is bundled with the SQL Server 2008 R2 Express download, is required for setting the Good Connect database. If your SQL Server installation does not include the SQL Server Management Studio software, it is available as a separate download from the Microsoft website.

http://www.microsoft.com/en-us/download/details.aspx?id=7593 Follow the instructions to set up the Good Connect database in SQL Server:

1. Install the SQL Server database per the directions in the installation wizard. Specify Windows Authentication mode or SQL Server and Windows Authentication mode under the Security section of the Server Properties.

2. After installation, launch SQL Server Management Studio and log in. You will perform steps 3 and 4 through the SQL Server Management Studio console.

3. Set up the login that will be used to manage the Good Connect database. Expand the Security item in the Object Explorer pane, then right-click Logins and select New Login

a. If you selected “SQL Server and Windows Authentication mode” in the Server Properties and wish to have a SQL Server login to manage the Connect database, enter GoodConnect as the Login name. Select SQL Server authentication and set a password for this login. You will need to enter the password value correct when the Good Connect installer asks for Connect database information. Click OK to add the login.

b. If you want to use a Windows account to manage the database, select Windows authentication. Enter the Windows account username in the domain\username format as the Login name. This account should be the same as the service or administrator account setup to run the Good Connect Server service. Click OK to add the login.

4. Right-click the Databases item in the Object Explorer pane, then select New Database. Enter “GoodConnect” as the Database name and set the login you configured in the previous step as the database Owner. Click OK to add the database.



5. Launch the SQL Server Configuration Manager:

Start > All Programs > Microsoft SQL Server 2008 R2 > Configuration Tools > SQL Server Configuration Manager

6. Select Protocols for SQLEXPRESS. Enable TCP/IP and add port 1433 for IPAll.

7. Restart the SQL Server service.

8. Run Schema and Stored Procedure scripts

You must execute the following scripts in the specified order to properly create the GoodConnect database schema and stored procedures. These scripts can be found in the install directory under the “SQL\SQLServer” folder. sqlcmd –S <hostname>\SQLExpress –d GoodConnect –i 1_Balboa_Schema.sql sqlcmd –S <hostname>\SQLExpress –d GoodConnect –i 1_Balboa_StoredProcedures.sql


3 Provisioning the Good Connect Servers with Microsoft OCS Good Connect is a Microsoft OCS trusted UCMA application. In order to establish trust with Microsoft OCS 2007 R2, you must complete the application provisioning process as described here using the Application Provisioner utility.

Note You must be a member of the RTCUniversalServerAdmins. If you have a designated OCS administrator within your organization, that person should perform the steps listed below.

You must follow the naming conventions provided in bold in the following examples. Replace myhost with your Good Connect hostname and mycompany.com with your organization’s domain.

1. Launch the Application Provisioner utility by clicking the Application Provisioner Setup button located on the installer’s Prerequisites screen. The Application Provisioner utility comes bundled with the Good Connect Server installer.

2. Enter the Good Connect application name using the following naming convention: “appid_goodconnect.myhost.mydomain” and select Find or Create…


3. Perform the following steps in the Create Application Pool dialog box:

3.1. Select the OCS Pool Fqdn (fully qualified domain name) from those automatically detected in the pull down menu.

3.2. Enter 49555 as the Good Connect listening port.

3.3. Enter the Good Connect Fqdn or select localhost to auto-detect the local hostname.

3.4. Click OK to create the Application Pool.

The list of servers now includes your newly created Application Pool.


4. Select Add from the Contacts section to add an ApplicationEndpoint Contact.

5. Enter the Good Connect application endpoint contact name using the following naming

convention and then click OK to create the contact.

“sip:admingoodconnect_myhost@mydomain” and display name as “Good Connect Admin myhost”

Note: If your SIP domain is different from your network domain, enter the SIP domain instead.

After successful Application Provisioning, you will see the respective Contact and Server objects listed under the Application Pool.

6. Click the Close Window button to exit the application.

You have successfully provisioned Good Connect with Microsoft OCS 2007 R2 and can proceed with the installation of the Good Connect Server.

Additional information regarding Microsoft Application Provisioner can be found here http://msdn.microsoft.com/en-us/library/dd253360(office.13).aspx

http://msdn.microsoft.com/en-us/library/dd253360(office.13).aspx


4 Installing the Good Connect Server This section details the various installation steps.

1. Run the installer executable.

2. Introduction screen

This screen provides some basic information about the installer and the amount of space needed. Review the information and only proceed by clicking Next.

3. License Agreement screen

Be sure to read the Good Server License and Services Agreement. If you agree with the terms, click Next.

4. Prerequisites screen

The installer checks to make sure you meet the prerequisites that are detailed under the Requirements section of this manual. Failure to meet all the pre-requisite requirements will cause Good Connect to not run properly.


5. Good Dynamics Host Information screen

The Good Connect Server requires the hostname and port of the Good Dynamics Proxy server. If you choose HTTPS be aware that, at this time, Good Dynamics does not support internal CA issued SSL certificates within the Good Dynamics Proxy server. The certificate must come from a well-known 3rd Party certificate authority. See the Good Dynamics’ Good Control Server, Good Proxy Server Installation Guide for detailed instructions on how to do so.


6. Database Server Settings screen.

Good Connect requires a database to execute properly. Database configuration parameters can be set on this screen.

6.1 Microsoft SQL Server 2008 R2

MS SQL server can be authenticated in two ways: integrated windows authentication or SQL Server Authentication.

Integrated Windows Authentication

When a user connects through a Windows OS user account, SQL Server validates the account name and password using the Windows principal token in the operating system. The user’s credentials are confirmed by Windows OS and it is not necessary to provide username and password. Windows Integrated Authentication uses Kerberos security protocol that provides password policy enforcement, support for account lockout, and password expiration. A connection made using Windows Authentication is sometimes called a trusted connection, because SQL Server trusts the credentials provided by Windows.

SQL Server Authentication

When using SQL Server Authentication, logins are created in Microsoft SQL Server directly which are not based on Windows OS user accounts. Both the username and the password are stored and managed in the SQL Server. Users connecting using SQL Server Authentication must provide their credentials when they connect. If you choose SQL Server Authentication, you must provide username and password.


1. The Good Connect Installer will securely store the username and password to the Window

Credential Manager. If you run the Good Connect windows service as a different user from the one that installs the Good Connect, you will need to manually add the database username and password to the Windows Credential Manager…

a. Login into the Good Connect server as the run user (this is the domain user as defined in Good Connect Server Host Information screen).

b. Launch cmd.exe as Adminstrator.

c. Execute the cmd: cmdkey /generic:GoodConnectDatabase /user:dbadmin /pass:password


6.2 Oracle XE

Note: In order to use Oracle database, you must install the Oracle ODAC on the Good Connect server in order for the installer to test connectivity to the Oracle database server.


7. Good Connect Server Host Information screen

Each Good Connect server’s host information also needs to be entered in the Good Control console. The installer automatically enters the local hostname. If it cannot detect a hostname, you can enter one, however the hostname must resolve properly within your network’s DNS for it to operate correctly with Good Dynamics and Microsoft OCS 2007 R2.

The default port for incoming client connections to the Good Connect Server is 8080.

Each Good Connect server can host a maximum of 10000 concurrent sessions. A session constitutes any device actively connected into Good Connect and using the service. If you anticipate more than 10000 concurrent sessions, you should install a pool configuration with an Additional Host.

Each Good Connect server’s host information also needs to be entered in the Good Control console.


8. Web Proxy screen

If your Enterprise uses a web proxy to restrict access to the Internet, then you must selected the Web Proxy checkbox.

The Good Connect server supports the following web proxy types: None, NTLM, Digest, or Basic Authentication. Select the authentication type used by your Enterprise’s web proxy and enter the appropriate information.

The Good Connect Installer will securely store the username and password to the Window Credential Manager. If you run the Good Connect windows service as a different user from the one which installs the Good Connect, you will need to manually add the web proxy username and password to the Windows Credential Manager…

a. Login into the Good Connect server as the run user (this is the domain user as defined in Good Connect Server Host Information screen).

b. Launch cmd.exe as Adminstrator.

c. Execute the cmd: cmdkey /add:GoodConnectWebProxy /user:foouser /pass:foopass

9. Good Connect Server Location screen.

Click Next unless you want to change the default installation directory location.

10. Pre-installation Summary screen

Review the summary information and make sure the values are correct before clicking the Install button.

11. Installation screen


12. Finalize screen

The information gathered during this installation is available for review in the Good Connect Server’s configuration file. See section 6.1 in this guide for complete details.

4.1 Good Connect Server Windows Service After installation Good Connect Server will be listed in Microsoft Windows Services interface.

Good Connect can run as another domain user given the following:

• The alternate domain user must have access to the private key of the computer certificate. See section 2.5 step 11 for more information.

• The alternate domain user must be enabled to “Log on as service” through the Local Security Policy tool.


The following steps explain how to make sure your account has “Log on as service” privileges:

1. Run the Local Security Policy admin tool on the Good Connect host.

2. Expand the Local Policies folder in the navigation pane on the left.

3. Select the User Rights Assignments folder to see a list of policies in the right pane.

4. Double click the Log on as a service policy to add your account.

4.2 APNS Web Proxy Support If the host machine for the Good Connect server must work with a proxy server to access the Internet and you did not install the Good Connect server with web proxy enabled, then follow the instructions to manually configure the web proxy.

You must (1) set the following configuration parameters, (2) store the user credentials for "GoodConnectWebProxy" in the Windows Credential Manager, and (3) ensure that the Good Connect Server is Running As a user account that has local administrator privileges.

Note: Make sure the account you are using to follow the instructions below has local administrator privileges as explained in section 4.1 Good Connect Server Windows Service.


4.2.1 Setting the configuration parameters Edit the GoodConnectServer.exe.config file which is installed by default in C:\Program Files\Good Technology\Good Connect Server\ .

Note: You must restart the Good Connect Server after updating the parameters.

• GD_APN_PROXY_TYPE

• GD_APN_PROXY_HTTP_HOST

• GD_APN_PROXY_HTTP_PORT

See section 6 for the complete list of parameters, including descriptions.

4.2.2 Storing the user credentials Please execute the following from the cmd prompt as a local administrator, replacing "username" and "password" with what is required:

cmdkey /add:GoodConnectWebProxy /user:username /pass:password

If you don’t want to store the password value and prefer to be prompted for it instead, omit the password_value so the command looks like this:

cmdkey /add:GoodConnectWebProxy /user:username /pass:

Make sure you are using a user account that has local administrator privileges.


4.3 Configuring the Good Connect Server to use the Global Catalog If your organization plans to support Good Connect users from multiple domains within the same forest, follow these instructions in this section to enable users to be accessed from the Global Catalog.

1. Click the Attributes folder in the snap-in.

2. In the right pane, scroll down to the desired attribute, right-click it, and then click Properties.

3. Click to select the Replicate this attribute to the Global Catalog check box.

4. Click OK.

Verify that the following attributes are published to the Global Catalog:

• msrtcsip-primaryuseraddress

• mail

• telephoneNumber

• displayname

• title

• mobile

• givenName

• sn

• sAMAccountName

Edit the GoodConnectServer.exe.config file which is installed by default in C:\Program Files\Good Technology\Good Connect Server\ as follows:

<add key="AD_USERS_SOURCE" value="GC"/> <add key="AD_USERS_SOURCE_DOMAIN" value=""/> Note: You must restart the Good Connect Server after updating the parameters.


5 Repairing/Upgrading the Good Connect Server Repair and Upgrade options are available in the Good Connect 2.1 installer. These options are presence when the install detects a previous installation of the Good Connect server.

Note: Please make a backup copy of the config file prior to repair or upgrade. Custom configuration settings for EWS will not be copied over, you will need to copy them back into the configuration file after repair/upgrade.

5.1 Repairing the Good Connect Server The Good Connect 2.1 installer allows restoration of the Good Connect server installation. This process reverts the Good Connect Server program files and configuration to the values of the last successful installation. Any changes executed manually are discarded during the reparation process.

5.2 Upgrading from 1.2 Good Connect Deployment When upgrading from the 1.2 version of the Good Connect server, the following configuration information is preserved:

• GD hostname

• GD port

• Web Proxy Address

• Web Proxy Port

• Web Proxy Authentication Method

• Web Proxy Domain

The installer does not create a backup of the configuration file (GoodConnectServer.exe.config). However if the installer finds gaslampdb.db3, a migration script will be executed to move offline/missed messages to the Good Connect database.

5.3 Upgrading from 2.1 Good Connect Deployment For upgrades with the Good Connect 2.1 version, the installer will create a backup copy of the configuration file. All the values (except passwords, which must be reentered) will be pre-populated in the installer panels. Good administrators have the options of making changes during upgrade process.


6 Administering the Good Connect Server This section details the administration of the Good Connect Server.

6.1 The server configuration file After installation, you can update Good Connect configuration file at

<install path>\Good Technology\Good Connect Server\GoodConnectServer.exe.config

Note: You must restart the Good Connect Server after updating the parameters.

Parameter Name Required Description Default UCMA_APPLICATION_NAME Yes Name of application as

defined through the installation provisioning process.

Generated during application provisioning

UCMA_GRUU Yes GRUU - Globally Routable User-Agent URI that uniquely defines the Session Initiation Protocol (SIP) URI for the application.

Generated during application provisioning

UCMA_APPLICATION_PORT Yes The fixed port used by the Good Connect Server to receive messages from the enterprise IM server.

49555

OCS_SERVER Yes FQDN (Full Qualified Domain Name) of the Microsoft OCS 2007 R2 Front-End server or Front-End server pool.

GD_HOST Yes Good Dynamics Proxy host. GD_PORT Yes Good Dynamics Proxy port. 17080 BASE_ADDRESS Yes URL for the Good Connect

Server which takes the form of http://goodconnect.mycompany.com:8080/

BUILD_VERSION Yes The version number of the Good Connect Server build.

Auto-populated

SESSION_TIMEOUT_SECS Yes The number of seconds a client is allowed to remain idle

86,400 (24 hours)

ACTIVE_DIRECTORY_CACHE_ REFRESH_SECS

Yes The number of seconds the Good Connect Server waits before synchronizing with the Active Directory. Any value smaller than 7200 is ignored in favor of 7200 seconds.

86,400 (24 hours)

GD_USE_SSL Yes Determines whether or not the Good Connect Server uses the Good Dynamics secure port (17433) or unsecure port (17080).

False

APN_SOUND Yes Play sound when an Apple device receives a push notification.

http://goodconnect.mycompany.com:8080/

http://goodconnect.mycompany.com:8080/


Parameter Name Required Description Default APN_BADGE Yes Determines whether or not to

use the badge graphic for Apple push notifications.

True

APN_ALERT Yes Apple push notification message string that notifies a user that there are unread messages.

“You have number unread messages.”

APN_SLEEP_TIME Yes The number of milliseconds the Good Connect Server waits in between queued Apple push notifications.

100

ACTIVE_DIRECTORY_SEARCH_ RESULT_MAX

Yes The upper limit on the number of hits from a search of the Global Address List (GAL).

150

GD_APN_PROXY_TYPE No Web Proxy Authentication Mechanisms. Acceptable values are: • “” (empty string for no

proxy) • “Basic No Auth” • “Basic” • “Digest”

“”

GD_APN_HTTP_URL Yes WebService URL for Good Dynamics Apple Push Notification Service (APNS)

GD_APN_PROXY_AUTH_DOMAIN No Web Proxy Domain Deprecated GD_APN_PROXY_AUTH_USERNAME No Web Proxy Username Deprecated

GD_APN_PROXY_AUTH_PASSWORD No Web Proxy Password Deprecated

GD_APN_PROXY_HTTP_HOST No Web Proxy Host GD_APN_PROXY_HTTP_PORT No Web Proxy Port DB_TYPE Yes SQLSERVER or ORACLE

depending on what database is used.

DB_AUTHTYPE Yes USE_INTEGRATEDAUTH when the specifying windows integrated authentication, otherwise SQL Server authentication will be used.

DB_HOST No Only valid if DB_TYPE=ORACLE

DB_PORT No Only valid if DB_TYPE=ORACLE

DB_SERVICE No Only valid if DB_TYPE=ORACLE, Oracle database instance name.

GASLAMP_USERNAME Yes Window Service account.


DB_INIT_CATALOG No SQL Server database name,

Only valid if DB_TYPE=SQLSERVER

GoodConnect. Set by installer, do not change.

LYNC_DB_CONNECTIONSTRING No SQL Server connection string for the Lync/OCS database.

DB_SESSION_TIMEOUT_SECS Yes Time limit for search Lync/OCS database as defined by LYNC_DB_CONNECTIONSTRING.

300


7 Configuring Good Control There are two configuration steps you need to perform in Good Control.

7.1 Entering the Good Connect Server Pool information and IM platform type In the Good Control Server Info section of Good Connect enter the Hostname, Port for each Good Connect server, and Configuration information. This configuration information gets delivered to Good Connect clients and dictates the available servers a client may connect to. All servers listed in the Configuration information should also be listed in the table above the Configuration box.

For each Good Connect server:

• Hostname: <the fully qualified domain name of the Good Connect Server host>

• Port: <the Good Connect Server port>

After the listing all the Good Connect servers

• Configuration:

PLATFORM=OCS R2

SERVERS= <a comma separated list of available Good Connect Servers using the format host_fully_qualified_domain_name:port >


7.2 Listing the approved Good Connect Server hostnames and ports In Good Control’s Client Connections option under Settings define the allowed domains and servers that the Good Connect client application can connect to within the corporate network. We recommend you whitelist each individual Good Connect Server as shown in the example below.

7.3 Enabling Disclaimer Text (Optional) Good Connect supports a Corporate Policy disclaimer at the top over every new conversation within the Good Connect client.

In Good Control’s Policy Sets option:

1. Select the policy set you wish to add the disclaimer.

2. Select the Application Policies tab.

3. Expand the Good Connect application.

4. Check the Display Disclaimer.

5. Type or paste in your disclaimer text into the textbox.

6. Click Update.


The Good Connect client will display this disclaimer on top of each new conversation window.


A. Troubleshooting The best place to diagnose issues is the log file in the Good Connect Server folder:

C:\Program Files\Good Technology\Good Connect Server\Application-log.txt Application Provisioning Error: The application could not be created. Duplicate found and duplicates are not allowed.

There is already a trusted application provisioned with this Application name and Application Server Fqdn registered with Microsoft OCS 2007 R2

Delete the previous Application server.

Installer Prerequisites screen: Firewall needs to be disabled

The prerequisites check cannot accurately determine if the firewall is off if a Group Policy is applied to the host (regardless of current state of firewall)

Ignore this warning and continue the install.

Failed to start GoodConnectServer: Microsoft.Rtc.Signaling.ConnectionFailureException: Unable to establish a connection. ---> System.Net.Sockets.SocketException: No such host is known.

The hostname value in the configuration file for the key OCS_SERVER does not exist or is not recognized as a valid server.

Correct OCS_SERVER value in the configuration file.

DeregisterReason=None ResponseCode=480 ResponseText=Temporarily Unavailable Microsoft.Rtc.Signaling.RegisterException: The endpoint was unable to register. See the ErrorCode for specific reason.

The port number specified in OCS_PORT_TLS is not valid.

Correct OCS_PORT_TLS value in the configuration file.

ErrorCode=-2146233088 FailureReason=RemoteDisconnected RemoteCertificate=<null> Microsoft.Rtc.Signaling.TlsFailureException: Unknown error (0x80131500) --> Microsoft.Rtc.Internal.Sip.RemoteDisconnectedException: Remote disconnected while outgoing tls negotiation was in progress --> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host.

OCS_TRANSPORT was specified as TLS, however the port number provided was TCP.

Change the OCS_PORT_TLS to 5061.

Failed to start GoodConnectServer: Microsoft.Rtc.Signaling.ConnectionFailureException: Failed to listen on any address and port supplied.

UCMA_APPLICATION_PORT number specified in the configuration file is either blocked by a firewall or used by another application.

Unblock port if it is a firewall issue or choose another port number.

Failed to start GoodConnectServer: WCFGaslampServiceLibrary.OCSCertificateNotFoundException: Certificate not found.

The certificate's subjectName must contain the local host's FQDN and the private key for the cert must be enabled for the user which executes the Good Connect Server.

Enable private keys for this cert for the user running the Good Connect Server.


Legal Notice This document, as well as all accompanying documents for this product, is published by Good Technology Corporation (“Good”). Good may have patents or pending patent applications, trademarks, copyrights, and other intellectual property rights covering the subject matter in these documents. The furnishing of this, or any other document, does not in any way imply any license to these or other intellectual properties, except as expressly provided in written license agreements with Good. This document is for the use of licensed or authorized users only. No part of this document may be used, sold, reproduced, stored in a database or retrieval system or transmitted in any form or by any means, electronic or physical, for any purpose, other than the purchaser’s authorized use without the express written permission of Good. Any unauthorized copying, distribution or disclosure of information is a violation of copyright laws.

While every effort has been made to ensure technical accuracy, information in this document is subject to change without notice and does not represent a commitment on the part of Good. The software described in this document is furnished under a license agreement or nondisclosure agreement. The software may be used or copied only in accordance with the terms of those written agreements.

The documentation provided is subject to change at Good’s sole discretion without notice. It is your responsibility to utilize the most current documentation available. Good assumes no duty to update you, and therefore Good recommends that you check frequently for new versions. This documentation is provided “as is” and Good assumes no liability for the accuracy or completeness of the content. The content of this document may contain information regarding Good’s future plans, including roadmaps and feature sets not yet available. It is stressed that this information is non-binding and Good creates no contractual obligation to deliver the features and functionality described herein, and expressly disclaims all theories of contract, detrimental reliance and/or promissory estoppel or similar theories.

Legal Information © Copyright 2013. All rights reserved. All use is subject to license terms posted at www.good.com/legal. GOOD, GOOD TECHNOLOGY, the GOOD logo, GOOD FOR ENTERPRISE, GOOD FOR GOVERNMENT, GOOD FOR YOU, GOOD APPCENTRAL, GOOD DYNAMICS, SECURED BY GOOD, GOOD MOBILE MANAGER, GOOD CONNECT, GOOD SHARE, GOOD TRUST, GOOD VAULT, and GOOD DYNAMICS APPKINETICS are trademarks of Good Technology Corporation and its related entities. All third-party technology products are protected by issued and pending U.S. and foreign patents.

http://www.good.com/legal

good connect 2 - blackberryhelp.blackberry.com/en/good-connect-administrators/2.1/install...2.4...

Documents