It took a bit of time to find MDM resources online. Here’s what I used the most:

Websites, Blogs & Forums

• Microsoft System Center Mobile Device Manager TechCenter – launch page for all Microsoft MDM resources
• Microsoft System Center Mobile Device Manager Forum – best place for community help
• The System Center Mobile Device Manager Team Blog
• SCMDM Topics at MobilityDojo.net – excellent how-to articles and the author is a top contributor to the MDM Forum linked above
• MDM Product Documentation – lots of content not in the download versions! There’s a good chance you’ll spend a lot of time in the troubleshooting section especially.

Prerequisites & Tools

As I worked through the documentation and virtual implementation (using Hyper-V of course) I started compiling an ISO containing all of the install files, tools, and prerequisites. Here’s pretty much everything that I ended up collecting. You’ll probably need most of them so you might as well download them ahead of time!

• Windows Mobile 6.1 Emulator Images
• System Center Mobile Device Manager Resource Kit Tools
• System Center Mobile Device Manager Product Documentation
• ActiveSync 4.5
• Microsoft Windows Mobile Device Center 6.1 for Windows Vista: 32-bit, 64-bit (can be installed on Server 2008 and Server 2008 R2 RC to get ActiveSync-like capabilities)
• Group Policy Management Console with Service Pack 1
• Microsoft Baseline Configuration Analyzer
• MMC 3.0: Windows XP, Windows Server 2003, Windows Server 2003 x64 Edition
• PowerShell 1.0
• Microsoft Report Viewer Redistributable 2005 SP1
• Windows Server Update Services 3.0 SP1
• Microsoft .NET Framework 2.0 Service Pack 1: x86, x64
• Windows Mobile Network Analyzer PowerToy

Non-Microsoft Tools

• Hosts File Editor for Windows Mobile
• vxUtil Network Utilities for Windows Mobile (ping, tracert, DNS lookup, etc)
• CeRegEditor – Windows Mobile registry editor
• Wireshark – nice free network protocol analyzer (for when you really need to know if the device is talking to the gateway, etc)

Simplifying mobile device management is not so simple… I recently had the challenging experience of designing and implementing a Microsoft System Center Mobile Device Manager 2008 SP1 solution. If you’ve worked with the product then you know that the Best Practices Analyzer (BPA) is an invaluable tool to determine the answer to the inevitable question, “Why the $@#% is this thing not *%&# working!”.

The first step in runing the BPA is to enter the servers that are part of the installation and verify connectivity. In this case the connectivity check for the Gateway Server was returning “Machine is unreachable”. Ok, no problem, checking the MDM Planning Guide shows that we need TCP 443 open between the Device Management Server and the Gateway Server. We assumed the BPA would validate connectivity using the ports listed in the planning document since the Gateway is typically not domain joined and lives in the DMZ blocked on all sides by firewalls.

That’s not the case!

To get the BPA to validate connectivity to the Gateway server you will need to allow ICMP/PING to through your firewall to the server. After this the pre and post-deployment analyses will use the specified ports.

Once you’ve successfully implemented MDM you can deny ICMP/PING on your firewall as you normally would.