Posts Tagged ‘mobilEcho’

GroupLogic product compatibility with Windows 8

Wednesday, April 3rd, 2013

activEcho
Client: Windows 8 is supported by activEcho client 2.7 or later.
Server: Windows 8 is not supported.

ArchiveConnect
AFP-based Servers: ExtremeZ-IP 8.0.3 or later is supported on Windows 8 for use with ArchiveConnect (see below).
SMB-based Servers: Windows 8 has not yet been certified for compatibility with ArchiveConnect

ExtremeZ-IP
Server: Windows 8 is supported by ExtremeZ-IP 8.0.3 or later.

MassTransit
Server: Windows 8 is not supported.
Windows Web Client: Windows 8 is supported when using the MassTransit 7.2.7 or later web client.

mobilEcho
Server: Windows 8 is supported by mobilEcho 4.3 or later.

mobilEcho supports iOS 6; iPhone 5 screen enhancement coming soon

Tuesday, October 16th, 2012

The current mobileEcho 4.0.1 release in the App Store is compatible with Apple’s new iOS 6 operating system for iPad and iPhone. Our upcoming mobliEcho 4.1 release will also be updated to take advantage of the extra vertical space on the iPhone 5 so there’s more room for secure mobile file management, previewing and annotation.

We’ll be submitting mobilEcho 4.1 to the App Store in a few weeks and expect it to be available in November.

Backup and restore of iOS devices running mobilEcho 3.5, 3.5.1, and 3.5.2

Monday, March 19th, 2012

Versions 3.5, 3.5.1, and 3.5.2 of the mobilEcho iOS app use an encrypted database to manage the files stored within the mobilEcho app’s on-device storage. The information required to access this database is stored in the iOS keychain. For security reasons, mobilEcho’s keychain items are not restored to the new device during the backup and restore process.

When this method of backup and restore to a new device is performed with a device that has mobilEcho 3.5, 3.5.1, or 3.5.2 installed and configured, the keychain item required to open the encrypted file database is not restored to the new device. This causes mobilEcho to be unable to access the restored file database and the on-device files it manages.

A workaround for this limitation of the ‘backup and restore to new device’ process will be included in mobilEcho 3.5.3, and all future versions of mobilEcho.

To work around this mobilEcho / iOS backup and restore situation:

1. Backup any needed local files to a server-based location before moving to your new device.

  • If you have already restored to a new device using a standard iTunes backup and restore process, mobilEcho will not function properly on the new device and will not include the on-device files from your old device. If you still have your old device, you will need to use that device to save your files to a server-based location, so they can be downloaded to mobilEcho on your new device.

2. Remove mobilEcho from the new device, reinstall, and reconfigure.

  • Tap and hold the mobilEcho app icon. Once it appears, tap the “X” in the corner of the app icon to remove the app.
  • Visit the App Store and install mobilEcho again: http://itunes.apple.com/us/app/mobilecho/id429704844?mt=8
  • Add your mobilEcho server(s) within the app, or if you are using a managed mobilEcho client, request a new enrollment invitation from your IT administrator and follow the included instructions to reenroll your mobilEcho client app. This enrollment process will reconfigure all the servers and folders that you previously had access to.
  • You can now copy the files you backed up to the server back down to the new device using the mobilEcho app.

mobilEcho compatibility with the new iPad (updated)

Friday, March 16th, 2012

To use mobilEcho on the new iPad (third generation), please update to the latest version through the App Store. We added support for the new iPad in version 3.5.2 on March 17, 2012.

If you have any questions or find any issues, please open a support case at http://support.grouplogic.com/request.

How can I set mobilEcho and activEcho to listen on the same port (multi-homing)?

Tuesday, March 13th, 2012

Question:

How can I set mobilEcho and activEcho to listen on the same port on one computer?

Answer:

If activEcho and mobilEcho are installed on one computer, they can both listen on the same port (e.g. 443) only if they are bound to different IP addresses (multi-homing).

Follow the steps below:

  1. Open a Command Prompt and type the following line for each IP address that will be used. Replace the <ip address> part with the corresponding IP address.
    • on Windows Server 2008:
      netsh http add iplisten <ip address>
    • on Windows Server 2003:
      httpcfg.exe set iplisten -i <ip address>
  2. Open the Registry Editor (Start -> Run -> regedit) and navigate to the following path:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mobilEcho\Parameters4\NonRefreshable
  3. Double click on IPAdress. An Edit Multi-String window opens.
  4. In the Value Data field type the IP address that will be used for connections to mobilEcho.
  5. Click OK.
  6. Close the Registry Editor and navigate to C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\conf
  7. Open the server.xml file with Notepad.
  8. Find the following line:

    <Connector port=”443″ maxHttpHeaderSize=”8192″

    Note: If you have already changed activEcho’s port, the new port number will be written instead of 443.
  9. Add the red text as in the example below. Replace the <IP address> part with the IP address that will be used for connections to activEcho.

    <Connector port=”443″ address=”<IP address>” maxHttpHeaderSize=”8192″

    Note: If you want to use a port other than 443, replace the port number now. 443 is the default HTTPS port, so if you change it, the new port will have to be appended to the server URL when accessing the servers.

    mobilEcho’s port can be changed from mobilEcho Administrator -> Settings

  10. Save and close the server.xml file.
  11. Stop the mobilEcho service.
  12. Restart Tomcat.
  13. Start the mobilEcho service.

For additional technical notes, please check our online documentation.

Home Directory support when a mobilEcho server is running on a non-default port

Tuesday, November 8th, 2011

mobilEcho clients connect to mobilEcho servers on port 443 by default.

If the mobilEcho server that contains your home directory shared volume(s) is configured to use a port other than 443, you will need to create a Network reshare path mapping that points to the correct mobilEcho server and share on the correct port. This will allow the mobilEcho client to know to connect to the server on the non-default port.

Normally you only need a Network reshare path mapping if your mobilEcho home directory shared volume(s) are network reshare volumes that point to SMB file share on other servers. But when running mobilEcho on a non-default port, a Network reshare path mapping will be necessary, even if your home directory share is located directly on local storage on your mobilEcho server.

In this case a path mapping is necessary to translate an AD home directory SMB path like “\\fileserver.company.com\sharename” to the correct mobilEcho path “\\fileserver.company.com:444\sharename”. The correct port just needs to be appended to the server’s name or IP address when you add the server to the mobilEcho Client Management server list.

Active Directory assigned home directories are not working in the mobilEcho client

Tuesday, November 8th, 2011

Introduction

mobilEcho includes the ability to automatically show a user’s Active Directory assigned home folder in the mobilEcho client app. These home directory locations are specified as a Windows file share (SMB) UNC path in the user’s Active Directory user account profile.

When setting up home directories in mobilEcho, it is important to consider the topology of your mobilEcho deployment.

mobilEcho includes a ‘Network Reshare’ feature, that allows a mobilEcho server to host a shared volume that gives access to data located on a second file server. The mobilEcho server uses the SMB/CIFS protocol to connect to the secondary file server.

If mobilEcho is installed directly on the server hosting your users’ Active Directory assigned SMB home folders, and a mobilEcho shared volume has been created with the same name and location as the SMB home folders shared volume, the mobilEcho UNC path to the home folders shared volume will be identical to the UNC path to the SMB home folders shared volume, and the UNC path specified in the user’s Active Directory profile home folder setting will be correct for both SMB access and mobilEcho access.

If you are using mobilEcho’s Network Reshare feature to give access to home directories on a secondary SMB file server, the SMB UNC path in a user’s Active Directory profile home folder setting will not match the mobilEcho UNC path, since mobilEcho servers access their home folders by connecting to a different server.

In this case, you will need to configure a Network Reshare Path Mapping, so that mobilEcho knows how to translate the SMB UNC path it gets from the Active Directory profile home folder setting to the mobilEcho UNC path that the mobilEcho client needs to know to connect to the home folder.

Configuring a Network reshare path mapping

  1. Click Servers & Folders in the top menu.
  2. Click the Add new path mapping button.
  3. Select the mobilEcho server where the mobilEcho network reshare shared volume is located. Then enter the name of the mobilEcho Shared Volume.
  4. Click Next.
  5. Enter the UNC Path that you would like to be redirected to the mobilEcho Shared Volume you specified in the previous step.
  6. Click Save.

Important note on server names in AD path vs. Network reshare path mapping

Because mobilEcho is matching on this path, the UNC Path needs to use the exact server name and SMB shared volume name as it appears in your users’ Active Directory user profile home folder setting. If an SMB home folder’s path in Active Directory uses a different name for the server than is entered in the path mapping setting (such as “\\fileserver.company.com\sharename” vs. “\\fileserver\sharename”) the home directory will not work in the mobilEcho client. If you’ve used more than one method for representing your server’s name in the Active Directory profile home folder setting for your users, you will need to create a path mapping for each variation on the server name.

Setting the minimum allowed mobilEcho client version on a mobilEcho server

Tuesday, November 8th, 2011

Introduction

Each mobilEcho file server contains a minimum client version setting. If a client earlier than this version attempts to connect to the mobilEcho server, it will receive a notice that it doesn’t meet the minimum version requirement and will be refused connection.

When mobilEcho is first installed, this minimum client version is set to the earliest version that is compatible with the mobilEcho server. If the server is later upgraded to a new version of the mobilEcho file server software, this minimum client version setting will be modified only if necessary for compatibility, which usually won’t be the case.

Setting the minimum client version

If you would like to set the minimum client version that you allow to connect to you mobilEcho server, you can do so by editing this registry key:

\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mobilEcho\
Parameters4\Refreshable\Pez\MinimumClientVersion

The version number entered in this registry key needs to match the version number as it appears in the mobilEcho client app’s settings menu. For example, the minimum client version number for mobilEcho 2.X and 3.X servers to date is: 2.0.0.282

Deployments with multiple mobilEcho server

If you have multiple mobilEcho servers, you will need to set this registry key on each server if you would like the minimum client version requirement enforced by each server. Alternatively, if you’re using the mobilEcho Client Management system to centrally manage your clients, you can set this setting on just the server that is acting as the client management server. Since all your clients call home to this server, they will be denied access the next time they do and will be prompted that they need to upgrade their client app.

Clients not meeting the minimum version requirement will not receive updated profiles or remote wipe commands

If you set the minimum client version setting on your mobilEcho Client Management server, any existing managed clients that are running an earlier version of the mobilEcho app will no longer be able to communicate with the server to receive updated management profiles or remote wipe commands. If you need to remote wipe a client running an older version of the mobilEcho app, you will need to modify this setting so that it’s allowed to communicate with the server.

Customizing the mobilEcho enrollment invitation email template

Monday, November 7th, 2011

Introduction

The mobilEcho Client Management system is used to manage your mobilEcho clients’ access to your mobilEcho servers and to configure mobilEcho client security and application settings.

Users are added to the client management system using a PIN number that is included in an invitation email sent by the mobilEcho Client Management server.

mobilEcho uses a default template for this email. If you would like to customize the contents of this email, you can edit the files containing these templates.

Important Note – edited templates are not updated automatically by future mobilEcho version upgrades

If you manually edit the email template files, they will not be updated automatically when you install future versions of mobilEcho on your server. We recommend you replace your email template files with the originals, or simple rename your edited versions before upgrading mobilEcho server, so that the new versions will be installed if necessary. Once installation completes, you can view the new template files and make any necessary changes, or simply go back to using your old custom templates if appropriate.

The mobilEcho invitation email templates were last updated in September 2012 in mobilEcho 4.0.2.

Editing the email templates

There are two invitation email templates: one in HTML format and one in plain text format. Both are included in the invitation email sent to your users. Normally users should see the HTML version, but in the case that their email client does not support HTML, they will see the plain text version.

These files are located in a folder within the mobilEcho Server program directory on the mobilEcho Client Management server.

The location of this folder is typically:

C:\Program Files\Group Logic\mobilEcho Server\ManagementUI\app\views\user_mailer\

In the “user_mailer” folder are two files:

invite.html.erb
invite.txt.erb

These files can be customized with any valid HTML or plain text. It is recommended that you make a backup copy of the original files before you edit them.

There are 4 variables that can be used within these files. Ensure that you continue to include these variables in your template, as the are necessary for the client enrollment process.

Available Variables

User’s email address:      <%= @invitation.email %>
User’s PIN:      <%= @invitation.pin %>
Management server address:      <%= @management_server_address %>
PIN expiration date:      <%= @expiration %>
mobilEcho URL:      <%= @url %>
Username:      <%= @invitation.user %>

Editing the email subject

The enrollment email subject can be customized in the ‘mobilEcho_management.cfg’ file.

Required service restart to apply changes

Once you’ve finished editing the invitation email template files, a restart of the mobilEcho Management service is required in order for the changes to take effect. This can be done from the Windows Services control panel.

Adding an SSL certificate to a mobilEcho server

Friday, June 17th, 2011

The mobilEcho server consists of two services, the mobilEcho File Server and the mobilEcho Client Management Server. If your server is only running the file server service, you only need the to add your SSL certificate to the Windows certificate store and bind it to the mobilEcho file server port. If you are also running Client Management Server, you will need to add the certificate to the web administrator console.

Adding a 3rd party issued SSL certificate to your mobilEcho file server

Install your certificate to your Windows certificate store.

  1. On the server, click Start, and then click Run.
  2. In the Open box, type mmc, and then click OK.
  3. On the File menu click Add/Remove snap-in.
  4. In the Add/Remove Snap-in dialog box, click Add.
  5. In the Add Standalone Snap-in dialog box, click Certificates, and then click Add.
  6. In the Certificates snap-in dialog box, click Computer account (this is not selected by default), and then click Next.
  7. In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.
  8. In the Add Standalone Snap-in dialog box, click Close.
  9. In the Add/Remove Snap-in dialog box, click OK.
  10. In the left pane of the console, double-click Certificates (Local Computer).
  11. Right-click Personal, point to All Tasks, and then click Import.
  12. On the Welcome to the Certificate Import Wizard page, click Next.
  13. On the File to Import page, click Browse, locate your certificate file, and then clickNext.
  14. If the certificate has a password, type the password on the Password page, and then click Next.
  15. On the Certificate Store page, click Place all certificates in the following store, and then click Next.
  16. Click Finish, and then click OK to confirm that the import was successful.

Bind the certificate to the mobilEcho file server port

Using the certificate management MMC plugin (certmgr.msc), open the certificate, then copy off its “thumbprint”, e.g.:

a8 13 a1 f4 d8 13 a1 f4 a8 13 a1 f4 d8 fd a4 a8 13 a1 f4 d8

Then, you must bind the certificate to mobilEcho’s HTTPS port (443 in the following example). On Windows Server 2003, the command is:

httpcfg set ssl -i [ip address]:443 -h [thumbprint without spaces]

For example:

httpcfg set ssl -i 10.10.2.1:443 -h a813a1f4d813a1f4a813a1f4d8fda4a813a1f4d8

On Windows Server 2008 or Windows Vista, the command is

netsh http add sslcert ipport=[ip address]:443 certhash=[thumbprint without spaces] appid={72876EC6-D443-48ef-ADD3-FA7A0CBC4762} certstorename=MY

For example:

netsh http add sslcert ipport=10.10.2.1:443 certhash=a813a1f4d813a1f4a813a1f4d8fda4a813a1f4d8 appid={72876EC6-D443-48ef-ADD3-FA7A0CBC4762} certstorename=MY

The certificate should now be bound to the port.

Adding a 3rd party issued SSL certificate to your mobilEcho Client Management Administrator web interface

Navigate to the mobilEcho Server program folder. The default location is: C:\Program Files (x86)\Group Logic\mobilEcho Server

Enter the ManagementUI folder and open the mobilEcho_manager.cfg file a text editor application. If your default language includes Unicode characters, be sure that your text editor is UTF-8 compatible and saves the config file in UTF-8 format.

Edit these three values in the config file:

HTTPS_USE_AUTOGENERATED_CERTS

This setting defaults to true. When set to true mobilEcho will generate a self-signed SSL certificate. This will allow network access to the mobilEcho Client Management web UI to be encrypted, but will produce a warning in most web browsers. If you would like to obtain, or already have, a third-party issued SSL certificate for this server, you can change this setting to false and enter the paths to your key and certificate in the related settings below.

HTTPS_KEY

Enter the path on disk to your certificate’s key.

HTTPS_CERT

Enter the path on disk to your certificate.

Once these values have been set, save the config file. In order for the settings to take effect, you will need to restart the mobilEcho Management service from the Windows Services control panel.