Server side configuration

There are three simple things that has to be true in order to enable Orchestrator Mobile to connect to System Center Orchestrator System:

– Phone has to have htpp(s) connectivity to Orchestrator Web Service

– Orchestrator Web Service must be configured to allow Basic authentication (Windows Phone does not support Windows Authentication)

– If https is used than server certificate must be valid (trusted on the phone, not expired and with valid name – wildcard is also OK)


Access only from LAN scenario:

If you only want to use Orchestrator Mobile when you are connected (over Wi-Fi) to the same network that Orchestrator server is in than the best solution is to install Orchestrator Web Service on a new (dedicated) server. After installation you have to configure it to use Basic authentication (instead of Windows Integrated), like this:


That’s basically it. Please note that if you use https, you have to have a valid server certificate.


Access from the Internet:

In order to enable Orchestrator Mobile to connect to Orchestrator Web Service from the internet, you have to publish it over a reverse proxy (like Microsoft Forefront TMG). You can find a guide about publishing in Forefront TMG 2010 here. Please take the following things into consideration:

– Host header must be forwarded to destination server

– You must not use any url rewrite features

– Authentication on the listener must be HTTP Basic

– If you use SLL (https), certificate has to be valid – certificates with wildcard names (like * are also OK. I strongly recommend using https when publishing production systems.



Please note that this guide is provided as is with no waranty. If you have a specific problem or question don’t hesitate to send me an email to and I will try to help you.