There are three simple things that has to be true in order to enable Orchestrator Mobile to connect to System Center Orchestrator System:
– Phone has to have htpp(s) connectivity to Orchestrator Web Service
– Orchestrator Web Service must be configured to allow Basic authentication (Windows Phone does not support Windows Authentication)
– If https is used than server certificate must be valid (trusted on the phone, not expired and with valid name – wildcard is also OK)
Access only from LAN scenario:
If you only want to use Orchestrator Mobile when you are connected (over Wi-Fi) to the same network that Orchestrator server is in than the best solution is to install Orchestrator Web Service on a new (dedicated) server. After installation you have to configure it to use Basic authentication (instead of Windows Integrated), like this:
That’s basically it. Please note that if you use https, you have to have a valid server certificate.
Access from the Internet:
In order to enable Orchestrator Mobile to connect to Orchestrator Web Service from the internet, you have to publish it over a reverse proxy (like Microsoft Forefront TMG). You can find a guide about publishing in Forefront TMG 2010 here. Please take the following things into consideration:
– Host header must be forwarded to destination server
– You must not use any url rewrite features
– Authentication on the listener must be HTTP Basic
– If you use SLL (https), certificate has to be valid – certificates with wildcard names (like *.something.com) are also OK. I strongly recommend using https when publishing production systems.
Please note that this guide is provided as is with no waranty. If you have a specific problem or question don’t hesitate to send me an email to jure@purgar.net and I will try to help you.