To install the Directory Sync, User Auth, and Kerberos Auth services from the command line instead of the graphical user interface, run the Workspace ONE Access connector installer in silent mode. You can specify installation options either in an XML file or enter them on the command-line directly.

Prerequisites

  • See the installation prerequisites listed in Prerequisites for Installing the Workspace ONE Access Connector.
  • In the Workspace ONE Access console's Identity & Access Management > Setup > Connectors page, click New to run the New Connector wizard. The wizard guides you to download the Workspace ONE Access connector installer and a configuration file that establishes communication between the connector and the tenant. The configuration file is named es-config.json by default.

    While setting the password for the configuration file, make sure that it has a minimum of 14 characters and includes an uppercase character, a lowercase character, a numeric digit, and a special character. Do not use the & or % characters. All characters must be visible, printing ASCII characters.

    Transfer the files to the Windows server on which you are installing the connector.

    Caution: The configuration file contains sensitive information such as the tenant URL, tenant ID, the client ID and client secret for each of the enterprise services, and the password hash. It is critical that you do not share the file or expose it publicly.
    Note: You might need to use a browser other than Internet Explorer to download the files. Default Internet Explorer settings might prevent you from downloading the files.
  • If you want to specify your installation options in an XML file instead of entering them on the command line, create the XML file first. See Creating an XML File for Silent Mode Installation.

Procedure

  1. Log in to the Windows server.
  2. Open a command prompt window.
  3. Go to the directory that contains the Workspace ONE Access connector installer.
  4. Run the Workspace ONE Access connector installer in silent mode.
    • If you are using an XML file to specify your installation options, run the following command:

      Workspace ONE Access Connector Installer.exe /s /v” /qn WS1_CONFIG_FILE_PASSWORD=password WS1_SETUP_CONFIG_FILE=filepath /l*v logfilepath"

      • /s /v” /qn specifies silent mode.
      • WS1_CONFIG_FILE_PASSWORD specifies the password of the configuration file that you downloaded from the New Connector wizard in the Workspace ONE Access console.
      • WS1_SETUP_CONFIG_FILE specifies the path to your installation settings XML file.
      • /l*v specifies the path to the installer log file to create.

      Also, if you specified any installation options in the XML file that require a password, you must enter the password on the command line. Passwords are not stored in the XML file. For example, to specify a proxy server that requires authentication, you specify the proxy host name, port, and user name in the XML file, and enter the proxy user password on the command line.

      For example:

      Workspace ONE Access Connector Installer.exe /s /v” /qn WS1_CONFIG_FILE_PASSWORD=123456 WS1_PROXY_PASSWORD=7891011 WS1_SETUP_CONFIG_FILE=C:\MyConnector\connectorinstall.xml /l*v C:\MyConnector\connectorinstall.log”

    • If you want to enter your installation options directly on the command line instead of using an XML file, run the following command:

      Workspace ONE Access Connector Installer.exe /s /v” /qn WS1_CONFIG_FILE_PATH=configFilepath WS1_CONFIG_FILE_PASSWORD=password OtherInstallationOptions /l*v logfilepath

      • /s /v” /qn specifies silent mode.
      • WS1_CONFIG_FILE_PATH specifies the path to the configuration file that you downloaded from the New Connector wizard in the Workspace ONE Access console. The default name of the file is es-config.json.
      • WS1_CONFIG_FILE_PASSWORD specifies the password of the configuration file.
      • /l specifies the path to the installer log file you want to use.
      • OtherInstallationOptions includes one or more of the properties listed in Silent Mode Installation Properties. You must specify the required properties. Use the format propertyname=propertyvalue.

      For example:

      Workspace ONE Access Connector Installer.exe /s /v” /qn WS1_CONFIG_FILE_PATH=C:\ConnectorInstaller\es-config.json WS1_CONFIG_FILE_PASSWORD=123456 ADDLOCAL=UserAuthService WS1_IS_PROXY_ENABLED=1 WS1_PROXY_HOSTNAME=myproxy.example.com WS1_PROXY_PORT=443 /l*v C:\MyConnector\connectorinstall.log”

  5. After the command completes successfully, verify that the services are running on the Windows server.
    Service names:
    • VMware Directory Sync Service
    • VMware User Auth Service
    • VMware Kerberos Auth Service
  6. Go to the Workspace ONE Access console, refresh the Identity & Access Management > Setup > Connectors page, and verify that the new services appear and are in Active state.
    If the installation fails, delete both the installer and the configuration file that you downloaded from the Workspace ONE Access console, then start the installation process again.

Results

After successful installation, the enterprise services that you installed are registered with the Workspace ONE Access tenant and appear on the Connectors page in the Workspace ONE Access console.

The services for server1.example.com display Active status and green health.

What to do next

  • In the Workspace ONE Access console, configure the enterprise services you installed. For information about integrating directories using the Directory Sync service, see Directory Integration with Workspace ONE Access. For information about configuring authentication using the User Auth or Kerberos Auth service, see Managing User Authentication Methods in VMware Workspace ONE.
  • (Kerberos Auth service only) If you are using the Workspace ONE Access generated self-signed certificate for the Kerberos Auth service, you need to add the root certificate generated by Workspace ONE Access to clients' truststores. You can get the root certificate, root_ca.per, from INSTALLDIR\Workspace ONE Access\Kerberos Auth Service\conf.

    While you can use the self-signed certificate for testing purposes, trusted SSL certificates signed by a public or internal CA are recommended for production usage. See Uploading an SSL Certificate for the Workspace ONE Access Connector (Kerberos Auth Service Only).