Run the Workspace ONE UEM executable file on your application servers to install the Workspace ONE UEM console and the Device Services features. Learn about how to run and install the Workspace ONE UEM installer on each application server.

When preparing to install VMware Workspace ONE UEM, take note of the following regarding the installer path,

  • The Workspace ONE UEM installer concretes the File Path in the Workspace ONE UEM Console during on a fresh install.
  • If you run the installer again during the upgrade and change the install path, or uninstall and reinstall to a new install path, then manually update the File Path in the console.
  • The File Path updates based on the install path on the first box installed. Install all boxes (CS/DS) on the same drive.

For the following procedure, if you are planning to use Windows authentication, then you must be logged in as the account you want to use or you must shift+right-click when you run the installer EXE file and select Run as different user.

  1. On the application server (which is either your Console or DS), open the XXXX Application folder and run the Workspace ONE UEM Application XXXX Full Install.exe.

    Execute the Workspace ONE UEM installer from an account with administrator privileges. To run the installer if you do not have administrative privileges, right-click and select Run as Administrator.

  2. The installer installs pending server prerequisites, if any.

    Certain software components you might be prompted to download, such as .NET and TLS, require a reboot. Reboot when prompted. The Workspace ONE UEM Installer automatically resumes after the prerequisites install.

  3. Click Next once the Workspace ONE UEM installer begins. The End User License Agreement (EULA) appears.
  4. Accept the EULA and select Next.
  5. Next, specify if you are importing or exporting any Workspace ONE UEM Setup Configurations from or to any other identically configured Workspace ONE UEM servers.
    • Disregard this setting if you are deploying Workspace ONE UEM without any load balanced High Availability (HA) or Disaster Recovery (DR) servers.
    • If you have multiple load-balanced Device Services servers, then you can export settings from the first Device Services server to use on any of the additional servers and increase install speed or import settings that you have previously exported. For more information, see (Optional) Run the Installer on Additional Application Servers.
  6. Select the Workspace ONE UEM features that you want to install on the specific server.
    • In a standard, multi-server environment, enable only the Workspace ONE UEM console features or the Workspace ONE UEM Device Services features for the respective server type.
  7. The Workspace ONE UEM Prerequisites screen displays to ensure that you meet the requirements. The installer checks for modules that are needed for a successful deployment of Workspace ONE UEM. You are prompted to install any missing components. Select Next.
  8. To install Workspace ONE UEM, select the directory. Then, select Next
  9. Enter information about the Workspace ONE UEM database.
    • Select Browse next to the Database server text box and select your Workspace ONE UEM database from the list of options. If you are using a custom port, do not select Browse. Use the following syntax: DBHostName,<customPortNumber > ,. To select the Database server, select Browse
      • Example: db.acme.com,8043
    • Select one of the following authentication methods:
      • To connect to the database, select Windows Authentication mode. Then, select Next. You are prompted to enter the service account that you want to use. This service account is used to run all the application pools and Workspace ONE UEM related services. This account must be an account that has Workspace ONE UEM Database access.
      • To connect to the database, choose SQL Server Authentication mode. You are prompted to enter the user name and password.
    • Enter the name of the Workspace ONE UEM database or browse the SQL server to select it from a list.
  10. Enter the Internal DNS URL or FQDN of the Console Server in the UEM console DNS/IP Address text box for the Web Console. Enter the External DNS for the Device Services External DNS name text box for the Device Services server.

    Ensure that you are entering the full internal DNS URL or FQDN of the Console Server in the Workspace ONE UEM console DNS/IP Address text box. Do not enter the shortname for the server. For example, if the Console server is awconsole.company.local, do not simply enter awconsole for your URL.

    Ensure that the DNS names are correct and there are no spaces after the end of each. If an error is made, the whole installation must be removed and reinstalled.

    Use HTTPS for the Console and Device Services servers.

    If your deployment uses legacy .NET SEG, select whether to enable support for the SOAP API endpoints to be SSL Offloaded by selecting API Server SSL Offloaded?.

  11. If the Global Enterprise Manager screen displays, then verify your Company name.
    • Enter your Company Name, which is your organization's SalesForce name provided by Workspace ONE UEM.
    • Select your Environment Type from the drop-down menu.
      • Production - Default
      • Development
      • QE
    • Enter your Installation Token from myAirWatch. See Installation Tokens for Application Servers.
  12. When prompted, selections for participating in the VMware Customer Experience Improvement Program.
    Note: The VMware Customer Experience Improvement Program (CEIP) provides information that VMware uses to improve its products and services, fix problems, and advise how best to deploy and use VMware products. This program is only available to on-premises Workspace ONE UEM deployments. The CEIP prompt appears when you install or upgrade Workspace ONE UEM. You must make a selection. You can change your selection any time afterwards from the Workspace ONE UEM console.
  13. Select the Workspace ONE UEM website. By default, the ‘Default Website’ is selected.
  14. If you choose to install the VMware AirWatch Cloud Messaging component (selected by default for the Device Services server), you receive a prompt to enter the AWCM settings:
    • Enter 0.0.0.0 for the value of the listening address, which is a wildcard value that tells AWCM to listen on all available interfaces on the server.

      The value for listening address might be a specific IP address matching an interface on the server if this is needed per your network deployment.

      Use 2001 as the AWCM Services Port. Consult your Workspace ONE UEM account services representative before using another port.

    • Best practice is to use a publicly trusted SSL certificate. Select the Use custom SSL Certificate instead of built-in Workspace ONE UEM Certificate check box and locate the PFX file of your SSL certificate.

      If you are using your own certificate, ensure that you extract the full chain as part of the PFX file before uploading it.

      To use a Workspace ONE UEM certificate without configuration automatically, ensure that Use custom SSL Certificate instead of built-in Workspace ONE UEM certificate? is deactivated.

    • If using SSL offloading through your load balancer, enable AWCM Server SSL Offloaded? and enter in the load balancer hostname.  If you are not SSL Offloading AWCM, then you must upload your Device Services certificate for AWCM.
  15. When deploying AWCM nodes, select a clustering mode.
    • Implicit Clustering – The default, recommended method. Requires load balancer-based persistence.
    • Explicit Clustering – An alternative method for deploying multiple AWCM Nodes that does not use load balancer-based persistence – data is shared in memory across all nodes. For more information, see the VMware AirWatch Cloud Messaging Guide.
  16. Click Install when prompted.

    If you install using Windows Server 2016 or Windows Server 2019 Desktop Experience, a dialog box prompts you to deactivate HTTP2 support. Deactivate support and continue.

  17. When prompted, choose participation in the VMware Customer Experience Improvement Program.
    Note: The VMware Customer Experience Improvement Program (CEIP) provides information that VMware uses to improve its products and services, fix problems, and advise how best to deploy and use VMware products. This program is only available to on-premises Workspace ONE UEM deployments. The CEIP prompt appears when you install or upgrade Workspace ONE UEM. You must make a selection. You can change your selection any time afterwards from the Workspace ONE UEM console.
  18. Click Finish once all the files are copied to the server to complete the Workspace ONE UEM installation. View the installation log file by selecting a check box before Finish is selected.
  19. Close Internet Explorer and run your default browser.

    For the Console: To verify that the Workspace ONE UEM console renders successfully, type https://localhost/airwatch.

    For Device Services: To verify that the device Group ID prompt shows, type https://localhost/devicemanagement/enrollment.

    Since the SSL certificate is not bound to the local host session, an error displays. To view the site, select Proceed. The first time the website displays, it might take up to minute to resolve.

  20. If necessary, reset IIS using the Command Prompt to bring the site online: iisreset

As part of the standard, multi-server installation, you must now go through the procedure again, this time for the other app servers. If you have extra device services servers, then you must run the installer on each additional Device Services server.

If you are enabling SQL AlwaysOn, you must replicate the SQL Agent Jobs on the any additional database servers. For more information, see Replicating SQL Agent Jobs on the Secondary Database Server.