Chapter 2: Installing MapPoint Location Server
This chapter describes the prerequisites for installing MapPoint Location Server, outlines how to install and uninstall MapPoint Location Server, and describes how to verify a MapPoint Location Server installation and how to keep your deployment secure.
On This Page
.gif){kind=icon}
Prerequisites
MapPoint Location Server Setup Programs
Installing the MapPoint Location Server Database
Installing MapPoint Location Server Web Service
Installing the MapPoint Location Server Management Console
Verifying an Installation
Keeping Your Deployment Secure
Uninstalling MapPoint Location Server
Prerequisites
This section describes the software and hardware requirements for each MapPoint Location Server component and then lists the accounts and groups that are necessary for MapPoint Location Server to run properly.
Hardware Requirements
Table 1 lists the minimum hardware requirements for each computer that hosts a MapPoint Location Server component.
Table 1. Hardware requirements
|
MapPoint Location Server database |
MapPoint Location Server Web Service |
MapPoint Location Server management console |
|---|---|---|---|
Processor |
1-gigahertz (GHz) class or higher Intel processor |
1-GHz class or higher Intel processor |
500-MHz class or higher processor |
Memory |
1 gigabyte (GB) of random access memory (RAM) |
1 GB of RAM |
128 MB of RAM |
Hard disk space |
30 GB available hard disk space |
30 GB available hard disk space |
20 MB available hard disk space |
Miscellaneous |
Network interface card (NIC) CD-ROM drive (recommended) |
NIC CD-ROM drive (recommended) |
NIC CD-ROM drive (recommended) |
Software Requirements
The MapPoint Location Server database, MapPoint Location Server Web Service, and the MapPoint Location Server management console each have specific software requirements.
MapPoint Location Server Database
The computer on which the MapPoint Location Server database is installed requires the following software:
Microsoft Windows® 2000 Server with Service Pack 4 (SP4) or later, or Microsoft Windows Server 2003, Standard Edition.
Microsoft SQL Server™ 2000 with SP3 or later.
In addition, this computer must be a member of an existing Microsoft Active Directory® domain and Secure Sockets Layer (SSL) must be enabled for the computer. For more information, see the Microsoft Knowledge Base Article, Enable SSL Encryption for SQL Server 2000 with Microsoft Management Console.
Important At the time this guide was published, this knowledge base article contained incorrect instructions for specifying the friendly name of the SQL Server's SSL certificate (Step 2d in Steps to Use to Install a Certificate on a Server with Microsoft Management Console). The friendly name must be set to the name of the computer running SQL Server; you cannot provide an arbitrary name or leave the name blank.
In addition, do not select Force protocol encryption on either the computer running MapPoint Location Server Web Service or the computer running SQL Server because this option forces the use of SSL for all connections between the two computers. The Web service makes selective use of SSL for sensitive queries and updates. Therefore, the Web service cannot run properly if Force Protocol encryption is selected.
MapPoint Location Server Web Service
The computer hosting MapPoint Location Server Web Service requires the following software:
Microsoft Windows® 2000 Server with Service Pack 4 (SP4) or later, or Microsoft Windows Server 2003, Standard Edition.
Important If you install all MapPoint Location Server components on a single computer, there are issues related to the operating system that you should be aware of:
If you install MapPoint Location Server Web Service on a Microsoft Windows® 2000 domain controller, each user that you provision for MapPoint Location Server requires allow log on locally permissions for the domain controller. Otherwise, users cannot log on to MapPoint Location Server even if they have been correctly provisioned.
If you install Windows 2003 Server on the computer on which you plan to install MapPoint Location Server Web Service, and you plan to make that computer a domain controller, you must perform the following tasks in sequence; otherwise MapPoint Location Server Web Service will not function properly:
Promote the server to a domain controller.
Apply the Application Server role.
Install MapPoint Location Server Web Service.
Microsoft Internet Information Server (IIS), version 5.0 or later.
A 128-bit Secure Sockets Layer (SSL) certificate, associated with the fully qualified domain name (for example, www.fabrikam.com) of the Web server, installed on the default Web site.
Microsoft Data Access Components (MDAC) 2.8, which you can download from this page in the Microsoft Download Center.
Microsoft .NET Framework 1.1 Redistributable Package, which you can download from this page in the Microsoft Download Center.
In addition, the computer must be a member of an existing Active Directory domain, and the root certificate used for verifying the SSL certificate on the instance of SQL Server must be installed on the computer running MapPoint Location Server Web Service. For more information about certificates, see the following articles in the Microsoft Knowledge Base:
Installing a New Certificate with Certificate Wizard for Use in SSL/TLS.
Generating a Certificate Request File Using the Certificate Wizard in IIS 5.0.
Obtain a Test Certificate or a Test Client Authentication Certificate.
MapPoint Location Server Management Console
The computer hosting the MapPoint Location Server Management Console requires the following software:
Windows 2000 Professional with SP3 later or Windows XP Professional with SP1 or later.
MDAC 2.8
Microsoft .NET Framework 1.1 Redistributable Package.
In addition, the root certificate used for verifying the SSL certificate on the instance of SQL Server must be installed on the computer. For more information about certificates, see the following articles in the Microsoft Knowledge Base:
Installing a New Certificate with Certificate Wizard for Use in SSL/TLS.
Generating a Certificate Request File Using the Certificate Wizard in IIS 5.0.
Obtain a Test Certificate or a Test Client Authentication Certificate.
Accounts and Groups
Two domain groups and one domain account are required in order for MapPoint Location Server to be installed successfully and function properly.
**MlsAdministrators—**Members of this domain group have full administrative privileges for MapPoint Location Server. This group must exist either in the current domain or a trusted domain of the computer running SQL Server.
Security note Restrict membership in this group to key personnel. A malicious user who is a member of this group can modify the MapPoint Location Server Web Service Web.config file to point to a different instance of SQL Server, and then provision unauthorized users, and so on.
**MlsUserAdministrators—**Members of this domain group can add and remove users and manage contact lists. This group must exist either in the current domain or a trusted domain of the computer running SQL Server.
**MlsWebService—**MapPoint Location Server Web Service uses this domain account to access the MapPoint Location server database. This account must exist either in the current domain or a trusted domain of the computer running the SQL Server.
In addition, a valid MapPoint Web Service account is required. For more information about how to obtain a MapPoint Web Service account, see this page on microsoft.com.
MapPoint Location Server Setup Programs
The three main components of MapPoint Location Server must be installed in the following order:
MapPoint Location Server database
MapPoint Location Server Web Service
Location Server management console
In addition to these core components, you can also install location providers and notification providers. These are specific to each mobile operator, and although all providers share common features, there may be differences in the way that different mobile operators package these components. For more information, see the documentation for each provider. Customers with valid MapPoint Web Service accounts can download the location providers from the MapPoint Web Service Customer Services site, a secure Web site on the Microsoft extranet.
MapPoint Location Server includes three Setup programs:
MapPoint Location Server database
MapPoint Location Server Web Service and the MapPoint Location Server management console
Note With this Setup program, you can opt to install one or both components. However, if you install the Web service by itself and then decide you want to install the management console on the same computer, you must uninstall the Web service and then rerun Setup to install both components.
Security note Although you can install MapPoint Location Server Web Service and the MapPoint Location Server management console on the same computer, this is not recommended for a production environment. MapPoint Location Server Web Service is accessible over the Internet, and installing both components on a single computer can pose a security risk.
MapPoint Location Server management console only
Separate Setup programs for the MapPoint Location Server database and MapPoint Location Server Web Service facilitate the installation of MapPoint Location Server in the recommended deployment configuration; that is, MapPoint Location Server Web Service running on a server in a perimeter network and the MapPoint Location Server database running on a database server behind an inner firewall. Separate programs are also useful because in most enterprises, different administrators are responsible for database installations and Web service installations.
You can also opt to install MapPoint Location Server Web Service and the MapPoint Location Server management console on separate computers. For example, you might want to install the management console on your desktop only.
Installing the MapPoint Location Server Database
As mentioned earlier, the MapPoint Location Server database must be installed before you install the other MapPoint Location Server components. The installation process creates the database, applies schema attributes, and configures necessary user permissions.
The following requirements must be met before you install the MapPoint Location Server database:
You must be a member of the local administrators group on the computer running SQL Server.
The MlsWebService domain account, MlsUserAdministrators domain group, and the MlsAdministrators domain group must exist either in the current domain or a trusted domain of the computer running SQL Server.
Secure Sockets Layer (SSL), while not required for installing the MapPoint Location Server database, must be enabled on the computer running SQL Server to install MapPoint Location Server Web Service and the MapPoint Location Server management console. For more information, see "Troubleshooting" later in this guide.
For hardware and software requirements, see "Prerequisites" earlier in this guide.
To install the MapPoint Location Server database
Double-click the <CD>:\Location Server\Database\setup.exe file.
After the InstallShield Wizard starts, click Next.
Accept the default installation folder, or click Browse to choose another folder, and then click Next.
In the Account Information dialog box, type the name of the MlsAdministrators domain group, the name of the MlsUserAdministrators domain group, and the name of the MlsWebService domain account, and then click Next.
Note The domain fields are populated with the current domain of the computer. If necessary, change these fields to reflect the name of the domain in which the account and groups were created.
In the SQL Server Information dialog box, type the name of the SQL Server instance or leave the Use default instance check box selected. Type a name for the database, or use the default name (LocationServerDB), and then click Next.
In the SQL File Location dialog box, either leave the Use Default Paths check box selected or type the name of the data file and log file paths, and then click Next.
Review the information you've supplied, and if the information is correct, click Next.
When prompted to view the log, click Yes or No, and then click Finish to complete the installation.
Installing MapPoint Location Server Web Service
You must have local administrator privileges to install MapPoint Location Server Web Service. You'll also need the following information:
The name of the instance of SQL Server on which the MapPoint Location Server database in installed.
The name of the MapPoint Location Server database.
The password for the MlsWebService account. (For more information about how to obtain a MapPoint Web Service account, see this page on microsoft.com.)
The user ID and password for your MapPoint Web Service account.
The maximum number of contacts allowed in a contact list (the default value is 100).
The expiration time (in seconds) for semi-synchronous location calls from the cache (the default value is 60 seconds).
The fully-qualified domain name (FQDN) of the Simple Mail Transfer Protocol (SMTP) server that you want to use for sending notifications.
The From address for notifications (the default is blank, although you must provide a value before Setup can continue).
To install MapPoint Location Server Web Service
Double-click the <CD>:\Location Server\Web Service\setup.exe file.
When the InstallShield Wizard starts, click Next.
From the installation options, select Web Service (and optionally, Management Console), either accept the default installation folder, or click Browse to choose another folder, and then click Next.
Security note Although you can install MapPoint Location Server Web Service and the MapPoint Location Server management console on the same computer, this is not recommended. MapPoint Location Server Web Service is accessible over the Internet, and installing both components on a single computer can pose an unnecessary security risk.
Note For Setup to continue installing MapPoint Location Server Web Service, SSL must be configured on the default Web site.
In the SQL Server Information dialog box, type the name of the instance of SQL Server and the name of the MapPoint Location Server database (or accept the default database name), and then click Next.
In the MapPoint Web Service Information dialog box, type the MapPoint Web Service user name and password, and then click Next.
In the Web Service Information dialog box, do the following:
Review the default entry (the default FQDN of the Web server on which you are installing MapPoint Location Server Web Service). If the Web server has a different FQDN that you want to use, type it in the field.
Type the domain and name for the MLSWebService account, type and confirm the password for the account, and then click Next.
In the Server Setup Information dialog box, do the following:
In Contacts, type the maximum number of contacts with which each user can be associated (the default is 100).
In Cache Information, type the cache time-out in seconds (the default is 60), and then click Next.
In the SMTP Information dialog box, do the following:
Type the FQDN of the SMTP server that you want MapPoint Location Server Web Service to use to send notifications.
Accept the default encoding character set (ASCII), or type another character set.
Type the From address, and then click Next.
Note Notifications can be sent only if the SMTP service is running.
Select the Category region to use with the Find Nearby feature, and then click Next. The available options are North American categories, European categories, or Do not install any categories.
Setup begins copying files.
When the files have been copied successfully, click Finish.
Installing the MapPoint Location Server Management Console
If you want to install the MapPoint Location Server management console on a computer other than the one running MapPoint Location Server Web Service, use the Setup program that installs the management console only.
If you are installing the management console on the same computer as the Web service, use the Setup program that also contains the Web service and install both components at the same time. You cannot use the Setup program that contains only the management console to install the management console on the same computer as the Web service.
You must have local administrator privileges to install the MapPoint Location Server management console. The computer on which you install the management console must have access to the Internet because the management console must access MapPoint Web Service. You'll also need the following information:
The name of the instance of SQL Server on which the MapPoint Location Server database is installed.
The name of the MapPoint Location Server database.
To install the management console
Double-click the <CD>:\Location Server\Management Console\setup.exe file.
When the InstallShield Wizard starts, click Next.
In the SQL Server Information dialog box, type the name of the instance of SQL Server and the name of the MapPoint Location Server database, and then click Next.
Setup begins copying files.
When the files have been copied successfully, click Finish.
Verifying an Installation
After you install all MapPoint Location Server components, use the following tests to verify that your installation of MapPoint Location Server is functioning correctly.
To verify your installation
In the MapPoint Location Server management console, expand the Global Settings node, and then verify that the values displayed in the details pane are the same as the values you provided during MapPoint Location Server Web Service setup.
In the management console, expand the Users node, and then add yourself as a user, and choose Microsoft.MapPoint.LocationServer.DemoLocationProvider as your location provider and Microsoft.MapPoint.LocationServer.SMTPProvider as your notification provider. Verify that this information is added to the MapPoint Location Server Database correctly by exiting the management console, restarting it, and viewing the information displayed in details pane when you expand the Users node. For information about how to add users, see "Managing Users" later in this guide.
Run Microsoft Internet Explorer on which MapPoint Location Server Web Service and navigate to the following URL:
https://<yourdomain>/mmlsservice/locationservice.asmx
Type your domain credentials when prompted, click GetUserInfo, and then click Invoke.
An XML file containing your user information should be displayed.
Install the MapPoint Mobile Locator for PC client, configure it to use MapPoint Location Server, and then use MapPoint Mobile Locator to find an address and driving directions. For more information, see Microsoft MapPoint Mobile Locator for PC User Guide.
Add location entries for your phone number to the Testlocations.txt file for the demo provider. Restart the IIS service to ensure that these changes are picked up by MapPoint Location Server Web Service. Now use MapPoint Mobile Locator to find your current location. You should get a map corresponding to the latitude and longitude pair you supplied for your phone number in the Testlocations.txt file. For more information, see "Using the Demonstration Location Provider" later in this guide.
If the previous steps are successful, install the location and notification providers for your mobile operator (refer to the provider document for installation instructions specific to the providers) and modify the existing users to use these providers or add new users that use these providers. Use the Mobile Locator to find these users and verify that you get a map corresponding to the real locations of these users' mobile phones. For more information, see "Adding Providers" later in this guide.
Keeping Your Deployment Secure
This section discusses known vulnerabilities and how to mitigate the risks associated with them. For more information about security, visit the Technet Security Resource Center.
The Technet Security Resource Center is updated frequently. Microsoft recommends that you visit this Web site regularly.
MlsWebService Password Stored in File
The MlsWebService account password is encrypted with the Microsoft Win32® Data Protection API (DPAPI) and stored in the IIS Web.config file. Only the local and global administrator accounts, the local ASP.NET account, and members of the MLSAdministrators group have access to it. If a hacker obtains the password, the hacker can impersonate the MlsWebService account and access and subsequently update the MapPoint Location Server database. The hacker can access and modify the contact lists and privacy settings of all users. Other potential risks include repudiation, information disclosure, and denial of service to the Web server.
To mitigate this vulnerability, Microsoft recommends the following practices:
Use a non-obvious account name for the MlsWebService and keep it secret.
Evaluate the security risk of running other Web services on the computer running MapPoint Location Server.
MapPoint Location Server Web Service Uses Clear Text Authentication
Because MapPoint Location Server Web Service uses basic (clear text) IIS authentication, a malicious enterprise user or hacker could launch a brute-force attack to guess the password of an enterprise user. The malicious party could then use this password to break into the enterprise network, impersonate the user, locate the user's contacts, change the user's contact list, or access the user's private data.
To mitigate this vulnerability, Microsoft recommends that the enterprise enforce the following practices:
Strong passwords
An Active Directory lock-out policy
Database Synchronization Is Not Automated
MapPoint Location Server user data is synchronized with Active Directory user data by means of the Active Directory Sync tool, which you run on a scheduled basis to ensure that changes to user data are current in both Active Directory and the MapPoint Location Server database. If a provisioned user is deleted from Active Directory, that user's MapPoint Location Server account remains active until the MapPoint Location Server database is updated with the Active Directory Sync tool. Furthermore, if a user account is deleted from Active Directory and replaced with a new user account with the same domain and alias, the new user can start using MapPoint Location Server even though he or she has not been explicitly provisioned on the MapPoint Location Server system, and he or she can access all of the original user's contacts.
To mitigate this vulnerability, Microsoft recommends the following practices:
Run the Active Directory Sync Tool on a regular and frequent schedule.
Do not reassign the domain and alias of a provisioned user to another user until the MapPoint Location Server administrator verifies that the original user's account has been successfully removed from the MapPoint Location Server database.
Uninstalling MapPoint Location Server
You can remove MapPoint Location Server components by using Add/Remove Programs in Control Panel.
To remove the MapPoint Location Server database
In Control Panel, double-click Add/Remove Programs.
Click Microsoft MapPoint Location Server Database 1.0.
Click Change/Remove. The following message is displayed:
"Setup will not remove your database; you must do this manually. Do you want to proceed?"
To continue, click Yes, or to cancel, click No. If you click Yes, the following message is displayed:
"Are you sure you want to remove Microsoft MapPoint Location Server Database 1.0?"
To continue, click Yes, or to cancel, click No. If you click Yes, the InstallShield Wizard starts and removes from the computer all files copied during the installation.
The database itself is not deleted. Use SQL Server Enterprise Manager to delete the database if you want to.
When the process is complete, click Finish.
To remove MapPoint Location Server Web Service
This procedure also removes the management console, if it is installed on the same computer.
Note If you install MapPoint Location Server Web Service and the MapPoint Location Server database on the same computer, and you then uninstall and reinstall the Web service without removing the database, the following error appears during Setup:
"An error occurred installing the Find Nearby categories. Do you want to view the error log?"
This error is expected and occurs because the data in the MapPoint Location Server database has been preserved.
In Control Panel, double-click Add/Remove Programs.
Click Microsoft MapPoint Location Server Web Service 1.0.
Click Change/Remove. The following message is displayed:
"Are you sure you want to completely remove Microsoft Location Web Services 1.0 and all of its components?"
To continue, click OK, or to cancel, click Cancel. If you click OK, the InstallShield Wizard starts and removes all Location Server Web Service and Management Console components from the computer.
When the wizard has completed the uninstall process, click Finish.
To remove the MapPoint Location Server management console
Note Use this procedure if the management console is installed on a different computer from the Web Service. If the computer is installed on the same computer, use the previous procedure.
In Control Panel, double-click Add/Remove Programs.
Click Microsoft MapPoint Location Server Management Console 1.0.
Click Change/Remove. The following message is displayed:
"Do you want to completely remove the selected application and all of its features?"
To continue, click OK, or to cancel, click Cancel. If you click OK, the InstallShield Wizard starts and removes all MapPoint Location Server management console components from the computer.
When the process is complete, click Finish.