1. Ensure prerequisites are installed.
To install SMS2, please make sure you have the following properly installed and configured:
If you haven’t done so already, please download SMS2. You can request a copy of SMS2 here.
2. Run the setup program as the administrator.
To do so, Right Click on the setup file and click “Run as administrator”.
3. Welcome to setup. Click next.
4. Select the options you wish to install.
SMS2 comes with three core service requirements: AuthEngine Service, CloudSMS Service, OATHCalc Service. All three are needed for SMS2 to run properly. Though you can choose not to install them if you are installing other components such as AdminGUI or RADIUS extensions which can connect to another SMS2 Server over the network.
The Citrix Web Interface Extensions can be installed in order to extend the Citrix Web Interface and remove the need for RADIUS if you wish. These extensions would normally be used if you are deploying a Citrix Access Gateway with authentication through the Web Interface or you are deploying a Citrix Secure Gateway.
5. Select the client applications that you need.
Most installations will only need the AdminGUI, as it’s used by users to change their own per user settings within SMS2.
6. Choose the installation path; click next.
7. Confirm the installation and click next.
8. Configure network settings.
While the default settings will work for most installations, you may need to change the settings in certain situations. For example, if you are deploying SMS2 to protect multiple XenApp or XenDesktop server, it would be well advised to set the servers LAN IP address manually rather than the ‘localhost’ or ‘127.0.0.1’ loopback address.
If you are running a multiserver deployment of XenApp or XenDesktop please change the network address to the server’s LAN IP address.
9. Set the Active Directory and Text Local (CloudSMS) credentials.
You should provide SMS2 with a service account that can be used to query for users within Active Directory. You should not use the administrator account since it will stop working once the admin password is changed.
If you wish to send text message for authentication, please supply a username and password for “Text Local”. Future releases will support other providers.
10. Set SQL server details.
You can use SQL Server Express or Enterprise. Both local and network installations are supported.
10.1. Example SQL server setup.
In this example we’ll use a local SQL Express server setup with integrated security. Note that no username, password, or part are needed for this type of connection.
10.2. Ensure the connection to SQL works.
You can click on the “Test Connection” button in-order to test configuration settings. If you see “Test successful” that means everything works. If not, check your settings and SQL installation are properly configured.
10.3. Click done when ready to move on.
11. Ensure setup options are as expected.
12. Select the installation location of your Citrix Web Interface 5.x.
This screen will only appear if you are installing the Web Interface extensions.
13. Complete install.
14. Install the supplied trial license (if you don’t have your own yet).
We give you a trial license with your installation of SMS2. You need to register for a full license. Registration (and the full license) is free at www.wrightcss.com
14.1. Copy the supplied trial license.
14.2. Copy the trial license into the “Settings” folder inside the SMS2 installation directory.
By default, SMS2 will install into c:Program FilesWright … Inside you’ll find the “Settings folder”. Copy the license file into this folder.
14.3. If you’re asked, overwrite the license file that is already in the Settings folder.
15. In the settings folder, open the ‘configuration.xml’ file.
Using your favourite text editor, open ‘configuration.xml’. You can use NotePad to open this file.
16. If you want Authentication to be enabled by default, change the settings here.
17. (Optional) Setup Authentication Defaults Exceptions.
You can set exceptions to the default rules for Authentication. These will do the opposite of the previously set Authentication setting.
For example, if ‘authengine default’ was set to yes, users within this exception group would not use SMS2; they would not have two factor authentication enabled because it’s the opposite of the default setting. On the other hand, if ‘authengine default’ were set to no, then users within this group would use SMS2 while everyone else would not.
By using this with the Web Interface extensions, these settings allow SMS2 to be used for only a small subset of users such as teachers or finance staff or off for a specific group.
We suggest you either change the group name to either “SMS2-Users” or “No-SMS2” depending on your needs. Then create an active directory group for them.
18. Double check the TextLocal and Active Directory credentials.
Make sure the credentials you entered during setup are correct.
19. Save the configuration.xml file and load “services.msc”
“service.msc” can be opened through the Windows Run dialog.
20. Start the AuthEngine service.
If you made changes to the TextLocal username/password you should restart CloudSMS as well.
21. Check to make sure all the services are started.
22. Load the AdminGUI application.
22.1 Make sure you’re running AdminGUI as a regular domain user.
AdminGUI will not run as a local administrator nor local user. So make sure you’re running it as a regular domain user user.
AdminGUI uses passthrough authentication to ensure you are the user which you claim to be. Each time it’s opened it will actively authenticate the user before allowing access to the console. Since SMS2 has been configured to use Active Directory, it will not allow local user accounts to authenticate.
The benefit of this is that AdminGUI can be published via XenApp to all users. This will allow them to enter their own credentials therefor significantly reducing the burden on the IT department.
22.2. If there is no AdminGUI shortcut, create a link to it from the folder shown.
23. SMS2 Setup Complete! Welcome to SMS2.
SMS2 is now setup. Enabled users who login via the Web Interface (if you installed the extensions) will get passcodes sent to their mobile phones. They will have to set their mobile number in the AdminGui.
