Windows 2008 Terminal Server Published App with ACS.

Over the past few months we have been testing Windows 2008 Terminal Server Published Apps and I am very impressed.  With Published App, we are able to push a program to the users desktop via Terminal Server, without having to push the whole remote desktop.  We are able to just push the program.  And it works GREAT!

How are we using it?  Our Church Management System is ACS (Automated Church Systems, www.acstechnologies.com).  Our database resides on a local server.  Then, there is a client that accesses the database server.  This works great over a 100+ MB connection, but not so well over wireless, and impossible via VPN.  This is where Windows 2008 Terminal Server Published App comes into play.  We were able to install a Windows 2008 Server, install Terminal Server with Published Application support, install ACS and then publish the program.  It’s that easy.  What’s great is that it can run on the LAN, WAN, Wireless, you name it.  And, the user wouldn’t know that the program isn’t installed on their computer. 

Another great benefit is that when we perform an update to ACS, we only have to do it once on the Terminal Server and anyone that uses ACS via published app will automatically be updated. 

We will be using Windows 2008 Published App for our Check-in Stations, as well as for our Regional Campuses (WAN) where it would be impossible to push ACS and Televantage through the VPN.  If you haven’t installed an played with Windows 2008 Terminal Server and Published Apps, I highly recommend you doing so.  You won’t be dissappointed.

Next Level Leadership Conference

The Next Level Leadership Conference is distinctly different from most. It’s designed especially for leaders of churches who want close interaction with pastors who’ve navigated from one level of ministry to the next, time and again.

Savannah Christian Church has grown from a few hundred to 6,000 worshipers in the last decade. Along the way, we’ve discovered that when you figure out how to do ministry at one level, you have to make changes for the next. And fast.

For six years, we’ve been helping churches like yours get inspired and get ready for what’s next. We’ve traveled the road you’re traveling. We’ve had success and experienced God’s blessings on our ministry. We’ve also made mistakes.

At this conference, we open our church for a behind-the-scenes peek at how we do ministry and honest talk about your next moves. You’ll leave inspired and equipped to take your ministry to the next level.

www.sccnextlevel.com

Scanning MACs with Spiceworks

Here at Savannah Christian Church, we use Spiceworks (www.spiceworks.com) for our IT Inventory and Help Desk database.  We’ve been using it for about a year now, and it works great.  Spiceworks has the ability to scan Windows via Windows Accounts and/or Domain Accounts; MAC/Unix/Lunix via SSH; and Network hardware via SNMP.  Until recently, we just used Spiceworks to scan for our PCs and network gear.   We have finally got around to looking at what it takes to scan our MACs, and found that it was really straight forward.  If you are using Spiceworks (or thinking of using Spiceworks), here are the steps we took for scanning our MACs.  Your MAC will need to be atleast OS X.

Configuring Spiceworks:

• Open Spiceworks and go to Settings
• Click Network Scan
• Scroll down to Manage Network Accounts.
• Click Add and add an SSH account. (Note: You will need to add this username and password to all of your MACs.)
• Scroll back up and edit your Device/Range that you use to scan your network.
• Where it says SSH, use the drop down to select the Account that you just created.

Configuring the MAC:

• Click the Apple icon and go to System Preferences
• Click Sharing under Internet and Network
• Check Remote Login
• At the top of that page, make sure that your “Computer Name” is alpha-numeric and does not have any special characters or spaces (not even hyphens or underscores).
• Go back to System Preferences and click Network.
• Be sure that both your AirPort (if applicable) and Ethernet have the WINS (under Advanced) NetBios name show the same as the computer name.
• Apply your settings.
• If you don’t already have an account that is the same on all the MACs (it doesn’t have to be what they use to log in, but something like a local admin account), then go to Accounts and create one for each MAC (be sure to use the same user name and password).  This will be the same account name and password Spiceworks will use to scan the MACs via SSH.

Once you’ve completed these steps you can run your Spiceworks Network Scan and it will pick up your MACs, and populate all the data as it does for PC.  Very cool!

A year of Blogging

It’s been a year since I’ve started blogging.  Looking back, I really haven’t kept up with it like I had thought I would.  I average a post or two every other month.  But that’s cool though.

My purpose for the blog is to have a place to share my experiences with other IT Professionals.  What better place to do this than the Web.    I know for me, it’s awesome to do a Google search and find the answer to a problem on the first page!  That’s what I’ve tried to do this year with my blog.  When I come across a problem, or am working on a project that is new or may  be hard to find, I try to document it and post it on the web, with the hopes that someone else coming across that particular problem or project will find the answer (or get closer to the answer) sooner than later by coming across my blog.

So here are some stats from this year.  Not having anything to compare it to, I’ll say that’s pretty cool that I’ve had 14,488 views over the course of a year.  Most of the hits are from searches too! 

So that’s what I’ll do again for 2009.  I may not blog several times a week, or even a month, like you would expect from a blog.  But I will definitely blog about projects and issues that I come across.

God has blessed me with a great 2008.  I pray Gods blessing over you for 2009.  Happy New Years!

Two Years with the Barracuda Spam Firewall

This month marks two years that we have had the Barracuda Spam Firewall.  I wanted to post the results (as I did last year):

The first shot is stats since I first installed the Barracuda, and the second shot is stats from this month.  It’s working great and I would highly recommend the Barracuda Spam Firewall if you are looking for a spam solution to work with your email system.

Exchange 2007

Wow.  I took our Exchange 2007 Server from 8GB RAM to 16GB RAM on Sunday.  PowerEdge 2950 III, Dual Quad Core Processors, 16GB RAM, Check this out…

That’s awesome!  570MB free, 16GB of RAM  AND  16GB Pagefile being used!

Spiceworks 3.1 Update Now Available

Spiceworks 3.1 update is now available and it has fixed the duplicate records that I blogged about not long ago.

In April, we implemented Spiceworks for Network Inventory and Monitoring.  We have it scan twice per day, so we are able to see the most current data.  With the release of Spiceworks 3.0, we implemented Help Desk and use it to track all Help Desk Tickets.  I have setup Spiceworks on it’s own Virtual Server, and have created multiple Admin Accounts for myself and IT Staff.

For Help Desk, we have two options for our users to send in a help desk ticket.  First, they can send an email to our Help Desk email account.  Spiceworks checks this account every 1 minute and will pull any new tickets into the help desk dashboard.  Once we receive the ticket, we can assign it to one of our IT staff.  Within the dashboard, we can continue a conversation with the employee (which emails them our comments) and keep the work flow in place.  As long as the employee doesn’t change the subject, it will keep the work flow going.  The second option we have put in place is the Intranet Web Portal.  Our users can log into spiceworks through the web portal that is located on our Intranet and they can create a new ticket, and see opened and closed tickets as well.  One great feature is that you can associate the ticket with the computer name, and can see a list of all tickets that have been requested against that particular machine to see reoccurring issues and such.

These are just a few of the many things we use Spiceworks for.  I highly recommend Spiceworks as your Network Inventory, Monitoring, and Help Desk solution.  You can’t beat the price either, free!  Thanks Spiceworks!

ESXi Time Bomb Error

Problem with ESX 3.5 Update 2 and ESXi 3.5 Update 2:  As of August 12, 2008, Virtual Machine won’t power on after it has been powered off or rebooted.

You receive the error:

A General System Error occured: Internal Error

Your event will display:

This product has expired.  Be sure that your host machine’s date and time are set correctly.  There is a more recent version available at the VMware website: http://www.vmware.com/info?id=4
———————
Module License Power Fail

Here’s an email I received from the VMware team.  I have successfully applied the patch to our Test ESXi server using VI Update (which was installed when I installed the VI Client, look in Start\All Programs\VMware\VI Update).  I will install the patch on our Production server this evening because it does require the host to be rebooted in order for the changes to take effect.  If you are running ESXi in production, you won’t receive the error unless you power down or reboot the virtual machine.

You can also see the KB Article:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006670

Here’s the email:

Dear VMware Customers,

We have released the express patches for the product expiration issue. Please go to http://www.vmware.com/go/esxexpresspatches for more information.

Problem:

An issue has been discovered by many VMware customers and partners with ESX/ESXi 3.5 Update 2 where Virtual Machines fail to power on or VMotion successfully. This problem began to occur on August 12, 2008 for customers that had upgraded to ESX 3.5 Update 2. The problem is caused by a build timeout that was mistakenly left enabled for the release build.

The following message is displayed in the vmware.log file for the virtual machine:

This product has expired. Be sure that your host machine’s date and time are set correctly.
There is a more recent version available at the VMware web site: http://www.vmware.com/info?id=4.
————–
Module License Power on failed.

Affected Products:

- VMware ESX 3.5 Update 2 & ESXi 3.5 Update 2.

- The problem will be seen if ESX350-200806201-UG is applied to a system.

- No other VMware products are affected.

Resolution:

VMware Engineering has produced express patches for impacted customers to resolve the issue.

FAQ:

1. What do the express patches do?

There are two express patches: one for ESX 3.5 Update 2 and one for ESXi 3.5 Update 2. They are specifically targeted for customers who have installed or fully upgraded to ESX/ESXi 3.5 Update 2 or who have applied the ESX350-200806201-UG patch to ESX/ESXi 3.5 or ESX/ESX 3.5 Update 1 hosts. For customers who haven’t done either, these express patches should not be applied.

To be noted is that these patches have been validated to work with esxupdate. However, testing with the VMware Update Manager is still under way. In subsequent communications, we will provide confirmation whether the patches work with VMware Update Manger or if a re-spin is required.

We are currently testing an option to apply the patch without requiring VMotion or VM power-off and re-power-on at the point of patch application. To immediately refresh vmx on the VM, one can VMotion off running VMs, apply the patches and VMotion the VMs back. If VMotion capability is not available, VMs can be powered off before the patches are applied and powered back on afterwards.

2. When will VMware re-issue the upgrade media and patch bundles?

VMware plans to re-issue upgrade media by 6pm, August 13 PST and all update patch bundles later in the week. We will provide an ETA for the update patch bundles subsequently.

NOTE:

• An upgrade media refers to ESX 3.5 Update 2 ISO, ESXi 3.5 Update 2 ISO, ESX 3.5 Update 2 upgrade tar and zip files. They are for customers who haven’t installed or upgraded to ESX/ESXi 3.5 Update 2 but wish to.

• The “patch bundles” here refer to those released at GA. They are for customers who do not wish to do a full upgrade to ESX/ESXi 3.5 Update 2, but apply patches that are deemed necessary to hosts running ESX/ESXi 3.5 or ESX/ESXi 3.5 Update 1. They are not the same as the express patch which is described above.

3. Why does VMware plan to re-issue the upgrade media before the patch bundles?

Since we can complete building and testing of the upgrade media before the patch bundles, we want to make that available to customers right away instead of re-issuing all the binaries later in the week.

IT Policy

Do you have a written IT policy clearly stating that all computers are property of the church, that an employee has no privacy to using the computer, and that the church (employer) has the right to “access, monitor, analyze, and inspect its computers at any time, with or without permission or advance notice”?  Are the staff required to sign off stating that they have read and understood your Churches Policy manual?

I was reading “Can Churches Inspect Employees’ Computers?” from Church Law & Tax Report and they had a story of an employee successfully claiming the Fourth Amendment because there was not a policy in place stating that the church had the right to search the computer, so it was implied that the staff member had the right to privacy and would need to give consent to search the computer (it was much more detailed than that, but that was the main point).

Here’s a good article (different article) with a few things you should include in your Information Technology Policy to ensure the “expectation of privacy” is not there.

VMware ESX 3i Installation Video

Here’s a video I found of the ESXi installation, literally beginning to end in less than seven minutes.  If you haven’t had a chance to test ESXi yet, here’s a glimpse at what to expect…