David Szpunar: Owner, PC Help Services & indeedIT

David's Church Information Technology

September 1st, 2008 at 12:38 pm

Remote Desktop and SSH with mRemote, free and open source

mRemote is one of my best Cool Tools finds in quite a while.  I first heard about it from this 4sysops post comparing free RDP clients. For a long time, I thought all I needed was the built-in Windows Remote Desktop Client. I was very wrong. Sure, it’ll get the job done, if you don’t mind windows all over the place, managing a bunch of connection settings files, and manually editing said files to get Console connections. Or hey, you could always start RDP from the command line if you want to connect to a server’s console session using a switch. But with the free and open source mRemote software, you can have one window with connections organized by folder, inheriting settings in a hierarchy (or not, as you prefer, per setting), and giving you tab-based access to your open remote control windows! All this with a configuration file you can copy and use on multiple computers, or the option of storing connection settings in a SQL Server database (I haven’t tried this; I might if it supported using a MySQL database).

In addition to Remote Desktop, you can also open webpages (HTTP or HTTPS, using Internet Explorer or optionally the Gecko rendering engine that Firefox uses if you download xulrunner…see the instructions within mRemote). And connect to SSH sessions using PuTTY, which comes with mRemote, right inside other tabs.

There are other tools out there that do similar things. Royal TS is one, and in fact was the first one I found (see review from 4sysops here). There are others in the original 4sysops post I linked to, which compared six free RDP clients and mentioned a paid one. mRemote does everything I need in a comfortable way that I’m very pleased with, at my favorite price. It works fine with Server 2008 and Vista, and using the smartsize setting so the remote desktop fills whatever resolution is available inside the mRemote window makes for an efficient work area that’s as large as you can fit on your screen!

If you use Remote Desktop on more than just an occasional basis or to connect to more than one system, you need mRemote, or one of the other similar tools if you find it’s a better fit.

What if you’re away from your laptop or desktop and need to Remote Desktop from just about anywhere you can get cellular data coverage with AT&T? Well, you have to have an iPhone too, but I highly recommend WinAdmin for the iPhone to fill that need. That’s a review I wrote as a part of my iPhone Apps reviews over at my personal blog earlier today, and it ties in well with this full-sized mRemote companion :-) (As you might have guessed, writing about WinAdmin actually sparked the idea to blog about mRemote. They complement each other well! Seriously, I think I hear mRemote telling WinAdmin how it thinks of it fondly as a younger brother, whenever my iPhone is next to my laptop :-)

The obligatory “why I haven’t been blogging”: Busy playing with iPhone :-D Too much fun to waste time writing about other stuff (even writing about iPhone Apps has taken a backseat until today!), but I’ve got a few ideas planned and things to write about up ahead. For now, enjoy having a bit less in your feedreader; I know I’ve been falling quite behind in my own blogreading too! Twitter and the #citrt IRC channel are also to blame in large part, but not in a bad way. I’m not the only one; see Jason Powell’s post about it.

August 5th, 2008 at 4:38 pm

Explorations with VMware ESXi (now free!) and Linux NICs

Late last month, VMware announced that it was going to make it’s ESXi product free. It’s not the same as the full-blown ESX product, but it’s close enough to get anyone running VMware Server salivating! Including me.

I’m going to have to work on getting a server available to play with this at Lakeview, but it came at a great time for the Indiana District Assemblies of God office where I work one day per week: I had a server that I was about to transition into a role as a virtual server host and ESXi was released freely at just the right time to try it out! My server is a ProLiant DL580 G2 model, which isn’t on the “officially supported” HCL (Hardware Compatibility List) for ESXi, but is for the full ESX. Worth a try; I’m not planning on buying support anyway.

After registering, downloading the ISO image file, burning it to a CD, and booting the CD on the target server, the installation process completed without a hitch. It was so quick and easy, there’s no point in describing the process in detail! If you can’t make it install on supported hardware, you shouldn’t be using servers anyway :-) (You can find how-to guides online easily enough if you do need one, and I will mention that you need to change the BIOS on the DL580 G2 to indicate that the supported OS is “Linux” before installing.)

After installing, the server boots and you get a screen that you can’t actually use to do much. It tells you your IP address (if it obtained one using DHCP, which mine did) and lets you set a root password (which I recommend). Then, you need to visit the IP address of the server from a client machine on the network. This page gives you a download link to install the VMware Infrastructure Client, which you’ll need to actually setup and manage ESXi. Connect with the Client to the IP of the server using the username root (and either a blank password or the one you set earlier if you changed it–you did change it, right?).

I’m using an onboard RAID controller with SCSI storage rather than a SAN (I’ve been told ESXi does not support IDE disks but does work with SATA drives if you need it to), so I didn’t need to set up any iSCSI targets or anything like that, although that appears to be very easy if you’re fortunate enough to have a SAN.

One thing to keep in mind is that you’ll need the free VMware Converter if you want to convert Virtual Machines from a VMware Server installation to your ESXi box. It’s a rather simple process I haven’t really gone through in production yet so I won’t say more, but you can’t just copy the files over and run them.

So far I’m only running a LAMP (Linux/Apache/MySQL/Perl-or-PHP-or-Python) appliance from VirtualAppliances.net, which I absolutely love when I need a quick webserver! Installing this from the Virtual Infrastructure Client is very, very easy. File menu->Virtual Appliance->Import. I used the Import from URL function, and used this VirtualAppliances address to the .ovf file needed to install the appliance. Confirm and wait, it has to download the disks from the internet and transmit them to the ESXi server!

I’m using the LAMP server to run the HelpSpot helpdesk application. Since I had this running in a VMware Server appliance already, I simply used the “scp” command to transmit the web files from the existing appliance to the new one, and moved the MySQL database dump over as well. I logged in as root to the appliance and used “aptitude update” and then was able to use “apt-get install php5-imap” and “apt-get install php5-tidy” which are required or recommended for HelpSpot, and I used the web-based configuration to turn on the Zend engine in the Apache configuration, which HelpSpot requires. It popped up and took off like I’d never moved it! I also copied over the cron entries needed to execute the regular email checks that Helpspot does. Note that I’m leaving off a few steps involving DNS changes and firewall modifications because I gave it a new IP address, but basically the move was very easy and straightforward.

Then I ran into trouble, because I like to experiment :-) In the VMware Infrastructure Client, I right-clicked the LAMP VM and told it to “Install/Upgrade VMware Tools” on the VM (it said the Toold were out of date…wouldn’t want that now, would we?). I used the Automatic option with no Advanced Options. Everything seemed to complete successfully, and I rebooted the appliance. Oops, no network! The eth0 network interface was nowhere to be found! (Using “ifdown eth0” and then “ifup eth0” normally disables and re-enables the Ethernet interface, in case you didn’t know (I didn’t, until recently, thanks to #citrt!), but in this case only the localhost “lo” interface showed up at all.) This could be a problem, since the whole point is to be a “networK” server! I tried asking around in the #citrt Church IT Roundtable channel on IRC, where usually someone knows what to do, but I didn’t get much help on this issue from the folks currently in there when I asked. Time for Google! Without too much effort I’m pointed in the right direction, to this forum thread on the Ubuntu Forums (The VA LAMP appliance is based on Debian linux). User “modifiedmind” had the same problem as the original poster, and then found the solution and posted it later…thanks! I couldn’t quite find what to enter as the argument to the modprobe command, but I managed to track it down and this is what I had to do:

  1. Edit the /etc/udev/rules.d/70-persistent-net.rules file on the appliance and delete the last two lines (the one starting “1. PCI device…” and the one beneath it, starting with “SUBSYSTEM==”net”…” (I like using the nano text editor because I’ve never spent the time to learn vi or emacs, so I did an “apt-get install nano” first; make sure to use the -w argument to nano so it doesn’t line-wrap for you, like “nano -w /filename“. Or use whatever text editor you’re comfortable with!)
  2. Run this command: /etc/init.d/udev restart
  3. Run this command: modprobe -r pcnet32
  4. Run this command: modprobe pcnet32
  5. Run this command: ifdown eth0
  6. Run this command: ifup eth0

That’s it. Back to working order! So far I’m very happy with ESXi and I’m going to do everything I can to use it everywhere possible :-) It also has the capability of adding the higher-end features (HA, VMotion, VirtualCenter Manager) just like you can with ESX, if you’re willing to pay for them. I’ve never used them, this is my first ESX/ESXi experience ever, so I figure I’ll be happy without them as long as I don’t use them to see what I’m missing! The biggest thing that ESXi doesn’t have that the “full” ESX has is a “service console” that lets you control the machine locally. I’ve heard that many people have had great success running ESXi on even non-supported hardware, and it should at least run on anything that ESX will run on without a problem (just don’t try to pay for support!).

July 31st, 2008 at 7:00 am

Don’t Buy An EqualLogic SAN…

…Unless you get it from Jason Powell! He’s the IT Director at Granger Community Church, but when the moon is out he’s selling EqualLogic for VR6 Systems and he loves giving churches and non-profits good discounts! (He’ll probably give you a good deal even if you’re not at a church, too, especially if you get on his good side. And I’ve never seen his bad side!) You can contact him through the information on his blog or you can look for him in the Church IT Roundtable IRC channel (#citrt on Freenode, go to Mibbit and connect to the Freenode network, #citrt channel with a nickname of your choice to stop by and say hi without installing any software–all web browser based! Also, long-time IRC regular Justin Moore is going to be working at Granger starting next week…congrats Justin!). You really need to talk to him first before you talk to anyone else, because of the way Dell does pricing. Really. I mean it. I don’t have an EqualLogic SAN but I’ve seen Jason demo one in person and it’s quite amazing! The only reason I don’t have one is lack of funding!

Also, the Church IT Roundtable Fall 2008 is coming up in October, but the registration price goes from $50 to $75 if you don’t register by August 8th! The actual Roundtable is October 8th and 9th, but there are pre- and post-activites planned for the day on either side if you can make it (see the schedule). My plans aren’t firm yet, but my wife and I will likely both be there!

July 30th, 2008 at 11:33 pm

First post from my iPhone

I know, it’s just the obligatory first post from new mobile device. Nothing special. So far I’m enjoying the iPhone immensely, and typing isn’t great but it’s not bad, especially in text fields where you can type a word and hot space , and let the phone autocorrect your spelling! It’s pretty smart but not perfect. Seems to be acceptable for everyday use. AT&T is having problems getting my data plan active so I have wifi and no text messaging either for the time being, but they supposedly will have that taken care of tomorrow perhaps. It’s a very old account, I’m not surprised there’s some cruft in there!

I’m using the free WordPress app to compose this post on the iPhone and it seems to be pretty solid so far but it needs some more features like page editing capabilities and not just posts. In time. For now it is good!


July 30th, 2008 at 12:22 pm

The Day of the iPhone Has Arrived!

AT&T iPhone Status: Shipped!

AT&T iPhone Status: Shipped!

Yesterday, my iPhone shipped to the AT&T store where I’m going to pick it up. It ships overnight FedEx, which I’m very happy about, because it means I can go in the store and pick it up today! I’ll be going after work this evening. The FedEx tracking number shows that it was delivered at 10:17am to the store, and I’ve confirmed that the phone will be available for pickup later this afternoon!

In order to not bore you with posts about iPhone apps that I find, I’m going to post most iPhone-related stuff over on my personal blog (which I’ve recently redone so there’s not much there), ExistDifferently. I’ll probably make a post or page here with a table of contents that I’ll keep updated as I write stuff, or I’ll pull in the posts in the sidebar. If you really want to hear about a ton of iPhone stuff here, let me know…but it’s going to be more for me than anything, since there’s already a ton of info out there if you want it!

July 25th, 2008 at 11:14 am

Of the Bird in My Hallway

This morning, when I got up to leave my office and was about to leave the hallway to get to the rest of the building, I was a bit surprised to find a wren as I turn the corner, flying right over my head! This of course gave me an excuse to test out the Flip Video camera I have with me in my bag. So, here’s a YouTube video of the wren for your enjoyment on System Administrators Day (happy SysAdmin Day if you are one!):

July 18th, 2008 at 1:15 am

iPhone has been ordered!

I ordered an iPhone 3G today! (Well, yesterday technically…on Thursday) Should be here in less than a week supposedly, and I’ve already downloaded 71 of the free applications from the iPhone App Store in iTunes, ready to install! The WordPress app is done (Matt Mullenweg posted about it) but hasn’t been put in the store by Apple yet (oh yeah, WordPress 2.6 is out! Woohoo!). I’m looking forward to it! There are several paid apps ranging from $1 to $10 that I will consider at some point after I have the phone in-hand (and maybe some more $$!).

Why did I choose the iPhone? Well, I’m tired of my Treo 650, which is showing its age. I like the multi-touch interface, I like the data speeds, I like the screen size, and I like that, because it’s so popular, people are writing sites and apps (both!) specifically to work well on it. That means I can do more with it than with any other phone, or at least I can do so much so easily compared to other phone options right now. OK, I have to correct myself, will be able to do…gotta get the thing first! Oh yeah, and now it does Exchange ActiveSync with Push email, calendar, and contacts! That’s the one thing that made me sit up and take a look. Before, I at least told myself (and others) that I was OK giving the iPhone a pass–yes it was cool, but it wasn’t truly functional if you need Exchange access. Supposedly, that’s no longer true! It seems that the $30/mo data plan, unlike AT&T has been claiming per my previous post, works just fine with ActiveSync, which makes sense from a technical level.

It’s a 16GB black iPhone, if you were wondering, and I’m going to use it to replace my iPod Classic 80GB I think (the first Apple product I’ve ever owned) which is why I opted for the larger version; my iPod has over 20GB of podcasts and I’ll still have to pare that down to fit on the iPhone! Shouldn’t be hard; I didn’t try on the iPod because there’s plenty of space. I’m already with AT&T (but no longer in a contract), and the monthly plan will only cost me $10 per month more than what I’m already paying as part of my family’s FamilyTalk plan, so while I considered a 2G used iPhone, the 3G made enough sense given the subsidy for me.

June 16th, 2008 at 4:33 pm

Making A Donated Wyse WT3350SE Thin Client Terminal Work (with Pre-9/11 Firmware!)

A while back, thanks to a generous friend, Lakeview had a batch of Wyse WT3350SE Thin Clients donated to us (two initially, then a bunch more later on). Only a few power supplies to go around, but enough to play with (looks like eBay has a few I may pick up). I tried the first two when I first got them and had some initial issues connecting to our Terminal Server (running Server 2003) with one, and another had issues even getting that far. The newer ones I never got around to playing with, but I keep getting requests for basic workstations that we don’t have right now. Must be time to get these thin clients working!

The short story is yes, I got them working! At least two so far; I’ve tried a third but it won’t even power on. The answer came through Googling and guessing. Here’s how I got them working (mostly the working part, but I’ll add a few notes about the journey).

First, I had to locate a PS/2 keyboard and mouse. There are two USB ports on each of these units, but I don’t know if they’ll accept USB keyboards or mice and PS/2 ports are there and are the lowest common denominator (I tested a USB keyboard later with no success). With that done, I took one of the few power supplies I have, plugged it in with the keyboard and mouse, add Ethernet and VGA monitor (an analog input on one of my LCD panels worked fine, and hit Power. Took a few seconds to boot up, right to a login screen. Wow, that’s helpful, given that these were in another environment! No hint of a way to configure what server to connect to, either. Time for Google!

A few unfruitful searches finally brought results with the term “wt3350se update firmware” (without quotes) since I figured maybe updating the firmware would be a good method of getting control over the devices. The link I found was to Free Wyse Monkeys, specifically an article called Reset to Factory Defaults or Unlock a Wyse Terminal. This article seems to contain the world’s last remaining knowledge on getting into old Wyse terminals (as far as Google is concerned). I even hit up the Wyse official website without finding any documentation other than some firmware updates available for download (I’ll be coming back to those later).

The biggest key that helped me from Free Wyse Monkeys’ article was the note to try holding the “G” key on the keyboard while booting to reset and get into the settings screen. It worked! When I tried it, instead of a login screen I ended up at the Winterm Connection Manager with a “Default ICA Connection” staring back at me with beady black-on-gray eyes, and a title bar that said “Press F2 to select Terminal Properties.” Proceeding thus, there were all sorts of options available, but what I wanted was to connect with RDP to the Terminal Server and not Citrix, which we don’t have. The Terminal Properties window has a lot of tabs, but the best one for me ended up being the Upgrade tab: this tab let me input an FTP server to use for firmware updates! Wait a minute, didn’t I find some of those earlier? Why, yes I did! Firmware v3.5.1 was available in both Citrix (ICA) and RDP types, the one I wanted was called l44122rdp-wye.exe which I promptly downloaded and extracted. Yay, a bunch of files that were mostly meaningless! There was a bootstrap.exe file and such…it looks like there are a few ways from the Monkeys article I could use to perform the upgrade but they all required a DOS box. I’m a bit short of those at the moment.

But back to FTP. What if I just stuck the files on an FTP server and pointed the terminal at it for an upgrade? Couldn’t make things work worse than they already did, since they didn’t. I grabbed Filezilla Server because I didn’t feel like setting up the IIS FTP service just to test my theory. Set up a test user with access to the directory inside my extracted firmware (the firmware was a .exe that extracted files to a folder, inside the folder there was another folder called “441-223350rdp” which is what I set as the FTP root, with the actual firmware file being called “L441224F.wye”). Back to the Upgrade tab on the thin client. I input the Server Name of my machine, left Server Directory blank, and entered the User ID and password I’d set up in Filezilla Server. Then I clicked the button I assumed would begin the upgrade, if it worked (how did I guess? Fortunately, the button said, “Upgrade.” Clever!). Up pops a little warning box saying something to the effect of “Warning! This will do an upgrade. Don’t stop once you start. Are you sure?” only a long longer (OK it wasn’t too bad).

Twenty seconds later the flash was downloaded, and precisely 70 seconds later from the time I clicked Upgrade the terminal restarted itself, only to come back and let me create a New Connection in the Winterm Connection Manager, this time of type “Microsoft Remote Desktop Client.” Bingo! I’d say that’s exactly what I was looking for. I created a new connection with the details of our terminal server, and tried it. Success! There are still a variety of settings available in the Terminal Properties (hitting F2 at the connection screen) and it appears if I want to get fancy, I can configure a lot of this stuff through DHCP options to the thin clients as well. Time to look for some additional power supplies, keyboards, and mice, and contemplate some monitors. I’ve got a couple of people needing some “computers”! The color depth isn’t great but Outlook and Word will run just fine.

Just one thing unsolved: what does the third Wyse firmware do? There are three downloads, one ICA, one RDP, and another called L369_20Wye0.exe. I have no idea what this does. Not sure if I’m going to try it or not. (OK, I tried this before posting. It installs an older firmware version (3.41 SP3) that has Citrix and RDP connection capabilities. Perhaps this is the version I had problems with in the past. I didn’t leave it installed for long, and went back to what worked the first time, version 3.5.1 Service Pack 2.)

Also, noticed that the firmware images are dated Sept. 4, 2001. Exactly one week before the 9/11 attacks. No particular reason why this matters, just weird to be using “pre-9/11” technology and software!

June 12th, 2008 at 5:49 pm

Contemplating the iPhone 3G

I really didn’t care that much when Apple introduced the original iPhone. Yeah it’s cool, but it wouldn’t sync with Exchange using ActiveSync, and without that it’s pretty useless to me. Well, that and it has no hardware keyboard. The new one coming out on July 11th will not only support ActiveSync (and better from the Palm Treo ActiveSync support in VersaMail it looks like), it will also have built-in GPS and 3G (higher speed) internet access (but alas, still no keyboard). Granted, the “old” iPhone will have a free software upgrade (to version 2.0) to get ActiveSync support as well, which is cool.

So, I’m contemplating those new iPhones. Strongly considering getting one, but I have a few questions. Although the price came way down (now $199 for the 8GB version, and $299 for the 16GB version), the data cost goes up for the 3G service. Original iPhone data plans were $20/mo, but 3G service appears to be tiered at $30/mo for personal accounts and $45/mo for “enterprise” accounts. However, I have been unable to find any good definitions of the difference between the two accounts, other than who is paying for them. In the #citrt channel, Chris Green said yesterday that based on his research, ActiveSync was probably going to be avialable only on the $45/mo corporate plan. I can’t find any details other than price on the Apple or AT&T websites, but I’ve found one or two rumors of a similar setup with some Google searching, but those were some random posts on some forums.

While on the AT&T website, a customer service order chat popped up, and I took the opportunity to ask AT&T directly. They were less than clear, and I’m not sure I believe them, but here’s the conversation:

Michael: Welcome to AT&T online Sales support.  How may I assist you with placing your order today?
David: Actually I have a question. What is the difference between the personal and Enterprise data plans for the new 3G iPhones?
David: Other than $15/month?
Michael: I am sorry, but we do not have the information on the new iphones at this time
Michael: We will have that on July 11th.
David: You have enough information to say there’s a corporate plan for $45 and a 3G personal plan for $30. Why can’t you just define those terms?
Michael: One is business and one is personal
David: Yes but if I have a personal phone, will the Exchange ActiveSync feature work with an Exchange server?
Michael: Yes, but is will not be secure
David: That can’t be true, my ActiveSync account only allows for encryped SSL connections.
Michael: Ok, then you would not be able to use the $30.00 plan you will need the $45.00

Other than an uncanny ability to state the obvious (“One is business and one is personal“), Michael says quite plainly that ActiveSync will be possible but “insecure” for Personal accounts. This would have to be done in the ActiveSync client software on the iPhone, because I’m sure the iPhone allows SSL-encrypted web browsing on any data plan, and since ActiveSync is essentially encrypted SSL traffic, AT&T would be hard pressed (in my opinion, which I’m willing to have corrected) to sniff/block the traffic at the network level. I think they’d have to “remove the Use SSL” checkbox from the ActiveSync config on the iPhone itself based on account type. Or are they talking about the ability to remotely wipe the system only on the Enterprise plan?  I have no idea. But I don’t like the idea that only businesses get encryption; ActiveSync over HTTP is not a good solution for anyone, and it’s certainly not worth a $15/mo premium for essentially the same service.

I suppose only time will tell, unless one of my readers has better or more information than I’ve been able to find. If so, do share!

June 4th, 2008 at 12:25 pm

Symantec Renwal Reminders: Rant

<rant>It’s nice to get an email from a vendor to let you know your support is expiring so you can renew. But Symantec is taking this way too far! Since I work at Lakeview and the Indiana District denomination office, there are two separate Symantec contracts I manage, and they expire about five months apart. Each time, I start getting reminders something like 90 days out. And then 60 days, 30 days…I don’t know exactly what the frequency is, but it’s often. Still, reminders are good, right? Then I renewed the contract for another year. But Symantec STILL sends me “Support Expiration Notice” emails! “Blah blah blah expired please renew blah blah.” OK, now you’ve gone from useful but maybe a bit annoying to completely unhelpful and rediculous! How hard is it to update your internal system when the contract is renewed (it’s tied to a contract number and everything, don’t tell me you can’t figure out that I’ve renewed!) and either stop sending emails or send a thank you?

Instead, they’ve (finally) added a nice note to their email which says, “If you have already renewed these products or are working with your reseller, please disregard this notice or click here to ensure you don’t receive future notifications.” Stupid to make me do this, but sure…I click on it. It opens a new email (not a website) addressed to [email protected] (let the spam bots have it, what do I care?) pre-filled with something like this (I’ve x’d out the fields they filled in for privacy):

Subject: My Symantec Support Contracts Are Already Renewed

My Symantec Support Contracts have already been renewed. By sending this email, I will ensure that I will not receive future renewal notifications for the products listed in my renewal agreement number indicated below. I understand that if I have other Symantec products with support contracts up for renewal, I may receive renewal notifications for those products in the future.

Agreement#: xxxxxx and Customer #: xxxxx
Original Order #: xxxxxx
Ref #: xxxxxxx
Support Exp Date: xxxxxx
Source Code: xxxxx

Why on earth do they make me go through this when they should already know I renewed!? I even got a call from Symantec right around the expiration date about this exact same thing, and I told the person that we had just renewed already–just like the email, a phone call that they should never have made. And yet it’s still in their email system!

Yeah, I know, it’s just a few emails. But it’s annoying, and I’ve been through it twice now! You’re a big company, Symantec. Please get your act together. Small things count. </rant>