:::: MENU ::::
Browsing posts in: Church IT

Avaya IP Office 412 & 5610IP & Sonicwall VPN

Recently several new initiatives have caused us to look into extending our Phone system beyond the physical location of our main campus.  We have an Avaya IP Office 412 with 150+ digital extensions.  As part of the IPO you can do VOIP extensions but we haven’t had a large need to deploy those since our building was already wired for a phone and data network separately (Major PROS & CONS to this but not in this post). 

We do have however a couple handsets in locations where we can’t get a pair of copper for the digital phones so we have  a couple VOIP extensions on campus.  Those have worked great, plug the phone into the network, configure the IP and the VLan and your making calls.  So it should be that easy over our VPN right?  Wrong. 

After several hours of searching to figure out the issue we learned it was both a IPO Issue as well as a configuration issue in the Sonicwall Firewalls.  Since there was little documentation about this specific combo I have documented it here as well as the nuggets of info we learned along the way.

Hardware Used:
- IPOffice 412
- Avaya 5610sw IP-Handset
- Sonicwall TZ100 at remote location and Sonicwall EClass 5500 on main campus.


- Configure a new IP Extension on the IPO, Enter Only the Extension ID and Base Extension
- Configure the User for the Extension and Program Buttons Etc.
- Create an Incoming call route for the DID
- Connect the 5610 to the local network to make sure the phone is working locally. 
- Boot From DCHP, Enter IPO IP address (Phone Server) and Enter Voicemail Server IP (FIle Server)
- After the phone talks to the IPO it updates Firmware updates and the the phone is functional

At this point all was well and we were able to make and receive calls from the IP handset and it was time to take the phone to the remote site.  The remote site is where we started having connectivity issues and the phone wouldn’t boot completely.

-Plug in the phone and choose DHCP and it fails to connect to the server.  Do  a phone reset to clear out all networking gremlins from local network settings: Press Hold then 25327#
-Phone reboots and grabs DHCP address but cannot talk to the TFTP server.
Note: Workstation running the IPO Manager software runs a TFTP server when the application is open but not editing a config file.  If Manager isn’t running IP Phones will not update.

In the troubleshooting we could ping any device on the core network from the VPN except the IPO.  You could ping the Voicemail Server but no response from the IPO.  This was because the IPO requires you to  manually add an IP route for each subnet that is not the subnet of the IPO’s LAN1 Interface.

Some discussion forums noted that you would have to have a license for VPN or Remote IP Handsets but that is not the case.
To Configure the IP Route in the IPO:
- Open the IPO Config Manager and navigate in the tree to: IP Route
- Right Click and Choose New.
- In the new Route Config enter the IP Address of the Remote Router, IP Mask of the Remote Location
- The Gateway IP address should be the LOCAL IP of the Gateway on the Local network
  (Don’t enter the Gateway IP that you entered above in the IP Phone)
Choose the Destination of LAN1
- Save and Merge the Config. (Values shown have been modified and will not work with live config)

After this we should have seen the IP Handset boot, talk to the TFTP server and then work…. but that wasn’t the case.  When the phone would boot it would not show up as an extension in the IPO System Status nor would it check in with the TFTP server.  It would however appear to have booted and have a base extension without any call appearances.  Trying to use the phone resulted in a bunch of beeps.

After we were finally ready with the IPO configuration it now appeared something was blocking traffic over the VPN link from the remote location to the main campus. 

A call to Sonicwall reveled that in the latest firmware 5.5.x there are default settings enabled that should not be enabled to allow H.323 packets to travel from remote to local sites over VPN.  These settings should be enabled if you are NATing VOIP traffic via the WAN but not enabled if your VOIP traffic is traversing via VPN.
(Leads me to ask the question, can you not have a combination of VOIP Over VPN and VOIP via NAT, but that question can remain unanswered since it doesn’t impact us).
To disable these settings in the Sonicwall Admin interface go to VOIP and the ALL of the following should all be DISABLED on BOTH routers (Local and Remote).
- Enable Consistent NAT
- Enable SIP Transforms
- Enable H.323
It is important to note these setting changes require a reboot of both routers to take effect.

After a reboot of both routers and a reboot of the handset it registers with IPO as an extension and calls can be made and received.

It is important to note, this VOIP extension is not in the same physical location and it is the PBX operators responsibility to notify your dial tone provider of the physical location of that handset for E911 (PS/ALI Compliance).

Installing Printer Drivers on 2008 Server


In the process of migrating our servers from 2003 to 2008 and 2008 R2 we have started migrating our print server.  When you bring online the print server we downloaded the 32bit and 64bit drivers for each printer.  While most of our systems are still 32bit the new print server is a 64bit server, hence needing both drivers.

Installing the 64bit drivers was fairly straight forward but allowing 32bit machines to print via this server you also have to add the 32bit drivers as well.  In the past this has been the reverse but the process is the same.. Add and Share the printer then go back in to the Printer Properties and on the Sharing tab add the driver for the other, in our case adding the 32bit drivers for the guests.

When adding the 32bit drivers we ran into some issues.  Since a lot more printer drivers are shipping with windows in 2008 Server the wizard that adds the printer wants to install the OEM driver.  Which we found would print just fine from the server but give us one of two errors when we tried to add the 32bit driver.

The first 32bit driver error:


This error is a result from attempting to install a 32bit driver that doesn’t match the 64bit driver that the printer is currently using.  This is most likely caused by installing the printer with the OEM driver for that printer that came from windows update or shipped with Windows Server.  This is an issue because the Printer name in the OEM.inf and the .inf file provided by the vendor for the 32bit driver is somehow formatted differently … ie: ‘PCL_6’ might be ‘PCL6’ or some other slight variation in the printer name in the .inf file. 

The two solutions are to:

1. Find the oemsetup.inf file and edit the printer name or change the 64bit driver that the printer is using. 
2. The easier of the solutions is to change the 64bit driver from the OEM driver to a downloaded 64bit driver supplied from the vendor.  Once you change the driver or add the manufacture’s driver the install of the x86 driver will not be an issue.

The second 32bit Driver Error:



This occurs when the driver doesn’t match the formatting in the 64bit driver as above, but the issue isn’t resolved when using a vendor supplied 64bit driver.  You can attempt to find the differences between the two vendor supplied drivers as mentioned in issue 1 or take the following steps to install the 32bit driver.

1. Login as an Admin on any  client machine running 32-bit OS (it can be W2k3, XP, Vista doesn’t matter)
2. Access the print server PrintserverName and choose Printers and Faxes
3. Select the printer you would like to add the 32-bit driver
4. Go to properties
5. Sharing Tab
6. Additional drivers
7.Check the box for x86 for windows 2000,windows xp and windows 2003
8.click ok
9. The driver will be installed from the included drivers on the 32bit OS or it will prompt you for the location of the driver. 
8.Once the driver is installed you can check the server and the X86 box will be enabled.

Installing ACS Facility Scheduler on Remote Desktop Server 2008r2

Previously I documented the process for installing ACS’ Facility Scheduler Application on a 2003 Terminal Server as noted [Here].  But now its time to upgrade our ACS Remote Desktop Server to 2008r2 and the process for installing FS is a little different.  So here were our steps, your mileage may vary.

1. Download the latest installer from the ACS Client Portal. 
    (note the version released on 8/28/09 requires the .Net Framework 3.5)

2. .NET3.5 is included in 2008r2 but when you start the ACS FS installer you get the error displayed below. 

RemoteDesktop 2008r2


The next logical step would be to install .Net Framework, but remember it comes with Server2008r2, so you can’t just install it as the error below notes.  Rather you have to enable it not install.

RemoteDesktop 2008r2


The error notes to use the Roles Management tool, which you might think is Adding or Removing Roles, but what the error message really means is to go to the Server Manager then the Features item in the display tree then and then select add Feature to enable .Net 3.5.1. 
(Note: You can deselect the option to install WCF Activation which then won’t require you to install IIS on this server when you enable .Net 3.5.)



3.  After you have enabled .NET Framework 3.5.1 you can run the ACS Facility Scheduler installer.
4. Once the installer is complete launch the application and enter your site number
5. You may be prompted to download application updates, if prompted choose yes to update.
6. Once the updates are complete you should be able to login to FS with your login.
7. After updating and successfully launching the software you need to copy the application files to the default user’s folder so all users will be able to run the application on the Remote Desktop Server.  You can do this by the following steps:

  • Enable Hidden Folders by Clicking on Organize>Folder and Search Options> View Tab and then Select Show Hidden Files
  • Browse to C:Users%User%AppDataLoca
    • where %User% is the name of the account that was logged in when you installed FS
  • Copy the ‘ACS Technologies’ Folder
  • Paste the Copied ‘ACS Technologies’ Folder in C:UsersDefaultAppdataLocal
  • To place a shortcut on the Remote Desktop Server desktop for all users, go to c:Users%User%Desktop and Cut the ACS Facility Scheduler shortcut, and paste it in c:usersPublicPublic Desktop

8. Test your work by RDPing into the server (with an account that hasn’t logged into the server or the profile has been deleted) and you should be able to launch Facility Scheduler and access the application.

  • If ACS pushes out updates between the time you do the original install and the first time the user is logging in they may be prompted on the first use to update the application, if so choose yes and let the application update and then launch.


Happy Facility Scheduling…

Windows 2008R2 Remote Desktop Server Licensing – No more auto discovery

One of our recent projects has been preparing for and testing of the migration of our ACS Server.  We are are working to migrate our ACS Terminal Server from a 2003 Terminal server to a 2008r2 Remote Desktop Server and one of the problems that has caused frustration is the Remote Desktop Server CALs (Client Access Licenses).

We have software assurance so having those CALs wasn’t the issue, SA migrated our 2003 TS CALs to 2008r2 Remote Desktop CALs… The problems started when we brought the new server online and added the Remote Desktop Role it wouldn’t sync up with the license server. 

Previously we had setup one of our ‘backup’ domain controllers to be the terminal server license server so all Terminal servers would auto discover our Terminal Server licenses… but not with this new 2008r2 box.  Well alas I found out why… as noted here in the RD Licensing Tech net article:

“Prior to Windows Server 2008 R2, the license server was automatically discovered on the network. This discovery is no longer supported for an RD Session Host server that is running Windows Server 2008 R2.

In Remote Desktop Session Host Configuration in Windows Server 2008 R2, you must specify a license server for the RD Session Host server to use. You can either choose from a list of known license servers or manually enter the name.”

But nowhere in the document does it say how do setup said configuration… Other than you can do so by going to the Remote Desktop Session Host Configuration window.  In the RDSHC window (my abbreviation not Microsoft’s) you can see what license issues you have, and in our case we didn’t have an active license server but we couldn’t figure out how to fix that.

Finally today I came across this article [here] which links to this article [here] that actually gives the step by step instructions.  The gotcha is in the RDSHC window you need to not right click on any of the tree headings but select the top level and then go into the window and right click on the RD license server text for the properties menu to display. 

Incase the links go dark here are the step-by-step copied from the TechNet page.

To specify a license server for the RD Session Host server to use

  1. On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.

  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

  3. In the Edit settings area, under Licensing, double-click Remote Desktop license servers.

  4. On the Licensing tab of the Properties dialog box, click Add.

  5. In the Add License Server dialog box, select a license server from the list of known license servers, and then click Add. If the license server that you want to add is not listed, in the License server name or IP address box, type the name or IP address of the license server that you want to add, and then click Add.

    You can add more than one license server for the RD Session Host server to use. The RD Session Host server will contact the license servers in the order in which they appear in the Specified license servers box.

  6. Click OK to close the Add License Server dialog box, and then click OK to save your changes to the licensing settings.

You can also specify a license server for the RD Session Host server to use by applying the Use the specified Remote Desktop license servers Group Policy setting. This Group Policy setting is located in Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostLicensing and can be configured by using either the Local Group Policy Editor or the Group Policy Management Console (GPMC). Note that the Group Policy setting will take precedence over the license servers configured in Remote Desktop Session Host Configuration.

Now.. I have to say I am not complaining that the new navigation is bad.. just the new way things are being displayed in 2008 and 2008r2 one has to get accustomed to… BUT i am complaining that its a little frustrating when you search the net for ‘how to configure type articles’ and you have go to three or four layers deep to find the instructions.

So… i hope this helps you in you quest to configure the Remote Desktop license server… as well as provides me a place to look when I forget next time I bring online a new server.

Clean-up of a Orphaned Active Directory Server 2003R2 Namespace

In my previous post [here] I documented how to enable Access Based Enumeration on a 2003R2 DFS AD Namespace.  Since then several times in testing and now once in production or NameSpace has become orphaned from its NameSpace Server Host and I have had search how to clean-up an orphaned DFS Namspace.

Incase it every happens again… and so that I don’t have to search the web and try to figure out which random terms I used in the Google search I am documenting the process to fix an Orphaned Namespace here… for your use as well as mine. 

Since historically just pasting the links ends up burning me… I have included the step by step procedure, that was of course copied from several websites (Note: I am not claiming, any responsibility for, or noting the existence of, original content).

Your Mileage may very and no implied guarantees that the following steps will solve your issue… But the following did fix my issue with an Orphaned Namespace.

These steps have worked to delete the orphaned namespace because of server failure or loss of DFSRoots directory
(or migrating from one SAN to another and thinking that DFS replication will replicate your DFSRoots to a new volume on the new SAN… which by the way DFS replication doesn’t replicate DFSRoots)


The domain-based DFS configuration is stored in the AD database as well as some settings on the DFS Namespace Host server, so every time you launch the DFS management console, it will try to retrieve the DFS information from AD.

There are two nodes in AD which store the information of the DFS Namespace:

Node1. Store the DFS Namespace information which shows under the Namespaces node in DFS management console. CN=DFS-Configuration, CN=System, DC=Domainname, DC=domainsuffix

Node2. Store the DFS Replication group information which shows under the Replication node in DFS management console. CN=DFSR-GlobalSettings, CN= System, DC=Domainname, DC=domainsuffix

ON a DC use ADSIedit.msc to delete the orphaned namespace information domain.tldDFS_Namespace under the node CN=DFS-Configuration.

1. Launch ADSIedit.msc

2. Connect to "Default naming context" (the domain partition)

3. Expand and locate to the following node:
CN=Dfs-Configuration, CN=System, DC=ourdomain, DC=tld

4. Check if the orphaned namespace CN=DFS_Test is under it, if so, you may delete this node CN=DFS_Test

5. Afterwards, please run "repadmin /syncall" if there are multiple domain controllers in the environment

6. Then run "dfsrdiag pollad" on all the DFS member servers to manually make them sync the information from AD database.

Then, you may launch the DFS management console and then right-click on the orphaned namespace, and then select Remove Namespace from Display… if needed.

After these steps you can proceed to re-create your DFS Namespace. When creating the Namespace you may receive the error: “ The Server you specified already hosts a namespace with this name. Please Select Another Namespace or another server to host the namespace.”

If that occurs:

1. Stop the DFS service by tying net stop dfs at a command prompt.

2. Delete the following three registry keys/values:

3. Reboot the server and restart DFS Service.

4. If it still appears, delete the Namespace from the Display.

5. Proceed to recreate a Namespace.

ACS (ChMS) and PCO integration … Dead for now

As I have discussed in previous posts  [1] , [2] and [3] we would love for synchronization or sharing of data between our ChMS and Planning Center Online.  My recent push has been to get the sync to work for ACS and PCO, obviously because that would impact us most because we use ACS. 

In our conversations with PCO Owner Jeff Berg we found out that PCO had plans to synchronize with multiple ChMS products not just ACS, which was great.  In that conversation multiple staff from ACS talked thru how to make the APIs work and for PCO to integrate. It looked like we finally had progress to an integrated solution not just for ACS but all Church Management systems.

Then turn the page a couple months later, and this week I was disappointed to receive the email below, which I totally can understand but disappointed none the less.

Hey Jason,

I just wanted to let you know that we have decided to kill our "SharpSync" project for now. We have been working on it for over a year and just have not seen any fruit from it. The complexities of working with different schemas & APIs are too big of a hurdle for our small team to attack…


We have had a long discussion this morning about integration and the difficulties in what we were trying to accomplish. We have found this too large of a task for us to accomplish.  This is not just with ACS but with all of the other ChMSs we were talking to. We have spent over a year and a lot of cash doing this and just haven’t found a reliable way to integrate with all of the ChMS systems out there.  Every time we thought we were clear we would run into a hurdle with an API or data consistency issue.

We have discussed this with some other ChMSs and some have decided to integrate from their end…

I’m really sorry for this, I was very excited for this project but it just didn’t work.



So if you who have asked about such a tool, I encourage you to contact your ChMS and see if there is a way to make this project work.  If you are an ACS customer contact Sally Grantham and let her know your needs and interests.

I will stay to the PCO crew, thanks for the effort, and I still hope that we can see this product work.

WordPress to Tweets to a Facebook Fan Page

Recently our Communications and Technology initiative has been working to navigate how we as an organization are using / will use some of the social media tools… we are calling this our social media experiment (an experiment because we don’t know the outcome nor really the steps we’ll use to get to stated outcome).

As part of experiment we were wanted to reuse the content that was already being created by several of our blogs on our wordpress.mu server we host.  These blogs can push to our @NwoodsChurch twitter account and since that is already happening we wanted to consume the twitter content on Facebook as well.

The are are several Facebook applications that claim to work for consuming a twitter feed and posting it on Facebook, but we quickly learned that what works on a normal Facebook profile doesn’t always work for a Facebook Page for an organization.

So after a bit of time of trial and error and ignoring the step by step instructions for each application that just didn’t work, we found a solution (which i am documenting here for your use as well as my recollection should I ever need to recreate the process).

There were two main apps we tried: the “official” Twitter Application and Selective Twitter Status.  Both claim they can push updates into a Fan Page Wall but we found only Selective Twitter to work.

The one major drawback to Selective Twitter is the requirement of using #fb (hash tag) in each tweet.  Since our twitter account is a branded account for our organization and not someone’s personal account all tweets are applicable to go to Facebook… but this application requires the hash tag.

When installing either application if you are already using one of these apps to post to your profile’s wall your not going to have great success trying to push those updates or another twitter accounts updates to your Fan Page’s wall.

Solution, create a company alias (profile) account and make that new account an admin for the page in addition to your profile (or other Admins for your fan page).

1. With the company account login to Facebook and navigate to the editor for your Fan Page.
2. Choose Browse More in the More Applications tool.
3. Search for Twitter and choose Selective Twitter Status
4. Choose the option Add to my Page.

5. In the “Add Selective Twitter Status to your Page” window Select the your Fan Page you are configuring.
    – Don’t choose “Application” unless you would like to also install the App for your profile as well.
6. The next time you browse your applications on the Edit page for your Fan Page you will see Selective Twitter.  Choose Edit to configure the Application.
7. On the Edit page you will see 4 tabs select the tab “Your Fan Pages”

8. Select the page you would like to have the tweets display (if you manage only one page you won’t need to choose a selection)
9. Enter your Twitter Username
10. Check has permission and then Save.

Now all tweets for the username entered above will appear as updates to the wall of your Fan Page when they are tagged with #fb.

When using WordPress Plugin “WordTwit” you can add #fb to the message field in the general options so all tweets from the blog are pushed into twitter then consumed by Selective Twitter Status to display on your Fan Page Wall.  Below we configured the faith stimulus stories blog to push all posts to twitter with the hash tag #fb.


vmware Midwest Users Group

For those in central Indiana or the Midwest this is a FREE event you might want to plan to take in.


The Indianapolis VMUG invites you to join us for our 2nd Annual Midwest "Back to School" Demo Days 2009 on Thursday, August 6th at the University Place Conference Center and Hotel (on the campus of IUPUI).

Join other VMware users for this FREE knowledge-packed day as we network, share ideas and learn how to get the most out of your VMware solutions. There will be live demos and presentations throughout the day!


07:00 – 08:00am – Registration

08:00 – 08:30am – Keynote / Opening Remarks

08:45 – 11:45am – Demonstrations & Presentations

12:00 – 01:00pm – Lunch and Expo

01:00 – 04:00pm – Demonstrations & Presentations

04:00 – 05:00pm – Reception (open bar & hors d’oeuvres)

We’ll also be featuring:

  • Hands-on labs using VMware View and Wyse Thin Clients
  • Wii Lounge
  • Course Offerings Onsite by Avnet Technology Services
    (for an additional fee)

The VMUG Team

Register Now

ACS Pre-Convention Day (Roundtable & Checkpoint 201)

Today we had a great crowd at the ACS Church IT Roundtable.  As always I got really jazzed and fired up from the peer learning and community that are parts of all CITRT events.  There were a lot of new people to meet, and I also enjoyed getting to know some CITRTers I had talked with but never met…. Like Jeff Suever Great to meet you!

The conversation was great and I even got to shamelessly plug CITRT.org for those who haven’t’ heard of it… thanks Dean.

The afternoon consisted of the Checkpoint 201-Launching Checkpoint Successfully in your Church pre-convention workshop… This was a great group and we had a lot of fun sharing our experience and hearing how others are planning to launch Checkpoint for their ministries.

As I noted in the workshop we are more than happy to share anything we have learned or produced during our Checkpoint launch that you might be able to use for your ministry.  Most of today’s content is now listed below but we’ll continue to add and update items as time goes on (Download Content Updated June 9th to include additional content).

If you have questions about launching Checkpoint or would like to share your story with us we would love to hear from you.

  • Workshop Power Point (PDF)
  • Registration form (PDF)
  • Program Insert (PDF)
  • Website FAQs (Web)
  • Training Documents (PDF) (DOCX)
  • Self Service Kiosk Instruction Pannel (PDF) (JPG)
  • Self Service Kiosk Instruction Pannel – Draft 1 (PDF)
  • Self Service Kiosk Signage (PDF)

Indy Motor Speedway

After a great morning session (see Session 1 and Session 2 for Notes for the details of the info presented in the Road Show Presentation) at the the Sonicwall Road show presentations we headed over to the Indy Motor Speedway for the lunch and afternoon festivities.

Sonicwall provided lunch in one of suites above the track near the start/finish line.  There was an awesome spread of food and great conversation.

After lunch we headed to the Garages and Pit Road during the Firestone Indy Lights Qualifying.  We had a great time checking out the cars of the Indy Cup drivers as well as the Indy Lights.

Here are some photos from the afternoon… go here for all the photos.

Sonicwall Road Show @ Indy Speedway Sonicwall Road Show @ Indy Speedway
Sonicwall Road Show @ Indy Speedway Sonicwall Road Show @ Indy Speedway
Sonicwall Road Show @ Indy Speedway Sonicwall Road Show @ Indy Speedway
Sonicwall Road Show @ Indy Speedway Sonicwall Road Show @ Indy Speedway
Sonicwall Road Show @ Indy Speedway Sonicwall Road Show @ Indy Speedway