Hotel is Booked OKC here we come

I finally was able to successfully bid for our hotel for MinistryTech and the Spring RoundTable. I booked the rooms on priceline and used the free re-bidding strategy I learned from Mark Moreno and biddingfortravel.com.

We had to expand our search for a hotel a little further than I wanted, but when you are booking 8 rooms for four nights you have to give and take a bit I guess.  Final results Crown Plaza Hotel OKC for $ 62.00 per night.  You will find the likes of Jermie Kilgore, Jason Powell, Tony Dye, David Szpunar, Mark Moreno, Clif Guy, Ian Beyer, and Justin Moore at the Crowne Plaza Oklahoma City.

Installing Wildcard SSL Certificates

• Our SSL certificates were up for renewal so we began to investigated the most cost effective methods for our multipe SSL certificates.  We had two seperate certificates for SSL-VPN and our our Exchange server and expected to have needs for additional certificates.  This lead us to the decision of purchasing a Wildcard Certificate which allows us to use it for anything that is a sub domain of our primary domain name.

We have a SSL-VPN 2000 but Sonicwall doesn’t really have any documentation addressing use of the wildcard certificates on this appliance.  Their documentation is fairly straight forward of how to request and import a normal certificate so but makes no mention of using a Wildcard Cert.  Since the SSL-VPN’s certificate was going to expire sooner than our Exchange server’s and since process to import a certificate in the Sonciwall is a little more complex Windows IIS6 we decided start with the request from the SSL-VPN box.

The process to request and install the Certificate on the SSL-VPN 2000 is as follows:

• Create a Backup of the SSL-VPN Appliance
• Go to the System > Certificates page and click on the Generate CSR button.
• Complete the CSR window. 
• Enter the Fully Qualified Domain Name as *.domain.org
• Enter your organization’s name as registered name with the State. 
  • Our first submission to the CA failed because we entered the organzation name as Northwoods Community Church but the CA required our request to be entered under the name Northwoods Community Church, Inc. We were told that this was the case because of the liablity value was higher with a Wildcard Certificate than with the inexpensive SSL certificates.
• Enter and Document the request password.
  • You will need this when you import the certificate.
• Save the csr.zip file from the SSL-VPN console to your local workstation.
• Unzip the csr.zip and save the server.key file for use after you receive your certificate from the CA.
• Open the server.csr file with notepad and copy the contents of the server.csr file to the CA web interface to make your request.
• After the domain.org.crt file is received from the CA copy the .crt file and the .key file that was created during your csr request to a comon directory.
• Rename the .crt file server.crt and zip the directory.
• Be sure the .zip file is named certkey.zip
• Login to the SSL-VPN Appliance, Go to System > Certificates.
• Click on ‘Import certificate…’ button.
• In the pop-up that appears, select the ‘certkey.zip’ file you just created and click on import.
• If it is successful, the screen will now say ‘pending’.
• Activate the certificate by clicking on Configure icon next to new cert.
• You will be prompted to enter the password you entered when creating the CSR. Enter this and click on the Submit button. The screen will now say ‘inactive’.
• This next step will reboot the box.
• Select the Enable radio button next to the new certificate and click on the Apply button in the upper-right-hand corner.
• After the reboot, your certificate is now active.

To install the certificate on an additional server, in our case a IIS6 web server,  you will need import the certificate as a .pfx. 

• Download the cerficiate from your web browser to a .cer file going to the website that is using the SSL cert and choose view the certificate.
• Go to the details tab and choose copy to file and save the certificate as a .cer format.
• To import the certificate into IIS you will need to convert the .cer file to a .pfx file.
• Convert the files using OpenSSL
  • After installing OpenSSL Click START > RUN then type cmd.exe.
  • You need to navigate to the path where you installed your OpenSSL binaries.
  • Within this directory chdir to bin
  • Type the following commands to convert the .CER to .PEM format:
    • openssl x509 -in <drive:\path\to\cert>.cer -inform DER -out <drive:\path\to\cert>.pem -outform PE
    • openssl.exe pkcs12 -in<drive:\path\to\new\cert>.pem -out <drive:\path\to\cert>.pfx -nodes
  • Take the exported .pfx file and save it in a location where you can access it from your IIS server.
• Open IIS and go to the properties of the web you are configuring with the SSL certificate.
• Go to the Directory Secuirty Tab and select Server Certificate under Secure Communications.
• Choose Import a certificate from a .pfx file
• Enter the password you gave the .pfx file when you created it.
• After the certificate is imported rerun the wizard and Choose to ‘Assign an existing certificate’ to the site and choose the new certificate that you just imported.

You should now be able to browse the second web server and the SSL wildcard certificate should be activated.  Save the .pfx file for future use and it can be imported into a future webserver to utlize the wildcard certificate.

Tearing out walls… great fun!

We have lived in our house for just over 15 months, while it is a relativly new house there has been alot of work needing to be done since the previous owner basically did no work.  Last year my father-in-law and i installed 700 sqft of hardwood flooring and Natalie and I finished painting the main floor last fall… so finally the house is looking good… well except the basement.  We have our family room in part of the basement so we spend a fair amount of time there.

Well my parents and in-laws are in for Easter weekend so what a great time to start a project.  We have always wanted to change the layout in the basement so this weekend was the start of the project.  We didn’t like the fact when you go downstairs you imediatly stop at a door and wall… so I started practicing my hammer throwing. 

The work continues…. more photos of the progress to come.

HTC Touch Review part 2

Its been about 3 weeks that I have been using the HTC touch.  And believe it or not, and for those who know me well, I have only gone thru 3 handsets in that period.

Historically I have gotten my money’s worth out of my handset purchases and the HTC Touch is really no different.

This post is more about the support provided by Sprint to resolve the issues with the HTC touch.  I have spent about 3.75 hours on the phone with different Sprint representatives in the past week. 

I first had issues with the handset always roaming rather than using normal service.  While traveling to Ohio to got to the Sonicwall RoadShow I was sitting in the car with Jeremie.  JK’s phone (a HTC Mogul) would have EVDO data service and full signal… mine roaming and one bar. 

I took the phone to the Easton Town Place location in Cols, OH and after a little arm twisting they exchange the phone.  The customer service rep (named NII) said I needed all the accessories and the box to do a warranty exchange.  I obviously objected and told him he could keep the box from my new phone… After a little discussion I was walking out of the store with my new Touch… not roaming I’ll add… all was well…or was it.

That night after waiting the 4 hour customary period to kick off the data, I noticed my handset wouldn’t provision with the data services… a 1 1/2 hour support call ended after the customer service person had asked to have my phone hard reset 3 times and it didn’t resolve the problem.

The next am I called again… another hard reset and the device is declaired bad.  So they say I need to go to store to exchange the phone again.  Well since we were leaving CMH after our Sonicwall RoadShow I had no choice but to wait until we drove thru INDY on the way home to swap my phone. 

We arrived in Indy and two wonderful ladies at the Sprint location swapped out my phone again… this time even giving me some of the goodies (cables, headphones etc) and the box.

When we arrived home 4 hours later… still no data.  Another hour on the phone and Sprint tech support tells my my Data is one account and my Voice is another account… they assure me they will fix it… and ask me to call back the next morning.

I connect again with tech support and wait another 4 hours.. no data.  Finally another 45 minute support call and data is working again.

All this to say, if you can find the right Customer Service or Tech Support person from the hold queue you are in good shape… otherwise prepare to repeat your story a few times.

I would say the past few days have given the Touch some serious use… battery life is still really great, except when you have been roaming for an extended period of time.  When roaming for a large portion of the time you can kill the battery in less than 8 hours of standby.

The call quality is great, you can hear all callers very clearly and the quality of the blue-tooth radio is good… very strong connection to the Jabra250 headset.

The one beef with the Touch, the QWERTY keyboard isn’t used except in totally random text entry fields… HTC, let me choose which input device I want to use.

Sonicwall Roadshow

Jeremie and I had the opportunity to travel to Ohio for a Sonicwall Roadshow.  This event was designed to educate those using the Sonicwall product line specifically about the new E-Class UTM hardware.  Since we are looking at the E-Class 5500 as a possible option for our load balancing needs it was a no brain-er to travel to the Roadshow. 

Some highlights from the trip:

I had reserved a rental car from the Enterprise website and found out the next morning that the transaction didn’t complete, and there was no reservation.  The best part of this experience was the individual at the desk at Enterprise tells me “Even if you had a reservation we don’t have any cars, so it really doesn’t matter.”  So Budget Rental car here we come…

A rental car with a bunch of tech stuff powered on… GPS, Cell Phones teathered to laptops for web browsing, IPod etc.

- Dinner at Red Robin Restaurant (home of the bottomless fries!!) with my parents.

- Fixing all my parent’s computer issues… Actually the list was short…configuring both Tivos to connect to the Wifi since we had changed the encryption to WPA and configuring Dad’s new laptop to connect to the Wifi .

Roadshow was good, a little more ’sales pitch’ than I had hoped but informative but we still learned some things:

- Single Sign-On with Content Filtering only works with Windows machines, if you are rolling this out to all users and you have some Macs on the network that aren’t running a virtual Windows machine this will require a default policy for unauthenticated users.

• - There is some major development going into the CDP.  They are bringing to market a CDP that has removable drives and is much more expandable than the existing product line.
• - We were able to give our list of our top 5 causes of heartburn with the CDP to David K. (the CDP Territory Sales Manager) who is going follow up with us to find some ’work arounds’ and then help get our concerns on the development road map.

- David K. mentioned we can work toward some possible options for non-profits for off site CDP replication that aren’t as crazy expensive as the current Sonicwall services

- After meeting with some of the E-Class engineers we have a strategy to quickly install and test the E-Class to determine if it is a ’real’ LB option for us.

- Lunch Jeremie and my Mom at the busiest Wendy’s in the state of Ohio.  This Wendy’s location is in the lower level of The Ohio State University Medical Center.

- Dinner with David, Ruth and Nathan Szpunar at Donatos (one of the best Pizza places)

13 hours of driving, 5 hours of Roadshow a worthwhile trip.

ChipPC goes home

Our demo of ChipPC has concluded, and oviously if we are returning the hardware there were more cons than pros.

Pros:

• The device is just really cool.  A thin client that can fit in the palm of your hand.
• POE (Power Over Eithernet) is a really nice feature.
• The ChipPC demo pack was loaded with goodies:
  • ChipPC, Wall Plate, POE injector, POE tester, an assortment of needed cables and connectors.
• Not much if any heat output and low power consumption.

Cons:

• We were very unimpressed with the level of followup we received from the company.  It was like pulling teeth to get answers as to what the product included, how to configure it and if add-ons were avaliable.
• We asked several times and we still don’t know if you can configure the ChipPC to boot into a RPD or Citrix session.
• Excalabur is a managment tool they provide, but no one really wanted to talk much with us about it and how much it would cost or if it was the right tool for our application.
• The device runs WindowsCE

Overall it is a nice product but more expensive than the other thin clients we are evaluating and not the best solution for our installation.  Thanks ChipPC for a good demo.

thumbs down for oovoo

Recently I came across a new beta service called OOVOO which provides a video conference interface for up to 6 participants.

I had a conference call thursday and we tried to use oovoo.com’s video chat/conference.   The service allows for 6 people to be on a video conference call at one time.  The interface is very clean, the setup is very easy and finding your ‘friends’ is as easy as entering their username or email address in the search.  You simply start the call by selecting the person from your contact list.

The instant messaging chat works well.  For callers who don’t have a microphone or camera on their computers, you can call them on their cell or land-line phone to include them in the audio portion of the conference call.  The quality of the audio only participants was very clear.

As for the participants using the video conference, the video was very smooth and clear.  But that is where the positives end, the audio for those who were on the video portion of the call was extremely choppy and poor; bad enough we used the telephone conference bridge for the audio on our call.

Well oovoo is still beta so maybe we’ll try it again…. but that still leaves me on a quest for a Free (or close to Free) video conferencing solution for 6-10 participants on a call.

New in the RSS reader

I have found a few more items to add to my RSS reader…. and I thought I would share:

Mindsharp Blogs: a compilation of the whole Mindsharp team.  I couldn’t publish this list without including a new Ministry Partner: Mindsharp, INC and its owner Bill English.  This blog has more than info on SharePoint than every could dream of digesting.

Microsoft Exchange Team: More than I ever wanted to know about Exchange (In insane detail)

The MSDN SharePoint Server Blog

Woot, One deal one day: I have to admit I have ordered a couple things including $10 1gb mp3 players for our children’s ministry team… You can’t beat some of these deals and $5 shipping.  What did I do before the fun of wooting?

Any new feeds you can’t live without?

No Blackouts on NCAA MOD

CBS Sports has been providing web streaming of the NCAA B-Ball tourney for several years.. but alot of games were blacked out.  This year not the case… No games blacked out.

“This year, for the first time ever, you’ll be able to watch every game* of the NCAA Championship live online for free. All 63 games, from the First Round through the Final Four including the Championship Game, will be available with NCAA March Madness on Demand — so you’ll never have to miss a single shot.”

Sign-up now for “VIP” status , and enjoy.. While I am not a huge basketball fan I do like the tourney… and the cool factor is even higher on a webstream.

Did Apple use the word Enterpise?

Well the news spread like wildfire today… Apple announced their iPhone will have ActivSync in conjunction with Exchange…  and the release of the update is expected to hit in June… One of my huge issues with Apple is their continued unwillingness to play nicely with the enterprise environment; Specifically playing nicely with Exchange.  But all that may change which might also change our mobile device policy we established just a few months ago….

Our current mobile sync policy states:

If you intend to synchronize your PDA/Mobile device with Northwoods’ email, contacts, tasks, etc. that device must support Microsoft® Exchange ActiveSync® (For Exchange 2003 or later). 

Well I’ll tell you I haven’t signed up the Enterprise beta Program … yet, but I think for now we may come to new conclusions on which devices we ’support’.  I reserve the right to change my mind especially if the Apple ‘flavor’ of ActiveSync isn’t true ActiveSync and the OTA sync functions aren’t the same configuration as Windows Mobile 6 devices.  One interesting note.. will the iPhone support wildcard SSL certificates?

 So now, we only have no love for Blackberry… is that fair?  No, sorry but that’s just our support limitations.