Long time no blog! Let’s start from the start…

  It’s no surprise I haven’t kept to my blogging, I moved into my own house in September, I have been trying my best to help my 2 kids fit into new schools and nurseries and on the rare occasion I am not working or being a single dad I have been testing out dating websites. They suck, by the way.

Anyway, personal stuff aside, what have I been up to?

Team expansion

We were a little worried when one of the middle schools we support decided to become an RSA Academy, however because of how happy the SLT is there we actually got another first school which now shares an executive head with the middle school and now run the IT for them both!

This was really exciting for us as it meant we would have the challenge of piggybacking the new school onto one of our current networks. 

 Challenges included using a single exchange, two sims installs on one network, setting up smooth wall for both sites and quite a few more.

Pleasingly it went very well. No major issues.

We then heard from a larger middle school that we had approached, and come January we will be supporting them, taking the total to 7 schools. We will also be employing more staff and other exciting changes. There could be more in the pipeline as well before Christmas. But 7 is enough for now…!

There have been lots of other exciting work stuff, and some in the pipeline but won’t mention them all now as I struggle to blog as it is! Safe to say a new SAN is on its way and lots more Windows tablets. But also details on upgrading to Windows 10 at 7 schools! As well as other stuff I cannot disclose yet! 

Apple Watch and iPhone 

  So I bought an Apple Watch. And I upgraded to an iPhone 6 as well. Despite the upgrade via Carphone warehouse being one of the worst experiences of my life, I am really happy with both.

I have never been an Apple fanboy. I find their products over priced and missing features that other phones have as standard. 

However I was across Eco systems, Windows phone, ipad, Windows laptop, Apple TV and it just wasn’t working for me. 

I decided that being able to sync usage from my iPad and my iPhone was more important then these devices being able to interface say with my laptop. I would never edit documents on my phone or tablet, but I would like to share purchases between my mobile devices and my Apple TV. 

The biggest thing I missed on my Windows phone was apps. And the quality of apps. In no small part, the main reason I left Windows phone was how shite the Facebook app was.

I love the Windows phone OS and Windows 10 on phones will be great, but there are not enough apps and those that are there simply don’t work. 

So anyway, I got it. And after being disappointed initially win the the battery, I am sat here writing this post on it. Turning off some of the background tasks has meant battery can easily last a day now.

The Apple Watch is an indulgence for me. Let me be clear, it serves no real purpose. I could do everything better on my phone then on the watch.

But that doesn’t mean I want too. I enjoy having the notifications on my wrist. It saves me time, it stops me checking my phone all the time and it looks pretty cool.

There are some nice features on there which I will review in the future as well. I was looking at android wear and an android phone, but I am glad I made he choice to apple. It costs me nothing extra a month, infact I get more, for less!

The watch did, however leave a nasty burn on my skin, I presume it was a bit too tight but I am still surprised at the state of the burn. Something I am defiantly keeping an eye on!

Anyway, that’s the end of my short update. Hopefully now I have the app on my phone I may well post more. Maybe. 

Share This!
Share On Twitter
Share On Linkdin
Share On Pinterest

Why Student Advantage is more then just free office

Free office! For pretty much every youngster and educator in the UK. Crikey, what a deal!

It’s definitely something that gets parents and staff’s attention, with office costing circa £90 for home and student, it is a significant saving, and with the cross device usability (you can install on 5 devices including tablets) it is very appealing.

Clearly this is a great ploy for Microsoft marketing  – staff and pupils will now be hooked on the familiar and standardised programs for the rest of their lives. And as a result, business, where the big bucks are, will continue to invest in the product

So, aside from making sure schools are training the next generation of office users for the Microsoft coffers – we should look into why this is something that all schools should roll out…

And first off, it’s not for staffs benefit. Yes, they will probably create more with Microsoft products in the classroom, because they have improved access to the programs – which are, lets face it, the best around.

Actually, the fact is – in our case anyway – staff will probably not use free office for work as much as using the remote desktop, it will be faster sometimes to use office, but its just another tool we provide to make life as easy as possible for them. They have actually been using Office for free for years of course, in school. This just increases access.

No, the real benefit is for pupils. The ability to access their one drive, and do work on any device available to them is a game changer. The software will be the same as at school, so familiar, and work will be easily accessible. Single sign on means setup and access is simple. Web based version of office mean they don’t even need to install software.

Most pupils these days have tablets, and not laptops – well, office works on these as well now.

This ability for pupils, no matter what their financial situation to all be on an equal pegging for using technology to complete their homework is a great thing for schools to be offering. I know not all have internet, or a device – but the vast, vast majority at least have access.

This follows the route we have taken in school with our development plans, ICT is no longer just about dedicated IT rooms, it is making technology available for all when they need it, in easy to access, familiar way. We did it with our tablets, deploying some 380 odd which has made  huge impact to teaching and learning in school, and this roll out of office to pupils at home (along with their ability to use remote desktop) means we are, as much as possible, making IT easy to use at home for pupils. And that’s the key bit, making it easy. Remote desktop for pupils? Not at year 5. Office, which their parents set up to take advantage of, and instant access to save to school with no logging in or addresses? That’s easy!

Finally, as a MAC of 4 schools, this is something we are looking to roll out, because the biggest plus will be one drive and sharing documents, without having to join domains and all sorts. I will write about that more in the future, when I have had a chance to think it through, but the idea is an exciting one. And all this, under EES, at no extra cost.



Share This!
Share On Twitter
Share On Linkdin
Share On Pinterest

O365 and SSO

Recently I decided that I wanted to give all my users the free office they can get under EES Student Advantage. I had looked into this before and it was one hell of a nightmare to set up I thought, looking at the poor Microsoft documentation, and my own lack of understanding.

Ultimately I wanted to do the following:

  • Have users be able to login to O365, using their local domain credentials
  • Only allow them access to OneDrive and to download office (we have local exchange 2013 here)

So here is what I did, with some of the bits I did wrong removed. I am hoping I can remember it all.

1) Get the licences

I had to get my EES supplier to add the licences I needed, so Luke at Millgate got this set up (well, he didn’t, someone else who has an idea of anything more then sales did!)

These Show up as Online Service Activations in VLSC – and you need to have a MS account ready set up to import them into. I actually found it really hard to find the link to sign up for education accounts – but here it is:


From this page: https://products.office.com/en-us/academic/compare-office-365-education-plans

You get trials for 30 days of the full blown plan (E2/E3) but they are not actually what I wanted, I don’t want full O365. When you activate your Online Service from VLSC it creates new plans for staff and pupils which only gives them access to download the software and One Drive.

The rest of this will probably work for setting up full blown O365, but I haven’t trialed it. It certainly will get the users in.

2) Getting your domain sorted

Start this one early. You need to get some DNS or MX records done on your domain to prove your ownership, its straight forward stuff, but you cant sync users and do anything without it. Once logged into the 0365 control panel (login.microsoftonline.com) select domains and follow the instructions.

At this point, I strongly suggest setting up a user that is not someone who will be migrated over from AD at any point, for instance, I setup an admin2

3) Sorting out the Sync and SSO

So bloody complicated.

  • If your domain is a .local or similar, or it doesnt match the your external domain, you will need to add an additonal UPN: https://technet.microsoft.com/en-us/library/cc772007.aspx
  • You will then need to change the UPN users will use – you can do this in bulk in AD (select a load of users, right click etc), and it has no effect on anything else (or at least hasn’t so far)
  • Choose a server to be your ADFS Server, that is not a DC, if you run a remote access server, with HAP or RDC (or both) with its own SSL already in place, great. You need an SSL to do all this wizardry.
  • Install the ADFS role on this server. Best practice is to work through a ADFS proxy as well, but, well, I didn’t. Note: if you are installing on Server2008R2 you will need to download ADFS 2.0 – so don’t install the role. Install the role if Svr 2012R2
  • Install the Windows Azure Active Directory Module for Windows PowerShell – login to your admin on 0365 > users > Manage SSO and its number 3
  • On another server download and install DirSync – the software that will Sync your AD to the cloud: https://technet.microsoft.com/en-us/library/jj151800 – this is pretty straightforward, but, you will need to redo it if you mess up anything such as change passwords, or setup the wrong domain or something. Once done, you should see users appear within 10 minutes.
  • Back on your AFDS server, run the AFDS powershell – these are the all important commands you need to follow to setup the link etc
  1. Open the Microsoft Azure Active Directory Module for Windows PowerShell.
  2. Run $cred=Get-Credential. When this cmdlet prompts you for credentials, type your cloud service administrator account credentials.
  3. Run Connect-MsolService –Credential $cred. This cmdlet connects you to the cloud service. Creating a context that connects you to the cloud service is required before running any of the additional cmdlets installed by the tool.
  4. Run Set-MSOLAdfscontext -Computer <AD FS primary server>, where <AD FS primary server> is the internal FQDN name of the primary AD FS server. This cmdlet creates a context that connects you to AD FS.
    If you have installed the Microsoft Azure Active Directory Module on the primary server, then you do not need to run this cmdlet.
  5. Run Update-MSOLFederatedDomain –DomainName <domain>. This cmdlet updates the settings from AD FS into the cloud service and configures the trust relationship between the two.

Remember when it talks about a domain, you want the UPN that matches your external domain, not your internal one.

Finally – to get SSO working accross browsers: http://www.powerobjects.com/2012/11/02/adfs-and-single-sing-o-cross-browser/

I am not a great tutorial writer I am afraid, but hopefully this might put all the links and the general process in a useful place.

Share This!
Share On Twitter
Share On Linkdin
Share On Pinterest

Schools and social media

I am a big fan of social media. I have been on twitter since 2009, facebook from before that and I enjoy posting updates.

I like to share with family and close friends on facebook, particularly with 2 young kids and brothers who live a long way away.

I love how twitter allows me to interact with big brands and interesting individuals. I have sorted so many problems out by tweeting social media teams it is now my first port of call if I have an issue. It is also a geat professional development tool.

When it comes to schools however, it is a different story. I have launched facebook and twitter pages at three schools I support, and all have had fantastic success. A free way of interacting with parents, on a platform that has usage statistics like no other.

I was sat in an induction meeting for my sons new school on Thursday, and the school was raving about its website. I have been on its website, it is okay – but I can’t say I will return to check the news.

The reason? Websites are boring. I will visit it when I know I need to know about something, but not just to check it. I check my facebook though, all the time -so why don’t more schools embrace it?

You can put out  message and instantly people see it, can react and interact with it. It is free to boot!

At Bede’s we have nearly 700 facebook subscribers, and another 200 twitter followers, at a first school I support, some 200 parents follow it, and at the high school I used to work at, some 700 parents.

But the real interest for schools should be the engagement levels. Bede’s posts residentials as an event, allowing parents to ask questions, leave comments and like pictures. Engagement is incredibly high, and those parents then remain on our friends lists and get all future updates.

We actively encourage parents to talk to us via facebook, and it means we control our online presence. When the school account says something, everyone knows it is the truth, not word of mouth. Parents actually point any parents spreading untrue rumours, or who are simply not sure of something, to our pages for us and the right message gets put out.

The reasons behind schools not embracing is either, in my experience, leaders who do not engage with facebook or twitter on a personal level, and so are scared of it, and ill founded fears for safeguarding.

Many people worry about putting photos etc onto facebook and twitter, but happily share them on their websites. The simple fact is, when a photo is online, its online. That’s why robust procedures need to be in place to make sure that the photos that do go online are appropriate.

You do of course, need to be careful, a trustworthy person needs to manage and react instantly to anything on there that may escalate. You have to engage with users and provide a real insight to your school for the best results.

For years parents have wanted to look  at the inner workings of the schools their kids attend, and schools have wanted parents to play bigger roles at home to their children’s days at school -so imagine knowing what your child has done before they walk in the door does!

In these days of tightening budgets, an effective social media presence is free, and its ability to reach out to parents instantly and on mass is priceless.


Share This!
Share On Twitter
Share On Linkdin
Share On Pinterest

Exciting things.

We have whole school enrichment days at our main schools, normally it means all IT is booked out, and the network is just creaking. We don’t always have a direct input – but this is good – staff are confident to use the technology and plan with it themselves.

However, the upcoming enrichment day is one we are heavily involved in – and I am looking forward to it because we are doing some exciting things with IT kit to enhance the day. The theme is communication.

So we start off with a whole school radio station  – beamed lived from our office, on a MAC running NiceCast – and with staff tuning in around the school with VLC player – pupils will have access to Spotify and an expensive Snowball microphone to create 15 minute shows throughout the day, with a lunch time request show played live to the field and into the hall.

11265610_10152793891401691_3347506271467140059_nAnd secondly, we are rolling out skype and webcams into every classrooms – we have recently been linking up with some partner schools abroad via skype, and want to showcase this way of communication to pupils.

Both are exciting use of technology to enhance the day and I know my team and I are really excited to work on it, so much so, that we set up skype between our school ICT support offices, and then wondered why we even had our weekly meetings, when we could be online and connected all day!

Share This!
Share On Twitter
Share On Linkdin
Share On Pinterest

Making people listen

I had a fun job this half term – I had to migrate SIMs from SQL 2008 to 2014 – as the next SIMs release doesn’t support it.

Unfortunately the timing wasn’t great, recently we have had a few issues – and in the middle of some staff doing reports via remote desktop.

The migration didn’t go to plan, and it resulted in a night of downtime, as I disabled the server to stop people somehow, magically, loose data (I knew it was impossible, but didn’t want to risk it!)

Being the holidays, it threw into light our ability to communicate with staff during the holidays, or even out of normal school hours when things go wrong. These days our systems, across all 5 schools are used pretty much at all hours, I have seen staff logged on till 1/2am – and some start again at 5/6am – I have seen staff logged in on christmas day!

Our ability, therefore, to communicate outages (particularly in holidays when we complete maintenance and I am loathed to send out all staff emails that many will not read and disregard – and therefore they can think they can do the same with more important future emails) is especially important.

Our school website is hosted externally by Vidahost, so we are able to set up a status page on there, to allow staff, students and even parents who use Insight, access to see any issues. The page, as well as letting us write updates, pings key services to check availability, a quick way for staff to see if it is us – or them!

After updating the page recently with a few issues, I decided to update the pages design, to simplfy it – http://www.st-bedes.worcs.sch.uk/parents-information/service-status/ and to remind the staff of its existance.

A lot of staff emailed me directly, bypassing even the helpdesk, and this is not helpful. Our aim is to provide fast and efficient support, to do this – my team need to see issues that are reported. People have holidays or specific tasks, that may mean they are not on the helpdesk, but there is always someone there managing it – if things are sent to me, they will be dealt with as and when I can, and normally just me forwarding them to the helpdesk.

I wonder in business if this would actually happen. School’s want, nay, need professional IT support to move things forward for them and get best value from the people they have there, that is why many are not outsourcing. When teams put in procedures and resources – we now need to work with staff to make sure they understand why they should use the systems, ultimately it means a better service to them.





Share This!
Share On Twitter
Share On Linkdin
Share On Pinterest

Tales of woe: Exchange, SAN and Smoothwall failures

What a week.

It all started last week, when our exchange server just decided to stop working. One of my techies was updating SSL certificates as Chrome is sending warnings that it is out of date. A fairly simple process – but it turns out changing the SSL certificate raised issues from where we removed the old exchange server incorrectly after decommissioning it when upgrading 2010>2013 – causing IIS not to work, so no activesync, no autodiscover, no OWA.

Luckily, once we worked out where the issue lay, a bit of digging in ADSI edit and IIS manager and issue resolved. Phew.

Onto the next challenge, one of the Volumes on our cluster is down to 9% free, some 200GB, it decreases a fair bit each week, on investigation I think it is out Smoothwall server, a new VM, which is now logging.

So the next job was to move Smoothwall to a dedicated machine. Two reasons – I was fairly sure the logging and requests would be hammering the SAN and ISCSI links, and also if I located the physical server near the Virgin box, it would reduce the traffic accross the network, as the VM box is in a different building.

As smoothwall was a VM on our 2008r2 cluster, I exported the server, and then tried to import and boot on the new 2012R2 Dell mini server I had got, only to find you can’t do that. For future reference, 2008r2 needs to either go 2008r2>2012>2012r2 – or forget exporting, and copy and paste the files directly.

A weird gotcha, but a lesson learnt. Box worked today, upgraded the RAM a bit tonight, and then moved into front server room, minimal downtime, but the move did mean a late night, 12:30 finish last night

On Friday the week before, triumphant after the hassle with exchange I was doing easy jobs – one was to get the serial of the SAN to enable a supplier to quote on a JBOD (as I say, cluster storage is filling up!). When logging in to the SAN, which admittidly I don’t do very often, I noticed it was ‘degraded’ – DotHill’s very speedy support identified a faulty controller, which they replaced today.

Only problem being, the controller they replaced (a refurbished product) has failed. Luckily we have dual controllers, so no immediate danger, but a very annoying issue none the less, awaiting a reply and replacement now.

So, an eventful week – but I am focusing on the positives > Exchange sorted quite quickly considering the weirdness, and now old server all gone. The SAN’s failover has worked, twice, the failover cluster, failedover and Smoothwall is on it’s own box, on a VM so can easily be moved again.

At least it’s not been boring!

Share This!
Share On Twitter
Share On Linkdin
Share On Pinterest

How to fix Error code: 0x81000037 when using Windows 7’s Backup and Restore.

I have a few private clients that I have setup Windows Backup on to send data to a NAS drive. All works fine, until I get hit by an email saying backup isn’t working.

Twice now, it has turned out to be the same error code, and an error about not being able to read from the shadow copy.

The backup was not successful. The error is: Windows Backup failed while trying to read from the shadow copy on one of the volumes being backed up. Please check in the event logs for any relevant errors. (0x81000037).

I spent an age trying lots of different fixes – but the issue is NOT with your backup drive or location – its actually your PC/Laptop, and probably your anti virus. In my cases, it has been down to Security Essentials, a quick clear of the infected items (History > View all) and the backups work a treat

More info here: http://www.pagestart.com/win7br0x8100003701.html

Share This!
Share On Twitter
Share On Linkdin
Share On Pinterest

Damn you, Netgear.

So our Easter work schedule was pretty manic, perhaps more then expected. We have 3 new ICT work areas now, and they have seemed to fit in quite well, no drama there – infact with WDS in place, it was easy, and other then tell techs what to name the machines, I had no input in the actual build of the PCs.

No, my Easter was taken up worrying about the infrastructure work going on around the site. Due to the arrival of some 387 tablets, I had taken the opportunity to upgrade our switches from aging Allied Tellison to Netgear, on the recommendation of our usual infrastructure partner. I had spoken to Netgear at BETT, but I hadn’t really come away that fussed, they appeared to be offering better kit then HP, and my guy was confident in their kit.

The main selling point is that they could run 10GB over our existing OM1 fibre, meaning, we could use our 8 core run to have an 80GB backbone effectively (we have not yet, I hasten to point out!)

So, all goes well, we included in some work for tidying our second biggest cab as well, and moving it all into a nice new cab. We also VLAN off the CCTV, and the wifi, ready to enable Aerohive to manage the DHCP Scope for the wifi clients – enabling us to solve the problem of running out of IP addresses.

Apart from an issue where a switch wasn’t connected back to the VLAN 0, the start of term goes well, until the end of the first day – and the contractor, whilst investigating a newly dead port asks to restart one the main switches, with 10GB link module.

Stupidly, I said yes. It turns out, the switch had crashed, and didn’t like it when new cables were plugged in, simply not detecting them.

Safe to say, the switch did not restart. Even taking it out, and trying to get into the console only confirmed the kit was dead.

So, you would think getting a replacement was easy? It was only a day old anyway really, and we hadn’t even had it delivered for that long. Well, you have probably guessed, it wasn’t.

I took a punt and ordered the switches from Softcat, knowing they had a good relationship with suppliers, or so they claimed. Of course, the true colours of any supplier comes out when something goes wrong, and Softcat would not direct replace. We had to talk to Netgear.

This I did, and after a 30 min product registration was told I could send it back to Netgear, and they would then dispatch a second had refurb unit – or – in the unlikely case I didn’t want to replace my 1.3k switches for a refurb, I could give a code to SoftCat to send me out a new device.

Well, it appears Softcat and Netgear, then had an argument, and much to my annoyance the new switch almost got delayed again. Softcat, in fairness, did send one out pre 10 am, but still, the whole process was frustrating, and made me accutely aware that we need to ensure that we have hardware on site to manage the situation again if the kit dies. You can have all the server redundancy you want, but don’t forget your switches! As servers are useless without them!!



Share This!
Share On Twitter
Share On Linkdin
Share On Pinterest


Unrealistic expectations from users is a common theme of tickets and conversations in any IT support team. Our users, as consumers do, demand that products work to their exact specifications.

Unfortunately, the world of IT isn’t like that – it is often ‘best fit’ solutions that are in place. As much as it surprises some members of staff, we cannot command developers to include our specific wants in SIMs, or Windows, or Office.

These demands to get it working how users expect it, or to fix an issue that has no fix get bigger as IT systems are used more. Because of the impact our support and development has had at the schools we manage – IT is critical to their day to day function, and complaints are louder and more complex then ever before.

When networks are just left to ‘run’ the wants and expectations from staff die out with any enthusiasm they had for using IT.

So, in effect, these unrealistic expectations are proof you are doing your job right. Managing them is a key tool in continuing your networks development. Don’t just say ‘no’- offer alternatives – but don’t shy away from ensuring staff have an understanding of how software development works that they understand how unrealistic their demands and expectations of you are. No doubt, you will share their frustrations – make sure they know this too.

I always point staff to the fact that we never stop evaluating, to ensure we learn when things do go wrong. They go wrong for many different reasons, and staff need to know what these are. So when things go wrong (like internet outages) make sure you inform them of the reasons (even if it is you) – if users understand this more and more, it makes dealing with outages and issues so much easier.

For instance, our new deployment of tablets hasn’t defaulted to the existing iPads, iPads were the wrong choice. So when we get the demands (like today) to rewrite iOS to actually be Windows, we can point out that we have let someone else do it, and just bought windows tablets.

On the flip side, don’t expect people to care or want to understand too much. They are not you, and they will come back to the fact, it’s your job to get their IT working.


Share This!
Share On Twitter
Share On Linkdin
Share On Pinterest