LDSAccess, Odyssey Client and Desktop 5.5

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
jdlessley
Community Moderators
Posts: 6522
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

LDSAccess, Odyssey Client and Desktop 5.5

Postby jdlessley » Mon Apr 28, 2008 10:58 pm

Two of the three things in this thread's title do not work at all together. Tech support says that it is LDSAccess and Odyssey Client. I need a little feedback about this.

After spending several days configuring our wireless access points tech support finally got things working to support both 'LDSAccess network 'public' access and the restricted access network, 'moroni', using Odyssey Client network control software to the CCN. I am not complaining about the length of time or the technical expertise of the technicians. I just thought it would take a few minutes, not three days and three different technicians. I also did not think there would be issues with LDSAccess and Odyssey Client together since there were no threads discussing any compatibility problems.

A little background may be in order. Ever since the Presiding Bishopric gave the go ahead to connect administrative computers to CCNs our stake presidency wanted to proceed. I waited until all the issues had been discussed on the tech support forums and the global support representatives were up to speed before proceeding. I wanted to forgo using Odyssey Client on the administrative computers and just connect using the LDSAccess network profile. When I called the GSD to have the profile pushed to the WAPs a lot of work had to be done since we had not been using our wireless network for several years. We have the Cisco 1200 series WAPS and the Cisco 501 PIX for our network. All the firmware had to be updated and the repeaters recovered for reprogramming since they were not remotely accessible in their previous configuration (condition). That took a few hours the first day. The next day I purchased an Odyssey Client compatible wireless network card - just in case I might have to use Odyssey Client - and installed it on the stake clerk’s computer along with the security software version 1.6.1. The stake clerk’s computer would be the test bed before proceeding with the other three computers in the building.

When I could not get the computer to connect to the LDSAccess network I once again called the GSD and worked with a level 2 technician for five hours. We did everything under the sun and checked everything several times but could not get a connection – even reprogramming the WAPs two more times. The technician finally gave up but asked me to check three things before I called back the next day. I checked the wireless card in my personal computer at home on my wireless network. It worked fine. I moved the clerk’s computer to within eight feet of the WAP in the family history center to ensure adequate signal strength but still could not get a connection. The last thing I checked was to try to connect a laptop to the network but could not get a connection.

I once again called the GSD on the third day and explained all that had been done the two previous days and the three things I checked. Once again we started from scratch and worked through all that had been done the previous day - several times. I then decided to try using Odyssey Client with the moroni network instead of LDSAccess. It worked fine - we were able to connect. Then I disabled Odyssey Client and tried to connect to LDSAccess using the Windows network utility. LDSAccess would just not work. Finally the technician talked to a supervisor and was told that the encryption on Odyssey Client was not compatible with LDSAccess. OK, so I uninstalled Odyssey Client and tried to connect to LDSAccess - no luck.

At this point I was just happy to get a connection using Odyssey Client and the moroni network. Later that day I was able to connect a personal laptop to the LDSAccess network.

After all that, my question is why can I not get a connection on an administrative computer configured with Desktop 5.5 on LDSAccess - with or without Odyssey Client installed? Signal strength is not an issue. I can just possibly believe the encryption issue with Odyssey Client and LDSAccess. Is there something about Desktop 5.5 that makes connection with LDSAccess impossible?

Another side question. I noticed that the filtering on the clerk’s computer is LDS Restricted Access. Is that a function of Odyssey Client and the moroni network or Desktop 5.5 or both? Obviously the CCN is LDS Limited Access as it comes from the family history center.

lajackson
Community Moderators
Posts: 6129
Joined: Mon Mar 17, 2008 9:27 pm
Location: US

Postby lajackson » Tue Apr 29, 2008 6:01 pm

jdlessley wrote:Another side question. I noticed that the filtering on the clerk’s computer is LDS Restricted Access. Is that a function of Odyssey Client ... or Desktop 5.5 or both? Obviously the CCN is LDS Limited Access as it comes from the family history center.


I believe Global Support sets the access based on the decision of the stake president for a particular building. We were told that in buildings with a family history center we had to use Limited access. Then we were told we could put specific computers on Restricted access if desired.

But no one has been able to figure out how to do it yet, so they are all on Limited access because of the FHC.

jdlessley
Community Moderators
Posts: 6522
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Tue Apr 29, 2008 8:49 pm

The CCN is LDS Limited Access and is set in the Cisco PIX. However the administrative computer which is also connected to the CCN is LDS Restricted Access. Global Support does not have access to the administrative computer without remote control being activated through LANDesk Manager on the administrative computer end. Therefore the filter has to be a part of a software package install - either Desktop 5.5 or Local Unit Security Software 1.6.1 on the computer.

I asked this question because the security tab on the internet options control console is missing and the group policy for this item is not configured. Also the LAN settings of the connections tab on the internet options control console is set to use a proxy server for the restricted LDS web sites. I do not want to change these settings because it is exactly what we need. But I do want to know how the configuration was effected so I can more effectively manage the computers when settings get 'adjusted' through unauthorized tampering. (Another argument as to why I think using administrator privileges for everyday clerk logon is bad. -- I know - MLS must have administrator privileges to work.)

User avatar
aebrown
Community Administrator
Posts: 14685
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Wed Apr 30, 2008 5:41 am

jdlessley wrote:The CCN is LDS Limited Access and is set in the Cisco PIX. However the administrative computer which is also connected to the CCN is LDS Restricted Access. Global Support does not have access to the administrative computer without remote control being activated through LANDesk Manager on the administrative computer end. Therefore the filter has to be a part of a software package install - either Desktop 5.5 or Local Unit Security Software 1.6.1 on the computer.


I'm curious how you are able to make the definitive statement that the administrative computer has "LDS Restricted Access." We have a CCN in our stake center, which the stake administrative computer is connected to, and while I know of no place to view any filtering settings, clearly we have much broader access to the Internet than LDS Restricted Access.

As near as I can tell, the stake administrative computer seems to be able to access all the same sites that the FHC computers can. I see no evidence that either Desktop 5.5 or LUSS 1.6.1 controls the internet filtering, but I'd love to be informed if that is the case.

jdlessley
Community Moderators
Posts: 6522
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Wed Apr 30, 2008 11:17 am

I am not sitting at the stake computer right now so I am recalling settings by memory.

As I stated above, the stake clerk computer that I set up for wireless access has configuration changes and settngs that permit access only to a whitelist of sites. These sites are the small handful of Church sites such as lds.org and others.

Since I am the one who set up the computer and did not make these changes I can only assume software I installed, all of which are Church packages, made those changes.

russellhltn
Community Administrator
Posts: 20724
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Wed Apr 30, 2008 11:31 am

jdlessley wrote:Since I am the one who set up the computer and did not make these changes I can only assume software I installed, all of which are Church packages, made those changes.


Perhaps it's a limitation that was placed on all wireless users?

jdlessley
Community Moderators
Posts: 6522
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Wed Apr 30, 2008 1:29 pm

My thought now is that the changes were made when I installed Odyssey Client. I will have to check other administrative computers without Odyssey Client or the latest version of Local Unit Internet Security installed.

Without looking at another administrative computer I'm not certain that a dial-up only system has the Local Unit Security software installed. Does anybody know? I installed Local Unit Internet Security from a CD that I got from the FM group. I don't know if the LUIS was just an update or a new install.

I know there were about 89 Windows XP hotfixes on the CD. I didn't pay much attention to possible collateral software installs when I ran the CD setup.

lajackson
Community Moderators
Posts: 6129
Joined: Mon Mar 17, 2008 9:27 pm
Location: US

Postby lajackson » Wed Apr 30, 2008 9:15 pm

jdlessley wrote:I'm not certain that a dial-up only system has the Local Unit Security software installed.


We have installed the Local Unit Security software on all of our administrative machines. It was added when we installed the Desktop 5.5 image. All of the machines use dial-up except one.

jdlessley
Community Moderators
Posts: 6522
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Wed Apr 30, 2008 9:50 pm

So then I guess that Desktop 5.5 is where the configuration changes are effected. If group policy has not been configured for these changes that must mean the changes have been made in the registry.

jdlessley
Community Moderators
Posts: 6522
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Wed Apr 30, 2008 9:56 pm

Has anybody else had problems connecting an administrative computer (with Desktop 5.5) wirelessly to the CCN using just LDSAccess?


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest