The phone rings; “My email isn’t working.” Now you have to decide: do you drive across town to give in-person support, or try to find a solution from where you are sitting? Personal visits for every support request are impractical, but telephone support can be frustrating and, at worst, a waste of time when a visit proves necessary after all.
One factor is the technical competence of the user. For example, perhaps you want to look in the Windows event viewer for disk errors. For some users that’s a simple instruction: “Have a look at the System log in the Event viewer - are there any disk errors?” More often you will need to talk the user through opening the Start menu, finding Control Panel, opening Administrative Tools, then Event Viewer, then finding the System log, and scrolling through it to look for relevant entries. Since you cannot see what the user sees, this demands patience on both sides of the conversation.
Two things are obvious. First, judging whether a visit is needed is an inexact science. Second, if you can view and operate the user’s screen, many support tasks become much easier. There are a wide range of tools that make this possible – and many of them won't cost you anything - but they work better if you've already taken the right steps in advance to make providing remote support easier.
Supporting servers remotely
Many of your customers will have Windows Server installed, most likely in the form of Small Business Server, but nobody in-house with the expertise to manage it or report the details to you, making it an ideal candidate for remote support. These instructions presume you have some way of opening a remote desktop session on the server, whether via Microsoft VPN or Remote Web Workplace or hardware VPN or some other route.
Security matters, so remember the basics. Rename the administrator account. Use a low-privilege account for the VPN connection, then log on as an administrator over that connection. Use strong passwords. Make sure that the username and password is never passed over the Internet in plain text, for example to collect email. Otherwise it is vulnerable to interception by a packet sniffer, particularly if you connect from public locations. That means using the secure variants of POP3 and IMAP, or Outlook Web Access over SSL, and not using FTP, certainly not with a password you care about.
Set up for remote support in advance; always enable VPN and remote desktop. Enable remote ping to the server too. Ping, which uses ICMP (Internet Control Message Protocol), lets you check the status of a machine on a network. It is often blocked by default from external requests. That makes sense if no other services are published either, as the machine will be invisible to port scanners, but typically SBS is publishing services including email, Outlook Web Access and Remote Web Workplace, so you may as well allow ping as well.
Presuming that the server is behind a router and firewall, you can choose whether to enable it on the hardware device, in which case it will work even if the server is down, or pass it through to the server. There’s a case for each; but if you choose the server option you need to enable it there as the Windows firewall blocks it by default. Enabling it on the router is just as useful.
If the user reports an Internet problem, and your ping fails, then the problem is most likely external; the obvious step is to complain to the ISP or the telecom provider. But before you do, ask the user to reboot the router and modem. ADSL modems sometimes get into a state where they can no longer connect and when maintenance at the exchange interrupts the DSL connection, not all modems recover automatically.
Set up monitoring and alerts
Usually you’ll want servers for which you are responsible to email status reports to you at least daily. This means that you can catch problems like running of out disk space before they happen. Further, when a user rings with problems, you can check the latest report for clues.
Check out Monitoring servers remotely
for more advanced remote monitoring options for Windows Server, but in Small Business Server 2003, you can set up email reports from the Server Management console
. Select Monitoring and Reporting >Set up Monitoring Reports and Alerts and use the wizard to have a daily report emailed to you.
This wizard also sets up email notifications triggered by certain events. The actual events are controlled by a separate dialog, reached by selecting Change Alert Notifications. Even with all the defaults, a typical Small Business Server will not bombard you with emails.
You can make your life simpler by cleaning up the error logs. The better the server is managed, the more valuable the alerts; if the server is just about running, but the event log is littered with errors, then it is hard to see new problems amidst the noise. Admittedly, pretty much every Windows server reports some errors, and some of these are safe to ignore according to Microsoft. Nevertheless, it pays to keep the system as clean as possible.
You can get email reports from Linux servers as well as Windows servers; set up cron jobs (scheduled tasks) to email the output from vmstat and other utilities, monitoring disk space, CPU usage and other key statistics.
What you can do with remote desktop on the server
The better question is: what can’t you do? Most things are common sense. You can eject a tape, but not insert one. Some applications detect that they are running under Terminal Services and modify their behaviour, which can be a problem. Restarting the server is possible, but risky since if the restart fails then the server is offline until you or someone else gives it physical attention. Windows may hide the restart option, but it is always accessible from the command line:
Run shutdown without arguments to see all the options.
If your remote session is interrupted and you have to reconnect, Windows may give you a new session instead of reconnecting to the old one. To fix this, run Terminal Services Manager, from Administrative Tools, in your new session. This lists the active users and sessions. Right-click a session or user and choose Connect to return to that session; or choose Log off to end an orphaned session.
Ctrl-Alt-Del in a remote desktop session will be intercepted by the client. If you need Task Manager, run it directly, with Start > Run > Taskmgr (or by right-clicking on the taskbar and choosing Task Manager, or using the Ctrl-Shift-Esc shortcut, which won't be intercepted).
Sometimes you can connect successfully via VPN, but Remote Desktop does not work. In this case command-line and remote tools come into their own. In extremis you can use the shutdown command to restart another machine on the network and the Sysinternals tools are excellent for both local and remote troubleshooting.
Supporting PC problems can be more challenging than server support, particularly in small businesses where there is likely to be a variety of hardware and software in use with no standard desktop build. Some questions can be answered instantly or take no more than a quick Google search; others can be intricate and difficult to solve. Seeing the screen is usually a great advantage, especially if there is an error message. Even the crude solution of grabbing the screen can save a lot of questioning. Ask the user to press PrtScn, or Alt-PrtScn to grab a single window, paste it into an email (via Paint if necessary), and send it to you.
Windows Vista has the Snipping tool, which is practically a built-in support solution. Get the user to type “Snip” into the Vista search box, then click Snipping Tool when it appears in the results - usually just Snip and Enter will do. The Snipping Tool opens; click New to start a new snip, or drop-down the menu to choose between rectangular, free-form, single window or full screen capture. When the capture is done, the user can mark it with a highlighter to show problem areas, and choose Send to > ‘Email recipient as attachment (recommended)’ to email the screen grab to you.
It is even better if you can get full desktop access. Where you can connect by VPN or perhaps Remote Web Workplace you can use Microsoft’s Remote Desktop to access the user’s machine. The user must check the option to “Allow users to connect remotely to this computer”, which is in System Properties, accessible by right-clicking My Computer and choosing Properties. If the user is willing to divulge their username and password, this is ideal since you can connect to the running session. The local user is disconnected and sees a logon screen. When you disconnect, the user can log back on and continue.
If you want to connect by remote desktop, but the user has not enabled remote desktop and is not around to do so, you can use the same remote registry edit to enable remote desktop on user PCs as on servers as long as you have administrative permissions on the user’s machine, for example as domain administrator. A restart is not always needed. Run Regedit, and from the File menu choose Connect Network Registry. Enter the name or IP number of the computer. When the remote registry opens, navigate to HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server.
Double-click fDenyTSConnections and change the value from 1 to 0. You might also need to modify the firewall, for example using Psexec:
netsh firewall set service type = remotedesktop mode = enable
If the user is around, sharing their screen to see the problem and either talking them through the solution or taking control to fix it for them is often fastest. Remember to be careful about closing applications that could have unsaved data in; the user may feel uncomfortable about having you see their browser history, personal email or work in progress and if you lose any of their work, you’ll have a hard time persuading them to allow remote control in the future.
There are many free tools, but Remote Assistance, is built in to Windows XP and Vista and expressly designed for remote support. Microsoft’s Live Messenger is ubiquitous (it’s in every recent copy of Windows unless it’s been explicitly removed) and it’s the easiest way to use Remote Messenger. The only prerequisite for Remote Assistance via Messenger is that both the user and the expert are signed in. Messenger does not have to be the same version at both ends.
Remote Assistance has changed a little in Windows Vista. Voice over IP is gone, sessions can now be paused, and a connection password is required. Vista users can give remote assistance to XP users, but not vice versa. And if you're supporting a Vista user, make sure you both have Service Pack 1 or you can’t click on UAC elevation prompts.
Remote Assistance uses port 3389, which isn’t typically passed over the Internet; you’ll find instructions for changing the port in our feature Monitoring Servers Remotely
. But as long as the request is initiated from Messenger, the session will work behind a firewall provided the port is not actually blocked, which means you can make the connection without talking the user through changing the port.
Using conferencing for remote support
Remote support is often in effect a conference for two people, and standard conferencing software can work well for support. Adobe’s ConnectNow is particularly convenient, because it is based on the reliable Flash runtime, is currently free for up to three people (including the host), and works well behind firewalls. It also supports screen sharing.
To use ConnectNow
, both users need to sign up for accounts at http://www.acrobat.com
, but that’s a quick and easy process. Next, one of the users starts a meeting. It is best if the user does this, as otherwise the screen sharing option may not appear. If this is the first time they’ve used ConnectNow, there is a browser add-in to install, and of course the latest Flash player is also required. Each meeting in ConnectNow has an URL, such as, https://na2.connectnow.acrobat.com/someuser
The meeting opens in a separate window outside the browser. The user now needs to give you the URL of the meeting by email or IM. You open the URL to join the meeting, after the user confirms the join request.
Once the meeting is under way, participants have tools including chat, file exchange, whiteboard, voice over IP and screen sharing. When screen sharing is started, you can request control and get a remote desktop, though in our tests it was extremely slow to respond. With ConnectNow it may be better to instruct the user, with sight of their screen, rather than grabbing direct control.
Some online conferring systems have tools designed specifically support, for an extra cost. WebEx (www.webex.com) has a suite of packages called WebEx Support Center, with two main components: Remote Support and Remote Access. Remote Support is essentially a Web conference, and requires the installation of the WebEx Meeting Manager add-on on all participating PCs. Once connected, there are handy features including full desktop sharing, the ability to annotate a live desktop, screen capture, and a built-in system information tool. The shared desktop is in reduced resolution and in that respect isn’t as good as Microsoft’s remote desktop, and performance under shared control is not great, but it is designed to work cross-platform with Windows, Mac, Linux and Solaris, and to work well across networks and firewalls by using just HTTP and HTTPS. There is also the option to share just a single application.
Remote Access is a companion product for logging onto remote computers without the presence of a local user. A Reboot and Reconnect feature closes all applications, reboots and then reconnects, even in safe mode if necessary. Remote Support costs from £85.00 ex VAT per month per support representative. Remote Access costs from £85.00 ex VAT per month for up to 10 computers.
) is pricier (£1,590 exc VAT for each ‘consultant’) but you can support as many users as you want across multiple companies, and the free viewer they need runs directly from the Web site with no software to install. The tool can also query the system information on their PC directly so you can see basic information or custom registry settings as soon as you connect, and users can hide individual applications from you, so there are fewer privacy worries.
If you can install software on the user’s PC (which you’ll probably want to reserve for key clients who need a lot of help), Radmin
) is a simple and effective tool for remote PC access. There are no browser add-ins or ActiveX controls; just two applications, one a server and one a viewer. The server costs from £27.00 ex VAT for each computer and installs on the target PC, with settings including a port number and a permissions model, either simple username and password, or integrated Windows security. The former is easier for remote support over the Internet. With the server running on the PC, you run the viewer application anywhere on the Internet, enters the IP number, port and user details, and connects. Performance is excellent, and there are extra features including text chat, remote clipboard and voice over IP.
The main snag with Radmin is that each target PC must be accessible over the Internet on an unique IP number/port combination. This means that PCs behind a NAT router must each have different Radmin ports, with the router configured to forward them. With that proviso, it works beautifully, but you won't have that luxury in small offices and when you’re supporting users working from home. If you have a mix of customers with different needs and networking setup, you may need a range of tools to deal with all of them.