VASS v The Real World

For those fortunate enough never to have heard of VASS, it’s a site maintained by VCAA where school administrators can enrol students in VCE/VET courses and record results. While I’ve no doubt that the service the site provides is essential for our school and students, the site itself with it’s browser restrictions and configuration requirements make accessing the VASS website from anywhere impossible

While VCAA have recently published their requirements for Windows 7 and Internet Explorer 9, they have only done so and supported IE9 since January 2012, a lethargic ten months after the IE9 release.

While we currently use a GPO dedicated to the VASS browser settings for our SOE desktops, we weren’t prepared to wait for VASS to support IE9 before we updated our fleet of staff tablets to the latest browser. 

This time last year we were trialling RemoteApp for remote access to Synergetic, our school database system. We had an immediate need for our VASS Coordinator to access the VASS web site and obviously had problems after the IE9 update.

This week we were challenged again when we were asked to add RemoteApp VASS for two other members of staff. The challenge was with VASS’ ridiculous requirement for a unique USB dongle for each VASS user. We’d overcome this with our original VASS user by adding a floppy drive to the RemoteApp virtual server and using WinImage to create a virtual floppy disk from the USB dongle. The problem was that our VASS RemoteApp solution was limited to a single user!

Our RemoteApp server is running Windows Server 2008 R2 64bit with Internet Explorer 8 and already has the ridiculous VASS browser settings applied

We started by using WinImage to take copies of the two new USB dongles and copied the FLP files to the RemoteApp server


The next step was to create a batch file to check the logged on user for the VASS RemoteApp and load a virtual floppy with the users USB Dongle. Since the virtual floppy in VMware wasn’t an option for 3 different users, we found a utility called IMDISK which was perfect since it works on 64bit Server 2008 R2 and has the benefit of only being visible to the logged on user, so the these VASS users would only be able to see their own “USB Dongle”, not all three.

Now remembering that RemoteApp is just a clever way of using an RDP session into a server, we could use %username% in our batch file so IMDISK would load the desired virtual floppy

rem imdisk -d -m A:

if %username% == user1 imdisk -a -f c:\vass\user1vass.flp -s 1440K -m A:
if %username% == user2 imdisk -a -f c:\vass\user2vass.flp -s 1440K -m A:
if %username% == user3 imdisk -a -f c:\vass\user3vass2.flp -s 1440K -m A:

"C:\Program Files (x86)\Internet Explorer\iexplore.exe"

NOTE: The first line dismounts any virtual floppy mounted at A:. This seemed to be a little unreliable and the virtual floppies seemed to get stuck unloading, and wouldn’t reload. This didn’t seem to be an issue with the way the RDP sessions work on the RemoteApp server

The last line of the VASS.CMD file loads the 32bit version of IE8 (remembering that the 64bit version is not supported by VASS) on the RemoteApp server and goes straight to the VASS login page.

The last step was to create add a new RemoteApp pointing to the VASS.CMD and distribute the new RDP file to those users


With this in place, it only takes a couple of minutes to add a new VASS user by taking an image of their USB dongle and updating the VASS.CMD file, and we’re looking forward to a Windows 8 / Internet Explorer 10 rollout later this year, knowing that VASS won’t be holding us back!

Sonicwall NetExtender SSLVPN and Windows 8

After an email exchange with James Hiscott and some hard work on his behalf, James has an update and Sonicwall have release an update version of the NetExtender available at Read James’ post here

Like most people we’re keenly testing the pre RTM releases of Windows 8 and evaluating new hardware from HP to workout what we’d like to use for staff and students next year. Currently I have Windows 8 CP on a HP Folio13 and really like how it’s working for me. The only problem has been getting the Sonicwall SSLVPN client to work on Windows 8, which for the last week has stopped me from ditching my 2740p tablet and making the Folio13 my sole mobile device

After a few attempts at the NetExtender install it completed successfully after I installed *all* the drivers for the Folio13 from the HP site.

That got me excited and I thought I was all set, I tested the SSLVPN client and it authenticated and connected and looked like it was working. It wasn’t until later that evening when I went to use the VPN that I realised it wasn’t working at all, and even though the connection looked fine there was no network traffic being received by the VPN client.


A little digging this morning at the log and debug log files indicated an issue with the routes being added when connecting the vpn

Log File

Debug Log File

By running route print I could see that the Sonicwall Netextender was interface 38

Open the Properties window for the NetExtender


Add the required routes to the bottom of the NxConnect.bat


Funnily enough, you don’t seem to need the route delete commands in the NxDisconnect.bat?

route DELETE
route DELETE
route DELETE

And finally you need to change the privileges for NetExtender shortcut to run with administrator privileges. If you have the NetExtender as a startup program, go to

C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu

Right-click on the shortcut and tick box for run this program as an administrator


After all of that my NetExtender settings seemed to be reliable and working the same as my Windows 7 devices