Category: Technology

Cisco UC560 factory reset

If you’re setting up a UC560, there’s times when you just want to start over (especially if you’ve made changes with the CLI).  There’s a great post by John Platts with the steps so all credit to John but I thought I’d also put them here as well. 

  1. Using your  blue console cable, connect the RJ-45 to the console port on the UC-500.  I use Putty to connect and now I use my KeySpan console-to-USB adapter as I can’t find a laptop with a serial cable any more.  So for me, I fire up the Keyspan utility, set Putty to serial and put the com port keyspan is using and I”m good to go. (Note: I always unplug all ethernet connections to the UC.  I’ve tried it with something plugged in and at times it seems the reset just doesn’t take and I have to do it all again).
  2. Once connected, type en and then Show Flash and you’re looking for something like <UC500model>-factory-<software pack>.cfg.  So you might see something like UC560-FXO-K9-factory-  For me it’s usually the last entry after doing Show Flash.
  3. Copy that file to startup-config.  So the command for my config name example above would be copy UC560-FXO-K9-factory-8.0.0.cfg startup-config and enter to confirm.
  4. Type service-m i0/0 se to access the CUE.
  5. Enter your username/password and hit enter (sometimes it needs Enter twice)
  6. In John’s post he says you’ll get UC500-CUE# if you’re in the CUE but I’ve been getting se-10-1-10-1# .  In fact, sometimes it takes me to se-10-1-10-1(config)# and I have to do en to get back for the next command.   But for others, it’s giving them UC560# when they are in CUE.  Not sure what’s up with that. (Note: If you have an issue connecting and it times out saying “Connection refused by remote host”, first issue the command service-m i0/0 se clear and then do service-m i0/0 se.
  7. From the CUE prompt, enter offline and y to confirm.
  8. Now your prompt should be se-10-1-10-1(offline)#.  type restore factory default and again y to confirm.
  9. At Press any key to reload: hit enter.
  10. At the System Online message, press Enter key.  Type Exit and press Enter.
  11. Once out of CUE, type reload and y to confirm to proceed with reload.

Once the UC500 is rebooted, it’s back to default and you can connect via IP as usual to the default IP for your unit.

Outlook 2010 Email Reading Tips

Personally, I like Outlook 2010 a lot but it does take some getting use to first.  On a new setup, here’s a couple of things I change right away to suit my needs.

Tip #1 Change Reading Pane to bottom

This one is pretty easy and know some people use it on the side.  But I like to see the columns with date and size so putting the reading pane on the bottom works much better for me.  For this just click the View tab at the top and you’ll see in the Layout section Reading Pane with a down arrow.  Just click the down arrow and select Bottom.

Tip #2 Mark email as read if viewed for 3 seconds

Since we read most emails in the preview Reading Pane, I also like to change it so the email is marked as read if I look at that email for 3 seconds.  To make that change:

  1. Click File and Options
  2. Select Mail on the left
  3. Click Reading Pane in the middle and check Mark items as read when viewed in Reading Pane and I usually change the seconds to 3.


Tip #3: After moving or deleting an email, move up

The other big one for me is after I delete an email, I want my selection to move Up, not Down.  I generally read emails from the bottom starting with the oldest so if I delete or move and email I want to then move on to the one above.  Here’s how:

  1. Click File and Options (just like before)
  2. Select Mail on the left
  3. Scroll all the way to the bottom and look in the section called Other.
  4. Where it shows After moving or deleting an open item, select Open the Previous Item.

So not the most glamorous or amazing tips but key tips for me and at least one is not in an obvious place to look…at least not to me. :)

Windows Platform FIPS error

Not sure what started it, but my Visual Studio projects stopped building with this error:

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

Others could build the code fine so that made it “my problem”.   While banging my head on the wall, another application we use that’s really a web based app wrapped in a desktop app quite working. It would just give an unhandle exception error and say “System.InvalidOperationException” error.  On a whim, I decided to let it debug and that fired up Visual Studio 2010.  To my suprise, there was the same FIPS error.  Now I had a root cause for both my issues which let me to Raj Rao’s post.  It was an old post (2007) but it got me going.  Other MS KB’s were related to .Net 2.0 and apps so I was at a lose so I gave it a shot.  Following Raj’s post, here’s what I did…

  1. I went to Administrative Tools, opened Local Security Policy
  2. Expand Local Policies
  3. Clicked Security Options
  4. There I found System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms was indeed set to Enabled.

I changed that setting to Disabled and everything started to work…didn’t even require a restart.  The default for that setting is Disabled so what enabled it I have no idea.  I didn’t need it so my researched ended there.  

Windows Update Error 80072EE2 on TMG 2010

After you install TMG 2010 on a server, you’ll probably notice that Windows Update no longer works giving error 80072EE2.

The fix is to set you Internet Explorer proxy setting to point to TMG on port 8080.  You probably know the steps but just in case, here’s what you need to do:

  1. Open Internet Explorer and go to Tools, Internet Options.
  2. Click the Connections tab and then Lan Settings
  3. Check the box to “Use a proxy server for your LAN” and then enter localhost for the address and 8080 for the port (assuming you haven’t changed TMG)
  4. Click OK and OK.

You should be able to run Windows Updates now without any problem.  Not sure I totally understand why that’s required for Windows Update since if you allow Localhost to External, you can browse the Internet just fine without adding TMG as your proxy server.  If anyone knows why it effects Windows Update, let me know.

SBS 2008 - Cannot connect to the configuration database

After installing the seemingly harmless Security Update for Windows SharePoint Services 3.0 x64(KB9834444) update on a SBS 2008 server, users complained the next day that they couldn't open CompanyWeb.  They would receive the error "Cannot connect to the configuration database."  In short, the fix was to re-run the Configuring Sharepoint Products and Technologies Wizard.  As soon as we kicked that off we received the message that there were new files that needed to be updated so obviously something needed to get upgraded that the Windows Update process didn't handle.  Seems like the kind of thing that should have received a pop-up of some sort during the Windows Update install.

At any rate, re-running the Configuring Sharepoint Products and Technologies Wizard in Administrative Tools fixed the issue. 

TMG 2010 - URL Redirect

One of the issues with the "cloud" world is most apps are hosted using SSL for security.  This means your URL is their URL.  For instance, Microsoft Online (BPOS) will use for OWA for North America.  If you just add a CNAME entry in DNS, that will redirect traffic but you'll get an SSL error since the names don't match.  For instance, redirecting .com">.com">https://owa.<yourdomain>.com to will sort of work but with the SSL error so it's ugly.

In the past I'd setup IIS pages that would just redirect http traffic to the https URL I wanted but that's a pain to setup each time.  With TMG 2010 (and really ISA 2006 also I believe), you can just deny that traffic and then redirect it to any URL you'd like.  Here's the steps to redirect in TMG 2010.

  1. Create a new non-SSL web publishing rule. 
  2. Give it any name for the internal site.  You have to give it something to get through the wizard but you won't actually publish anything internal.
  3. Create a listener for the IP that your DNS entry points to for that A Record.
  4. Once the rule is created, go to it's properties and select the Action tab
  5. Check the Deny option, the Redirect box, and enter your destination URL.



Here’s a screen shot of how I redirect OWA to BPOS.


Now when you browse to http://<initialURL> that traffic will be redirected to https://<targetURL>.  That'll at least give your users an easy initial URL to remember.  It won't hide that target URL which can be a shame in certain scenarios.  If the site just users HTTP, then CNAME records work great for that but as I mentioned before that'll give ugly verification errors for HTTPS.

Unable to RDP with one-way trust

We recently set up a one-way trust between two domains.  Some admins however were unable to make RDP connections to the servers in the trusting domain even though they were in a group that was part of the administrators group on the local servers.  After providing login credentials to domain A, they'd get authenticated and begin to login to comptuters in domain B only to get this error:

Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine

This error is occuring because we set up a "selective authentication" when we created our one-way trust.  We did that deliberately as we wanted to do just that and selectively allow access to resources in domain B.   Here's the fix...

  1. Open Active Directory for Users and Computers.
  2. Click View and enable Advanced Features
  3. Right click on the computer you need to allow access to and select Properties.
  4. Select Security tab.
  5. Add the desired user or group and check Allow for Allowed to authenticate.

That should get you going!

MS Operations Manager 2007 R2 RC Install Error

If you're installing Operations Manager 2007 R2 Release Candidate, be aware that before installing the Management Server, you need to not only install IIS but you need to enable IIS 6 Management Compatibility.  If you don't, you'll get the error below.

CAPACK: Extracting custom action to temporary directory:
CAPACK: Binding to CLR version v2.0.50727
Calling custom action
ConfigureAction: Error: Unknown error (0x80005000)
StackTrace:    at System.DirectoryServices.DirectoryEntry.Bind(Boolean
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.RefreshCache()
   at Microsoft.MOM.Setup.WebConsoleCustomAction.WebConsoleCA.Install(String
targetDir, Int32 portNumber, String rmsServer, Boolean windowsAuthOn, String
rootWebConfigFile, String mobileWebConfigFile, String rssWebConfigFile,
String publicKeyToken, String version)
Microsoft.MOM.Setup.WebConsoleCustomAction.WebConsoleCA.ConfigureAction(Session session)
Exception thrown by custom action:
System.Reflection.TargetInvocationException: Exception has been thrown by
the target of an invocation. ---> System.Runtime.InteropServices.COMException
(0x80005000): Unknown error (0x80005000)
   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.RefreshCache()
   at Microsoft.MOM.Setup.WebConsoleCustomAction.WebConsoleCA.Install(String
targetDir, Int32 portNumber, String rmsServer, Boolean windowsAuthOn, String
rootWebConfigFile, String mobileWebConfigFile, String rssWebConfigFile,
String publicKeyToken, String version)
Microsoft.MOM.Setup.WebConsoleCustomAction.WebConsoleCA.ConfigureAction(Session session)
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object
arguments, SignatureStruct& sig, MethodAttributes methodAttributes,
RuntimeTypeHandle typeOwner)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags
invokeAttr, Binder binder, Object parameters, CultureInfo culture, Boolean
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags
invokeAttr, Binder binder, Object parameters, CultureInfo culture)
   at Microsoft.WindowsInstaller.CustomActionProxy.InvokeCustomAction(Int32
sessionHandle, String entryPoint)
MSI (s) (8C:10) [17:21:35:881]: NOTE: custom action
_ConfigureAction.2FD07918_9082_437D_99BC_FD43602A4625 unexpectedly closed the
hInstall handle (type MSIHANDLE) provided to it. The custom action should be
fixed to not close that handle.
Action ended 17:21:35: InstallFinalize. Return value 3.

The error 0x80005000 was the key as that led me to Justin Gao's post letting me know that installing IIS 6 Management Compatibility was the key.  If that's listed as a pre-requisite I missed it and more importantly the "Check Prerequisite" missed it.

SBS 2008 Time Service NTP Setup

When setting up SBS 2008, I could find very little information on the right way to set it up to sync with a NTP source.  In fact, I can very little on how to do it on Windows Server 2008 in general.  There are articles on how to do it with Windows Server 2003 and the needed registry changes ( )  Those registry changes will work on W2K8 I'm 99% sure.  I wanted some verification as KB 816042 only list W2K3 in the "applies to" section but I couldn't find a W2K8 specific article.

By default, SBS 2008 uses which is either off or just not sync'ing correctly for one of our SBS servers.  So I needed to change it to servers and wanted to know the "SBS 2008" way to do it.  Not sure that I found it but here's what I did.   Rather than make the registry changes, I went command line and let it take care of it for me.  This has the benefit that you could write a script that took the NTP servers as parameters (which may be useful only if you're regularly setting up domains like I am).

Open a command prompt with Run as Administrator and enter the following commands.

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
net time /,,2,, w32tm /config /syncfromflags:MANUAL /manualpeerlist:",0x8,0x8,0x8,0x8"
net stop w32time
net start w32time
w32tm /resync /rediscover

Often I get an error on w32tm /unregister that "access is denied" but it seems to remove the previous entries like it should so I still do it.  Since SBS is the PDC, the time should replicate to all your domain computers as they re-sync with SBS for their time.

Hope this helps.

ActiveSync calendar won't stop syncing

I've been having a repeated problem with my AT&T Tilt.  Suddenly my battery will just start dying in a matter of hours.  Finally I notice that in ActiveSync my calendar just keeps syncing.  There will be a message like "Syncing calendar entry 700, 701, 702, 703, etc.  It just keep going and never stops (thus draining my battery).  Also, during this time if I'm in an area that doesn't have 3G then all my calls where going straight to voice mail.

My first fix was to delete my partnership, recreate, and resync.  That worked once but then I added a new appointment in Exchange (in Outlook not on my phone) and about 30 minutes later I had a message that my battery was almost dead.  It was fully charged 30 minutes ago, so I checked and sure enough the calendar was syncing away.  This time the delete and recreate of my partnership didn't work.  These steps did.

  1. On your phone go to Settings, the System tab, and then Clocks & Alarms.
  2. Change your time zone to one that does not recognize daylight savings time.  (For instance GMT-4 Manaus)  When prompted to confirm, click YES
  3. In ActiveSync, click Sync.
  4. Go back to Clocks & Alarms and change your time zone back to your home time zone.
  5. In ActiveSync, click Sync.

It seems to be related to the DST changes but I'm not sure if it's a problem on the Exchange server or on the phone.  Hope this helps.