MS Operations Manager 2007 R2 RC Install Error

If you're installing Operations Manager 2007 R2 Release Candidate, be aware that before installing the Management Server, you need to not only install IIS but you need to enable IIS 6 Management Compatibility.  If you don't, you'll get the error below.

CAPACK: Extracting custom action to temporary directory:
CAPACK: Binding to CLR version v2.0.50727
Calling custom action
ConfigureAction: Error: Unknown error (0x80005000)
StackTrace:    at System.DirectoryServices.DirectoryEntry.Bind(Boolean
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.RefreshCache()
   at Microsoft.MOM.Setup.WebConsoleCustomAction.WebConsoleCA.Install(String
targetDir, Int32 portNumber, String rmsServer, Boolean windowsAuthOn, String
rootWebConfigFile, String mobileWebConfigFile, String rssWebConfigFile,
String publicKeyToken, String version)
Microsoft.MOM.Setup.WebConsoleCustomAction.WebConsoleCA.ConfigureAction(Session session)
Exception thrown by custom action:
System.Reflection.TargetInvocationException: Exception has been thrown by
the target of an invocation. ---> System.Runtime.InteropServices.COMException
(0x80005000): Unknown error (0x80005000)
   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.RefreshCache()
   at Microsoft.MOM.Setup.WebConsoleCustomAction.WebConsoleCA.Install(String
targetDir, Int32 portNumber, String rmsServer, Boolean windowsAuthOn, String
rootWebConfigFile, String mobileWebConfigFile, String rssWebConfigFile,
String publicKeyToken, String version)
Microsoft.MOM.Setup.WebConsoleCustomAction.WebConsoleCA.ConfigureAction(Session session)
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object
arguments, SignatureStruct& sig, MethodAttributes methodAttributes,
RuntimeTypeHandle typeOwner)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags
invokeAttr, Binder binder, Object parameters, CultureInfo culture, Boolean
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags
invokeAttr, Binder binder, Object parameters, CultureInfo culture)
   at Microsoft.WindowsInstaller.CustomActionProxy.InvokeCustomAction(Int32
sessionHandle, String entryPoint)
MSI (s) (8C:10) [17:21:35:881]: NOTE: custom action
_ConfigureAction.2FD07918_9082_437D_99BC_FD43602A4625 unexpectedly closed the
hInstall handle (type MSIHANDLE) provided to it. The custom action should be
fixed to not close that handle.
Action ended 17:21:35: InstallFinalize. Return value 3.

The error 0x80005000 was the key as that led me to Justin Gao's post letting me know that installing IIS 6 Management Compatibility was the key.  If that's listed as a pre-requisite I missed it and more importantly the "Check Prerequisite" missed it.

SBS 2008 Time Service NTP Setup

When setting up SBS 2008, I could find very little information on the right way to set it up to sync with a NTP source.  In fact, I can very little on how to do it on Windows Server 2008 in general.  There are articles on how to do it with Windows Server 2003 and the needed registry changes ( )  Those registry changes will work on W2K8 I'm 99% sure.  I wanted some verification as KB 816042 only list W2K3 in the "applies to" section but I couldn't find a W2K8 specific article.

By default, SBS 2008 uses which is either off or just not sync'ing correctly for one of our SBS servers.  So I needed to change it to servers and wanted to know the "SBS 2008" way to do it.  Not sure that I found it but here's what I did.   Rather than make the registry changes, I went command line and let it take care of it for me.  This has the benefit that you could write a script that took the NTP servers as parameters (which may be useful only if you're regularly setting up domains like I am).

Open a command prompt with Run as Administrator and enter the following commands.

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
net time /,,2,, w32tm /config /syncfromflags:MANUAL /manualpeerlist:",0x8,0x8,0x8,0x8"
net stop w32time
net start w32time
w32tm /resync /rediscover

Often I get an error on w32tm /unregister that "access is denied" but it seems to remove the previous entries like it should so I still do it.  Since SBS is the PDC, the time should replicate to all your domain computers as they re-sync with SBS for their time.

Hope this helps.

ActiveSync calendar won't stop syncing

I've been having a repeated problem with my AT&T Tilt.  Suddenly my battery will just start dying in a matter of hours.  Finally I notice that in ActiveSync my calendar just keeps syncing.  There will be a message like "Syncing calendar entry 700, 701, 702, 703, etc.  It just keep going and never stops (thus draining my battery).  Also, during this time if I'm in an area that doesn't have 3G then all my calls where going straight to voice mail.

My first fix was to delete my partnership, recreate, and resync.  That worked once but then I added a new appointment in Exchange (in Outlook not on my phone) and about 30 minutes later I had a message that my battery was almost dead.  It was fully charged 30 minutes ago, so I checked and sure enough the calendar was syncing away.  This time the delete and recreate of my partnership didn't work.  These steps did.

  1. On your phone go to Settings, the System tab, and then Clocks & Alarms.
  2. Change your time zone to one that does not recognize daylight savings time.  (For instance GMT-4 Manaus)  When prompted to confirm, click YES
  3. In ActiveSync, click Sync.
  4. Go back to Clocks & Alarms and change your time zone back to your home time zone.
  5. In ActiveSync, click Sync.

It seems to be related to the DST changes but I'm not sure if it's a problem on the Exchange server or on the phone.  Hope this helps.

Calyptix - is this a firewall?

Okay, I'm about 6 months behind on writting this post so if the world has changed in 6 months, please add comments and I'll update.  I'm shocked at how difficult it has been to select a standard firewall for the SMB space.  I THINK I've tried them all and and have been surprised and how there just isn't one that has all the features I want.  With SBS 2008 removing ISA, the need to have a firewall solution was key.  I'll admit, I love ISA and though many partners didn't we deployed it with SBS as often as we could.  If you knew how to set it up (and that's why customer' need partners like us!), ISA gave Enterprise security to SMB's like no other product yet.  After being disappointed in the change, I know find that I really like not having the firewall and the SBS server on the same box.  The ability to reboot the server and keep Internet going has given much more flexibility not to mention a firewall appliance typically restarts much faster than a server reboot.  I'm still surprised MS didn't work with a partner to offer a low-end ISA appliance....but I digress.

In my quest for our standard firewall, I of course looked at Cisco's's a good firewall but I always struggle with the fact that they come obviously from the network world.  I'm a GUI guy (so shoot me) and so many times to get a ASA setup correct, you really need to do it all from the console.  Ask for support and they have you go to the console.  Tell them you want to use the GUI and you immediately get moved to the moron designation.  And dealing with IPSec tunnels with the Cypto Map this and Crypto Map's just not that intuitive.  That being said, Cisco support was pretty good when I call and would jump on the device and fix my issues very quickly.

However, based on Scott Cover's blog entry and the fact that they spend time working with the MSP community I jumped all in with Calyptix.  Signed up as a partner, ordered a NFR, and even sold one in my first week to a large customer for their lab environment.  It's considered a UTM and maybe it is.  My question is "is it a firewall?".  So what's missing?  Well firewall rules for one.  I couldn't add rules and move the up and down in priority.  Calyptix support says that's coming.  So if you're use to ISA or Checkpoint, you just don't have that power right now. 

The big shock for me was trying to set up an IPSec tunnel to a Cisco ASA.  The phase 1 and phase 2 settings just weren't there.  They had some IPSec settings but not all of the industry standard settings.  I believe what's going on is the settings are of course in the BSD firewall underneath but just not exposed through their GUI. 

So to me, this isn't ready for what we need to do.  If you have a very small office and just want to plug in a simple UTM then this may be the way to go.  But we wanted a UTM that handled UTM functionality but also gave us Enterprise features when we needed it.

What's positive about Calyptix?  The company!  I think that's were you get the good reviews on Calyptix.  They're based out of Charlotte, NC so that means English speaking support (well, if you speak Southern like I do).  The main engineer/developer is Lawrence and he is awesome and will do what ever he can to help you and fix your problem.  In my case he wasn't able to meet a core requirement and get the Calyptix to connect to ASA but it wasn't for lack of effort.  They've just been focusing in the SMB space and haven't had to add those features yet.  In time, I think they will.  They may have it all now...I should have wrote this post 6 months ago because I know how frustrating it was for me when I was trying to research firewalls.

In summary, Calyptix is a great company but their product is still young.  I'll certainly keep and eye on their product.

CheckPoint Safe@Office quick review

In the quest for a firewall for the SMB space, Checkpoint's is so close to being the best...but ultimately falls short so it's not our primary selection.  As far as GUI, none are better.  It beats Fortinet, Cisco ASA, Calyptix, SonicWall, and Cyberoam (the one's I evaluated hands on).  The gui uses web 2.0 ui and is very fast and well laid out. 

For logging, earlier versions were okay...the current versions are great.  It's what you'd expect from Checkpoint.  A very clean, colored, self explanatory log.  Of all the firewalls I wanted to work with this was the best.  When trying to make a IPSec tunnel to a Cisco ASA (the one the Calyptix couldn't connect with...see previous post) the Checkpoint handled it effortlessly.

So why's it not the #1 choice for us.  A couple reasons, while the logging is's unfortunately missing some flexibility.  If you want to filter the view by all traffic to or from an IP or only a certain can't do that.  You get all the log entries and just have to scroll through.  ASA and SonicWall both do better on the filtering though not as good on the display.

Another minor issue is the content filtering can't kill your site if their service has an issue.  Web Content Filtering is when you block sites based on categories (i.e. porn, sports, gambling, etc.).  Checkpoint has the best UI for managing this I've seen in the SMB space.  Once (and only once), that service had an issue and it just bogged the firewall down.  Makes sense as it needs to check with the continuously updated service to see how the site is classified.  That continuous updating part is the real value but if those servers have an issue then so does your location.  I'm sure they have big time redundancy but we did have about 30 minutes during our testing one night where their was an issue and it will really affect your office.

Also, when connecting to another network via IPSec tunnel you're limited to 3 network ranges.  The firewall can handle more but the GUI limits you to 3.  Probably isn't a typical problem for SMB office but for us it came up a few times.  Our partners were small but they had contracts with some large companies.  Those companies had more than 3 networks on their side and to get the endpoints to talk those definitions needed to match.  Out of the box, the Safe@Office can't do it.  If you use their SMP Gateway solution and remotely administer the devices then you can define more then 3 networks.  But that upsets me even more that it's a pure GUI restriction.

The last reason was probably the main reason...SUPPORT.  CheckPoint's Safe@Office is a great product.  With a few updates they would have the best SMB firewall on the market.  But as a managed services provider, I need fast response for the issues I have that are affecting my customers.  I don't mind chatting with support in Israel.  That's what I do...bridge the gap of tech talk with remote Support departments.  Vendor management is part of the value we bring.  But I had several issues where level 1 couldn't resolve an issue so it go escalated and I went over a week without getting a response.  That level of responsiveness was even worse than SonicWall support (and that's bad).  I never did find a number for partners to call in and speak to a person after hours.  The best way to get support is via online chat but both phone and online chat will close for the night so don't have problems when their closed or you'll have to wait until the next day.

So Safe@Office is the firewall we want to use but just can't right now.   The GUI is slick.  Managing content filtering is as intuitive and easy to use as any we'ved tested.  The logging is by far the easiest to read.  But it still has a few quirks that hurt in certain environments and the lack of enterprise support hurts.  If CheckPoint would offer special 24x7 partner only Support were partner calls were always treated as a top priority then they could easily be #1 as an SMB firewall.   

VS 2008 .NET 3.5 Project Fails to Compile

I fired up VS 2008 and set up a basic Windows forms application.  Made some quick changes and hit build only to immediately get the following error:

The "Microsoft.Build.Tasks.Windows.GetWinFXPath" task could not be loaded from the assembly PresentationBuildTasks, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35. Could not load file or assembly 'PresentationBuildTasks, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified. Confirm that the <UsingTask> declaration is correct, and that the assembly and all its dependencies are available.

These error was followed by warnings to key references such as system and  In fact, all my references has a caution symbol beside them.  I checked control panel and of course .NET 3.5 was installed.  After some searching, the problem was suprisingly Vista.  It turns off .NET 3.0 was turned off as a "feature".  Here's the fix...

Go to Control Panel, Programs, and Turn Windows Features On or Off.  Notice that Microsoft .NET Framework 3.0 is probably unchecked.

Windows Features

Who knew?  Enable that feature and you should be good to go.

System Center Ops Mgr - Missing All Reports

After setting up System Center 2007 Operations Manager, I couldn't wait to see the reports I could generate.  The install was a bit cumbersome but for this one I followed the install guides as best I could and thought I had everything just right.  However, after the install there were no reports.  If I tried to run any I'd get an error that the report couldn't initialize and if I clicked on the Reports tab there just weren't any reports there.  So I upgraded to Ops Mgr Sp1...didn't help.  I re-installed the Ops Mgr Reporting...didn't help.  All I had to go on were two symptoms.

  1. The System Logs were full of SQLDumper errors. Informational entries with Event ID 1010 and 5001 as well as Errors with Event ID 5000 were flooding my System logs about every two minutes.  The 5000 Event ID had the following Descriptions:

    EventType sql90exception, P1 w3wp.exe, P2 6.0.3790.1830, P3 42435be1, P4, P5 2005.90.3042.0, P6 45cd6edb, P7 0, P8 00005283, P9 00000000, P10 NIL.

  2. The Operations Manager logs in the Event Logs had lots of Event ID 26319 with this description.

Event ID: 26319
Source: OpsMgr SDK Service
An exception was thrown while processing GetUserRolesForOperationAndUser for session id uuid:a5f97d19-d366-4924-adc8-87a85c56f3a9;id=27. Exception Message: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

 So it seemed to be something with the OpsMgr SDK account.  The username/password was correct and it was a local admin on the Ops Mgr server.  So what gives?  Finally searching for the 26319 Event ID I found this post at the OpsMgr, SCE, and MOM Blog. It didn't quite match because it discusses a problem with the installation and as far as I know my installation went fine.  But since it's close...I read on.  It mentions that one of the causes could be...

You install the Operations Manager 2007 Reporting feature in a Window Server 2003 domain environment, and the Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems option is enabled

My environment is an SBS 2003 environment and by default the domain functional level is Windows 2000.  I've thought of raising it but just haven't had a compelling reason.  Raising the domain level may fix the problem but I just followed the resolution in MS KB 938627 that Clive referenced... add the SDK service account to the Windows Authorization Access group. To do this, follow these steps:

  1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. In Active Directory Users and Computers, click Builtin, and then double-click Windows Authorization Access Group.
  3. Click the Members tab, and then add the SDK service account to the members list.

As soon as I add the SDK account to the Windows Authorization Access group the SQLDumper and the 26319 events stopped occurring.  Then I went to the Ops Mgr Console and clicked the Reporting tab and viola...I had a couple reports under the Reporting folder.  My CPU stayed pegged for quite a while so be patient but the reports will start showing up.  If you're impatient like me and want to see some sign of progress, right click on the Reporting folder and hit Refresh to see what's populated.

I hope this helps someone else because it stumped me for over a week.

Blackjack II - Any MP3 as Ringtone

Would you like to your favorite song to be your ringtone for your Blackjack II?  Here's the steps to get this going.

  1. Install a Registry Editor on the phone.  The PHM Registry Editor will get the job for free. It was released in 2002 but registries haven't change in years, so we'll This registry editor gets installed on the phone.  If you have bad eyes and would prefer to make the changes on your computer, try Mobile Registry Editor or CERegEdit .  These allow you to make the phone registry changes on your computer which is nice but requires you to connect the phone to make changes.  I like PHM Registry Editor on my phone in case I need to make quick changes with just my phone.  To install PHM Registry Editor...
    1. I had trouble (and found post of others with the same problem) getting it to install with the ActiveSync installer.  Instead download the Smartphone 2002, 2003 (ARM/PXA) cab file to your computer.
    2. Copy that file to your phone. 
    3. On your phone, double click on the to install it. 
    4. On your phone, click Start and then scroll down and double click PHM Registry Editor.
  2. Open PHM Registry Editor and click HKEY_Current_Users, then click Control Panel then scrolldown and highlight Sounds.
  3. Click Sounds and then select Values.
  4. Highlight FileSizeLimit and then click Menu and Delete. (Note: You can also just increase the value.  I couldn't enter the number direct but had to scroll up.  That was too slow for me so I just deleted the key.  If you'd like, you can add the Key back as a new DWord value and during the creation you can enter the value you want.) 
  5. Confirm the Delete.

So far, it seems like you need to get your MP3 over to your Main Memory and not your SD card to make it a ringtone.  Once you get the MP3 over to your phone, you can go to Settings, Sounds, RingTone and select the MP3 as your Ringtone.  If you don't see your MP3 and it's on your phone, wait 5 minutes and look again and it'll probably be there. :)

If you have Outlook contact you can now open the Contact and select the individual ringtone.  This won't work for SIM contacts.

Use this at your own risk!  This post comes with no warranty and is simply my account of what worked for me.  This is making changes to your registry and could potential mess up your phone.

SanDisk Sansa Album Art

Kids got a couple of SanDisk Sana e250 MP3's this Christmas.  Some things I like about it compared to the IPod Nano (cheaper, FM Radio) and some thing I don't (wheel isn't nearly as smooth, menu button is awkward and requires to hard of a push to activate).  It certainly wasn't plug-n-play on our Vista desktops.  The first key is to go into the settings and first change the USB mode to MSC so Vista can install the drivers.  You can later change it to MTP but if you start with MTP mode I kept getting a failure on setup.  Then I ran the SanDisk firmware updater (In MSC mode of course) to get the latest firmware.  For some reason, the highest I can get is 1.02.18a through the Firmware Updater even though the web site shows 1.02.20 being out. 

Album art isn't displaying for me for songs transferred from Windows Media Player 11.  I've read WMP 10 works fine but I'm Vista so that's not an option.  I've also read a firmware upgrade fixes the problem but it didn't fix it for me.  After transferring songs, I see .alb files in the Albums folder for my new albums but nothing shows up.  SanDisk user guide says you "may" need to put the album art in the same folder as the song.  (Can you believe they said "may need" in their user guide!)  So the fix seems to be to copy the .jpg to the same folder as the music and give it the name "Album Art.jpg".  However, if you just try to copy a .jpg file to the Sansa it'll say that type of file isn't supported.  Again, I've read post that the latest firmware fixes this too but it didn't for me.  So here's my steps to get Album Art on the Sansa e250.

  1. First find your album art.  You can use any image including one of your own.  For original album art, browse to or I guess you can just use assuming there's no licensing restrictions. 
  2. Right click on the image and "save picture as" to save it to your computer as "Album Art.mp3"
  3. In Windows Explorer, copy Album Art.mp3 to your Sansa placing it in the folder Music/<yourAlbum>.
  4. In Windows Explorer, right click on "Album Art.mp3" on your Sansa and rename it to "Album Art.jpg".

Depending on your firmware, you may not have to do the save as .mp3 and then rename to .jpg but I did.  Now when you play a song, you should see the album art.  Click the select button (center of your wheel) to see it full screen.


AT&T Tilt Setup

I have my Tilt and so far have been pleased but it takes a little to really get it setup to take advantage of the productivity add-ons that make you want the Tilt.  Here's my process to set it up.

  1. Remove the AT&T "bloatware".  First perform a hard reset right off the bat by going to Start, Settings, System, and then select Clear Storage.  Enter the 1234 combination.  You can also do it with some key press combination but I found several posts where users had issues with this.  After the restart, it'll prompt that it's going to start configuring the AT&T apps after 3 seconds.  Before the 3 seconds is up, insert your stylus in the hole on the bottom of the Tilt to the soft reset.  Now you have a plain Jane Tilt with no demo/bloat ware.
  2. Go to and download and  Copy these files over to your Tilt and double click to install.  This will get your WiFi connection working without going through AT&T's MediaNet.  The other way is to just go in an disable proxy manually each time.
  3. Remove the AT&T Task Manager.  This may not be necessary but I read several posts that this delayed emails arriving and calendar event notifications.  It was easy and I didn't need it so I just removed it.  Go to Start, Settings, Today and then click Items tab.  Uncheck HTCHomeeplug.  Again, may not be neccessary, but I did it any way.
  4. Install Google Maps.  On your Tilt, connect to the Internet via WiFi or Data connection and browse to    You should see an option to install Google Maps.  Download and install that app.  After the install, you'll find Google maps in Start, Programs.  It's the Compass looking icon.  Click Menu and Use GPS to get your location.  Tip:  If you haven't yet, use QuickGPS and Download to speed up the locating process.
  5. Install Microsoft Live Search: From your phone browse to and install it.  Similar to Google maps...some say it works better.
  6. If you aren't using th Push-To-Talk feature, then follow this post to give you the ability to map the PTT to something else (like Voice Dial).
  7. Increase Performance for WiFi:  My wifi connection was extremely weak or non-existant on my Tilt.  My laptop would be at 99% signal strength and my Tilt would show "unavailable" or barely have any signal to my WAP.  The problem was not enough power for the WiFi on the Tilt.  Go to Start, Settings, Connections, Wireless LAN and select the Power Mode tab.  You can try the middle setting which did connect for me but was still somewhat week.  Selecting Best Peformance gave me a full signal matching my laptop card.  I'm sure this drains the battery but I don't leave WiFi on unless I'm using it.