Windows 7 wim and sysprep failing with error hr = 0x8007139f

Don't you love Microsoft's error codes? Most of the time they are so cryptic that you just want to delete whole day's work and abandon the idea of implementing imagex and wim imaging.
Spent a few hours creating Windows 7 Pro wim image with all the apps and settings, sysprep-ed after each major installation and all was well. Until Kaspersky Antivirus v6 MP4 came along. Once Kaspersky was installed I sysprep-ed for the last time, or so i thought, restarted to test it before capturing and uploading the wim image to the WDS server (W2k3R2) and system started complaining that it can not load something and needs to restart on n's time. Lucky me.
So I just used PXE to boot to WDS and install previous wim image on the 2nd partition and from there start digging for the d:\windows\Panther for errors and setup logs. Setuperr.log in the d:\windows\panther\unattendGC\ folder presented "self-explanatory" error:

2010-04-26 19:07:12, Error [windeploy.exe] Failure occured during online installation. Online installation cannot complete at this time.; hr = 0x8007139f
2010-04-26 19:36:29, Error [windeploy.exe] Failure occured during online installation. Online installation cannot complete at this time.; hr = 0x8007139f
2010-04-26 20:03:38, Error [windeploy.exe] Failure occured during online installation. Online installation cannot complete at this time.; hr = 0x8007139f

After some google-ing or bing-ing :) ended up at the following website http://www.myitforum.com/absolutenm/templates/Articles.aspx?articleid=14478&zoneid=98
and as i suspected Kaspersky Antivirus v6 MP4 was the culprit. Changed the reg key, unloaded the hive, restarted and Windows 7 finished installing all the devices and drivers.

1. Mount the wim image of the master (imagex /mountrw path_of_the_wim 1 C:\WIM)
2. Open the System hive:
1. Run regedit.exe
2. Go to HKEY_LOCAL_MACHINE
3. File ==> Load Hive
4. Open the hive at: C:\WIM\WIndows\System32\Config\SYSTEM
5. Define a name for the hive like master_system_hive
3. Change the key in the hive: ControlSet001=>Services=>Klif and give the value 2 to “Start”
4. Unload the hive doing File==> Unload Hive
5. Save modifications (with imagex /unmount /commit C:\WIM)

[Solution]: NetSupport School 10 crashes Vista

I am posting here the problem and solution in case if anybody else has the same issue.

Symptoms:

Our institution utilizes Netsupport School 10 to control students workstation and stream presentations during the class. I was creating a new image with Vista Business (we are moving to it from Windows XP) yesterday and noticed that every time when i try to connect to a client also ver.10 Vista would crash with a blue screen or it was re-drawing screen very slow and then crashing. The crash usually took about 1-2 seconds and it was restarting the workstation right away by itself.

Resolution

After some googling I found out that video drivers had to be reset before you will be able to connect to the NSS client with out causing Vista to crash.

1) Install Netsupport Manager's “Client” option; make sure that "Reset Video Drivers" option is also selected. Once it's installed run the "Reset video driver" and allow it to reconfigure the video drivers.
Restart the workstation when it asks you to do so.
Uninstall the Netsupport Manager.

2) Now you can install the Netsupport School's “Student option”. Try connecting to the client end from Tutor's workstation again; you should not have any problems with screen re-drawing or Vista crashing now.

Once the drivers were I sysprep-ed the image and restore it successfully later on on a similar hardware. No more problems with NSS 10 client crashing Vista.

Vista KMS client problems.

Was getting the following error on one of the locations.

0x8007232B
DNS name does not exist.

The DNS setting was setup correctly as was the IP and Gateway. I did not have a DHCP setup at the location. The problem was in the workstation's DNS suffix. Workstation located the KMS host and activated by itself once i have added the correct "Primary DNS suffix" in the computer properties.

If you have a DHCP on the site then you don't have to walk up to each workstation to change the DNS suffix in order to activate it. Just make sure that option 15 [DNS suffix list] is added to the DHCP options and DNS servers listed correctly. Clear the DHCP table, run the following on the client;

ipconfig /release
ipconfig /renew

and the workstation will activate by itself.

If you are using the KMS host on a different site with different domain then add the KMS location to the client manually as following:

cscript c:\windows\system32\slmgr.vbs -skms Kms_FQDN

Make sure that you runing the above command in command prompt with elevated privileges.

DHCP MAC based filtering.

Allow Machines only belonging to set of MAC addresses to get ip address from DHCP Server. It works only with x32 bit servers.

http://blogs.technet.com/teamdhcp/archive/2007/10/03/dhcp-server-callout-dll-for-mac-address-based-filtering.aspx

Windows XP firewall exceptions with domain group policy.

The following applies to WIndows XP Pro with SP1/2.

Long read on MS website itself.

InShort read.

What and where:

To add firewall exceptions to the workstations running windows XP with domain Group Policy have to enable the following GP:

Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain profile\Define program exceptions

The above setting allows only exceptions listed in the group policy's allowed list.

If you want the domain workstations to keep the local windows firewall exceptions also, besides the ones that being applied from domain, then enable the following setting:

Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain profile\Allow local program exceptions.

It will apply both, the the domain exceptions list and the local defined ones.
Keep in mind that with "Allow local program exceptions" local/domain admins can add/change new local exceptions. But they will not be able to do anything with domain defined firewall exceptions lists. It will be grayed out for them.

How to:
The following is the syntax for the windows firewall exceptions in the ""Define programs exception" policy setting:

Full Path to the program:IP address from to where: Enabled/Disabled: Comment
C:\Program Files\CA\eTrustITM\Realmon.exe:192.168.0.0/16:enabled: ITM 8.1 monitoring
C:\Program Files\CA\eTrustITM\InoRpc.exe:192.168.0.0/16:enabled: ITM 8.1 remote scan
C:\Program Files\CA\eTrustITM\Shellscn.exe:192.168.0.0/16:enabled: ITM 8.1 remote scan