Exchange error: [0x80004005-0x80004005-0x000501]

When users were sending emails to a contact group, it would bounce immediately with the following error message:

From: System Administrator
Sent: Monday, August 14, 2017 3:14 PM
Subject: Undeliverable: Email subject

Your message did not reach some or all of the intended recipients.

Subject: Email subject
Sent: 8/14/2017 3:14 PM

The following recipient(s) cannot be reached:

'Recipient 1' on 8/14/2017 3:14 PM
This message could not be sent. Try sending the message again later, or contact your network administrator. The client operation failed. Error is [0x80004005-0x80004005-0x000501].

'Recipient 2' on 8/14/2017 3:14 PM
This message could not be sent. Try sending the message again later, or contact your network administrator. The client operation failed. Error is [0x80004005-0x80004005-0x000501].

The issue was the related to throttling settings, and the distribution list was over the 24-hour limit.

To fix the issue, you can create and apply a new throttling policy to the affected mailboxes:

New-ThrottlingPolicy -Name policyname -RecipientRateLimit Unlimited
Set-Mailbox -Identity username -ThrottlingPolicy policyname

Replace ‘username’, ‘policyname’, and ‘Unlimited’ with the desired names and values.

Set permissions on a service using the ‘subinacl’ command

I needed to grant permissions to a non-administrative domain user to be able to start and stop services. The subinacl command can be used to grant these permissions:

subinacl /service \\ComputerName\ServiceName /grant=[Domain\]Username[=Access]

Here are the available ‘Access’ parameters:

F : Full Control
R : Generic Read
W : Generic Write
X : Generic eXecute
L : Read controL
Q : Query Service Configuration
S : Query Service Status
E : Enumerate Dependent Services
C : Service Change Configuration
T : Start Service
O : Stop Service
P : Pause/Continue Service
I : Interrogate Service
U : Service User-Defined Control Comma

Linux guest E1000 nic generates abnormally high volumes of traffic in a NAT and traffic-shaped environment

ESXi 4.1.0 build 502767
Linux guest VM
The guest VM NATs about 30% of the traffic going through it.
The guest VM uses the E1000 nics
Traffic downstream (on the “inside” interface) is traffic-shaped (by another device)

In this situation, the linux guest will report abnormally high downstream NIC utilization (considerably more than the inputs on the other interfaces), when the traffic is shaped.
I suspect this issue is E1000-specific (i.e. not VMware per-se), but I’m reporting it here because this is where I experienced it.

This particular guest NIC was mapped to a single VMware ESX host NIC, with no other guest VMs attached to this same NIC.
When I looked at traffic stats on the switch port that this host nic plugged into, it did not report the abnormally high utilization patterns observed inside of the guest (the switch reported 100-200Mbps less traffic).
The VMware vSphere client reported the same traffic levels as the physical switch port. (In other words, this looks to be a VM guest driver issue.)

When this problem was happening, the tx traffic levels reported by the E1000 NIC were about 30% higher than would be expected from the volume of traffic coming in from the outside NICs (the tx traffic level of this NIC should have been very close to the sum of the rx traffic levels received by the other NICs).

Rebooting the linux guest did not resolve the problem.
Changing the linux guest NICs (all four of them) from E1000 to VMXNET3 actually did resolve the problem.

I do not know if there is a correlation between the two 30% numbers, but based on observations of similar behavior in one other (non-VMware) setting/situation, I suspect it’s just a conincidence.

As observed by my co-worker here

Remove a printer installed by Profile Manager or MCX from the command line (or remote ARD command)

When Profile Manager installs a printer, the CUPS queue name doesn’t match what the user sees. You can get a list of those queues by typing lpstat -s. To remove the printer by the name you define in Profile Manager with a script, you’ll need to find out the CUPS name.

Here’s a one-liner to remove a printer that was automatically installed with Profile Manager:

export ptr="PRINTERNAME";lpstat -s | awk "\$4 ~ /$ptr/ {print \$3}" | tr -d : | xargs lpadmin -x

Just replace PRINTERNAME with the correct queue name.

Remove a printer or update a printer in Mac OS X Server Profile Manager

If you modify a printer in Mac OS X Server’s Profile Manager, the changes don’t always get updated in my experience. To get the updates, you need to remove the row in the database that references the old printer.

In Terminal, load psql and select the correct database:

sudo psql -U _devicemgr -d devicemgr_v2m0 -h /Library/Server/ProfileManager/Config/var/PostgreSQL

Find printers with the ‘select’ SQL command:

SELECT * FROM printers;

This will select all printers. You can also use SQL’s ‘WHERE’ clause to filter the results down even more.

To remove the offending entry, use the DELETE command:

DELETE FROM printers where id=[the 'id' column obtained from the previous list]

As soon as I did this, the new printer populated in Profile Manager.

Filtering drivers by computer model in MDT or SCCM

If you want to filter by computer model, first you’ll need to get the computer model name by running the ‘wmic‘ command in a DOS prompt, and then typing: ‘CSProduct Get Name‘. That should return something similar to this:

wmic:root\cli>CSProduct Get Name
HP EliteDesk 800 G1 USDT

Then, you’ll want to add a conditional Inject Drivers command, with the condition being a WMI query for:

SELECT * FROM Win32_ComputerSystem WHERE Model LIKE "%EliteDesk 800 G1%"

Replace the “EliteDesk 800 G1” string with whatever model you want to match. The percents on each side are a typical SQL wildcard, which is why I don’t have to include ‘HP’ or ‘USDT’.

Windows Deployment Failure

When deploying a Windows 7 64-bit image from our deployment server (using Microsoft Deployment Toolkit, or MDT), we would run into an error message after the image had been applied to a workstation:

Windows could not parse or process the unattend answer file [C:\windows\Panther\unattend.xml] for pass [specialize]. A component or setting specified in the answer file does not exist

It turned out that Internet Explorer 10 had been installed. To fix the issue, you need to remove the IEWelcomeMsg entry from the answer file (either by editing unattend.xml manually on the server for the task sequence, or using Windows System Image Manager (WSIM).

This post clued me into the issue.

Signing iOS mobileconfig files with your certificate

If you’ve ever used Apple’s iPhone Configuration Utility, you’ve probably noticed that it says ‘Unsigned’ when you send the .mobileconfig file to your device. To sign the profile, export or email the config file to yourself, have your certificate files handy, and type the following:

openssl smime \
-sign \
-signer your-cert.pem \
-inkey your-priv-key.pem \
-certfile TheCertChain.pem \
-nodetach \
-outform der \
-in ConfigProfile.mobileconfig \
-out ConfigProfile_signed.mobileconfig

The files you’ll need are:

your-cert.pem – this is the certificate you’ve been issued
your-priv-key.pem – this is your private key
TheCertChain.pem – this is the certificate chain (optional, in some cases)
ConfigProfile.mobileconfig – This is the unsigned copy of your configuration profile

The original instructions are located here.