Credential Issues

0

Occasionally (every 2-3 days), PDQ Deploy will fail deployments because of issues such as "failed to connect to target share". To try and fix this, I restart the background service. However, when I start it back up, I always get a credential error, even though my Windows credentials have not changed. If I go into the edit dialog, hit OK without making any changes, and try again, it works fine.

Cancel
login to comment
0

I've switched over to using credentials which does have the log on as service right set in a GPO, so I'll let you know if I have this issue again.

Cancel
login to comment

0

There are some slight differences in how Inventory and Deploy authenticate which may account for the difference. There may also be another issue that's causing Deploy to stop authenticating and you only run into this issue when you restart the service.  Once you've got the privilege revocation problem fixed you'll find out if Deploy stops working again and a simple restart fixes it.

Cancel
login to comment

0

After talking with one of the sysadmins, we believe that there is a GPO somewhere that revokes that right. The even more unusual part is, this occasionally occurs overnight, and I don't catch it until the next morning, but it still doesn't affect PDQ Inventory, so I don't think it's just good timing on my part.

Cancel
login to comment

0

Ryan,

Aha, that makes sense.  When you reapply the credentials within PDQ Deploy we assign that privilege if it's not set. It sounds like you may have a GPO that's revoking it.  What's odd is that it hasn't affected Inventory, but that may just be a timing issue where you notice the problem in Deploy before it has a chance to break Inventory.

Cancel
login to comment

0

The system event log has an entry, saying that the service could not start because the specified account does not have "log on as service" rights. However, the account does have these rights. I'll get with the sysadmins here to make sure that the right is not being revoked, but right now it's getting more and more confusing.

Cancel
login to comment

0

You should have something in your system event log about it.  It could be that the password within the service is being reset or corrupted, or a privilege is being removed.  Since this doesn't affect PDQ Inventory then it's probably not a privilege thing, but it could be due to timing.

Cancel
login to comment

0

It is within PDQ Deploy. I lost the exact error message, because I fixed my credentials, but it was something along the lines of "logon failure".

Cancel
login to comment

0

Ryan,

Thank you, that answers that question. When you restart the service and you get a credentials error, what does it say and where do you see it?  Is this withing PDQ Deploy or do you see it within Windows somewhere?  

 

Cancel
login to comment

0

It just happened again. I checked the service before editing my credentials in PDQ Deploy, but it still has the proper username and domain.

Cancel
login to comment

0

Will do!

Cancel
login to comment

0

Next time you see the problem, check the PDQ Deploy service in the Windows control panel and let me know if it's been changed, probably to Local System.  

Cancel
login to comment

0

Yes, they do.

Cancel
login to comment

0

That is odd.  Do both services use the same account?

Cancel
login to comment

0

I also use PDQ Inventory, though, and I never have any credential problems with it.

Cancel
login to comment

0

Ryan,

It sounds like something may be resetting the credentials on the service, possibly a GPO?  By hitting OK PDQ Deploy reapplies the credentials (the credentials it shows are those which it will apply, not necessarily those that are currently set on the service).  You can verify this by checking the Log On information in the Windows services control panel next time you see the problem.

Cancel
login to comment

Reply