In some cases, you may see PDQ Deploy and / or PDQ Inventory report the error The account name is invalid or does not exist or The password is invalid for the account name specified.
This is a native Windows service error that PDQ is relaying. This occurs when you use a domain account to run a Windows service and Windows is unable to validate the account with a Domain Controller. PDQ Deploy and Inventory work by creating a temporary Runner Service on the target computer during the Scan / Deployment process. If the PDQ Deploy User or the PDQ Inventory Scan User fail to authenticate with a Domain Controller, the service will not be created.
Verify the Target Can Communicate with a Domain Controller
The PowerShell command below can be ran on the target computer, to determine if it can communicate with a Domain Controller.
Test-ComputerSecureChannel -Verbose
If the result is False, the target computer is unable to authenticate against a Domain Controller.
The following are the most common causes for this error:
- The target computer lost the trust relationship with the Domain.
- The netlogon service is not running on the target computer.
- Networking rules or policies preventing communication between the computer and DC.
Other Possible Causes
- The account name could be over 20 characters long. In order to maintain pre-Windows 2000 compatibility, usernames over 20 characters long will need to be shortened to 20 characters when adding them to PDQ Deploy/Inventory. For example, if the AD username is "DOMAIN\UsernameOverTwentyCharacters," it should be entered as "UsernameOverTwentyCh" under Options > Credentials.
- If you're using an Azure AD account it will fail since the account can't be validated against a Domain Controller. Microsoft doesn't support running Windows services as Azure AD accounts. You will have to use either a local or an on-prem AD account.