Scan account locking up on some computers during PDQ deploy

Comments

3 comments

  • Colby Bouma

    Is the account getting locked out in AD, or just the affected machines?

    As far as logs, there are a few in "C:\Windows\AdminArsenal" and the Event Log.

    1
    Comment actions Permalink
  • Jørn Rønne Gaarde

    It's getting locked in the AD, which is a problem since then nothing works anymore.

    I found out that the account was getting locked out at the exact time the PDQ packet attempts to pull the software from the server via the UNC path.

    Turns out the problem is that we were accessing the server via a DNS CNAME alias, alas the server has a real servername but we access it via it's DNS alias called \\pdq.

    Apparently with Windows 10 this is no longer permitted, so we removed the DNS CNAME record and added the computer account via the NETDOM <name> /ADD command as per Microsofts instructions in https://support.microsoft.com/en-us/help/3181029/smb-file-server-share-access-is-unsuccessful-through-dns-cname-alias.

    After this no more lockups :)

    I still think it's odd that this causes PDQ to lock out the account - but now you know if you get a similar case :)

    1
    Comment actions Permalink
  • Jesse Knapp

    We have the exact same issue. Does PDQ know why this started locking out the scan account as of version 18?

    1
    Comment actions Permalink

Please sign in to leave a comment.