Inherited a PDQ Environment, Lots of Connection Errors
I've inherited a PDQ server (Deploy and Inventory) and I've been trying to absorb as much information on this software as I can. I want it to be our go-to for installing forward, but there is a lot I need to learn first.
To clarify our situation, we about 700 employees some of which are working from home and connecting via SonicWall NetExtender to our MPLS connected network in order to access files (stored offi-site). We're spread across 40 locations but everyone is connected via MPLS.
PDQ has been setup for a while but left dormant for months. Looking at this for the first time, we have 825 recognized computers. I created a Dynamic Collection to show only computers that are not using VPN (based on IP). This works fine and in the resulting list of 693 non-remote workstations, a bunch of them have different errors. The description for them hasn't help me figure out what is wrong. Here are a few:
"The specified network name is no longer available" x1
"The network path was not found" x13
"Target requires reboot to complete .Net installation" x1
"Service manager logon failure" x1
"ReturnCode cannot be null" x1
"NTLM: Target computer name mismatch" x2
"Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again." x4
"Kerberos: The target account name is incorrect" x68
"Failed to write file on target" x29
"Failed to connect to the service manager" x1
"Could not Wake on LAN" x3
Where do I begin?
Comments
If you click on the blue question mark next to each error, it should open a window that contains a link to a KB.
Some of those errors are DNS related. Others look like permission issues.
https://help.pdq.com/hc/en-us/articles/220533627-Windows-Firewall-Ports-and-Exceptions
https://www.youtube.com/watch?v=pZwS5OkgXmI
Thank you Colby, I watched the video and learned a lot. I've enabled three settings that I did not have enabled:
This was set to "Dynamically update DNS records only if requested by the DHCP clients
Based on this, I may not see results for a week or two.
I'm reading through the Firewall article you've posted as well.
I believe the Windows Firewall Ports and Exceptions document needs to be updated. It refers to the location of these settings as:
"Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile"
Though it appears to have changed to:
"Computer Configuration > Windows Settings > Security Settings > Windows Firewall with Advanced Security"
See:
https://social.technet.microsoft.com/Forums/en-US/1ff751e0-4902-4414-895b-cd8255afa110/windows-defender-firewall-settings?forum=winserverGP
Edit: The entire section under "Ports and Group Policy" is inapplicable with the changed location in GPO.
Is there an updated set of instructions given Microsoft's change to how firewall settings are applied via GPO?
It looks like the old way should still work. I'll submit an internal ticket to get that KB updated.
I see now, it's not "Windows Firewall" anymore as indicated in the KB, it's "Windows Defender Firewall"
It appears Microsoft added "Defender" to everything.
Sorry for the multiple posts.
Now that I know where to find this, the KB says to enable "Allow inbound file and printer sharing exception". It references the "Allow unsoliciated incoming messages from these addresses" field, but does not say what should go in there, only the format to enter it.
What is this IP range supposed to represent? All devices I want accessible via PDQ?
We have different subnets for each of our (MPLS connected) locations.
These are settings for the target machines, so you should put in the IP address of the machine running PDQ.
A lot of projects going on right now...
I verified the IP for PDQ was in the "Allow inbound file and printer sharing exception". So it's gotta be something else.
At this stage, with so many computers reporting incorrectly or not reporting at all. Should I remove all computers from PDQ inventory and then initiate sync?