pdq_deploy_invoke_command.ps1 not running in MDT task sequence
Hello,
My apps aren't being pushed by PDQ to a newly imaged laptop. This is the message I get:
If I go to our PDQ Deployment Server and push apps to the newly imaged laptop, it works just fine, so I feel it's something in the script.
This is what my script looks like, I took out my deployment server for security reasons.
netsh advfirewall set allprofiles state off
ipconfig /registerdns
psexec.exe \\(my pdq deployment server) -h -accepteula ipconfig /flushdns
psexec.exe \\(my pdq deployment server) -h -accepteula pdqdeploy.exe Deploy -Package
"New PC Deployment" -Targets $env:COMPUTERNAME
start-sleep 30
while(test-path "C:\Windows\AdminArsenal\PDQDeployRunner\service-1.lock"){
start-sleep 30
}
Any suggestions?
Comments
It looks like the MDT blog that you copied that from got reverted to an old version that has a missing newline. Here's a fixed version of the script from the last time that blog had issues: https://help.pdq.com/hc/en-us/community/posts/360074794792/comments/360013500991
Thank you Colby,
Sorry for taking so long to get back. In the link you provided, the code for the PSExec script matches what I already had in my script (I don't see a new line.)
Just for grins, I did try the Invoke-command script instead, updated my MDT deployment share - this time, the task sequence wizard reported 0 errors - however, PDQ still didn't push any of the apps.
Again, I can push the apps manually just fine via "Deploy Once" on my PDQ server to a newly imaged laptop - I would just like this process to be automated so that I don't have to deploy manually each time.
Any suggestions?
Thanks!
Do the scripts work outside of MDT? I believe they should return some output like "Deployment started".
I copy/pasted the script to the imaged laptop and got this, (again, changed my pdq server name for security purposes):
The registration of the DNS resource records for all adapters of this computer has been initiated.
[my_pdq_server] Connecting to remote server my_pdq_server failed with the following error message:WinRM cannot process the request. The following error with errorcode 0x8009030e occurred while using Kerberos authentication: A specified logon session does not exist.
My guess is that you might be running into the double hop problem. I recommend going back to the PSExec script. Use an editor like ISE to verify that the second psexec.exe line is only 1 line. There should be no lines that start with double quotes.
Colby,
Thank you for your continued support. Sorry again for the late reply - snow in Texas. :)
I did notice that the line "New PC Deployment" -Targets $env:COMPUTERNAME WAS on a separate line, so I appended it to the line above it in ISE, so that it appears below:
psexec.exe \\(my pdq deployment server) -h -accepteula pdqdeploy.exe Deploy -Package "New PC Deployment" -Targets $env:COMPUTERNAME
I then updated my deployment share, then tried imaging again. This time, I get this error from MDT:
The handle is invalid.
At \\(my WDS server)\\DeploymentShare$\Scripts\pdq_deploy_invoke_command.ps1;4 char:1
+ psexec.exe \\(my pdq server) -h accepteula ipconfig /flushdns
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NotSpecified: (The handle is invalid.:String) [], RemoteException
Connecting to (my pdq server)....
Couldn't access (my pdq server)
So, it's timing out trying to access the PDQ server. What's strange though is that I can ping the hostname of my PDQ server just fine on the laptop after it is imaged.
I figured it out.
In MDT, I had to create a command line task sequence (not powershell):
powershell -executionpolicy bypass "& ""\\mdtserver\deploymentshare$\Scripts\Invokepdq.ps1"""
Then set "Run As" my domain admin user account in the task sequence for the command line.
Then I set the invokepdq script to the following:
start-sleep 10 Invoke-Command -ComputerName pdqdeployserver.yourdomain.tld -ScriptBlock {ipconfig /flushdns; pdqdeploy.exe Deploy -Package "Package Name" -Targets $args[0]} -ArgumentList "$env:COMPUTERNAME" start-sleep 30 while(test-path "C:\Windows\AdminArsenal\PDQDeployRunner\service-1.lock"){ start-sleep 30 }
err, here is the ps1 script with the code block.