Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

pdq_deploy_invoke_command.ps1 not running in MDT task sequence

Hello,

My apps aren't being pushed by PDQ to a newly imaged laptop. This is the message I get:

If I go to our PDQ Deployment Server and push apps to the newly imaged laptop, it works just fine, so I feel it's something in the script.

This is what my script looks like, I took out my deployment server for security reasons.

netsh advfirewall set allprofiles state off
ipconfig /registerdns

psexec.exe \\(my pdq deployment server) -h -accepteula ipconfig /flushdns
psexec.exe \\(my pdq deployment server) -h -accepteula pdqdeploy.exe Deploy -Package
"New PC Deployment" -Targets $env:COMPUTERNAME

start-sleep 30
while(test-path "C:\Windows\AdminArsenal\PDQDeployRunner\service-1.lock"){
start-sleep 30
}

Any suggestions?

0

Comments

8 comments
Date Votes
  • It looks like the MDT blog that you copied that from got reverted to an old version that has a missing newline. Here's a fixed version of the script from the last time that blog had issues: https://help.pdq.com/hc/en-us/community/posts/360074794792/comments/360013500991

    0
  • Thank you Colby,

    Sorry for taking so long to get back. In the link you provided, the code for the PSExec script matches what I already had in my script (I don't see a new line.) 

    Just for grins, I did try the Invoke-command script instead, updated my MDT deployment share - this time, the task sequence wizard reported 0 errors - however, PDQ still didn't push any of the apps. 

    Again, I can push the apps manually just fine via "Deploy Once" on my PDQ server to a newly imaged laptop - I would just like this process to be automated so that I don't have to deploy manually each time.

    Any suggestions?

    Thanks!

    0
  • Do the scripts work outside of MDT? I believe they should return some output like "Deployment started".

    0
  • I copy/pasted the script to the imaged laptop and got this, (again, changed my pdq server name for security purposes):

    The registration of the DNS resource records for all adapters of this computer has been initiated.

    [my_pdq_server] Connecting to remote server my_pdq_server failed with the following error message:WinRM cannot process the request. The following error with errorcode 0x8009030e occurred while using Kerberos authentication: A specified logon session does not exist.

    0
  • My guess is that you might be running into the double hop problem. I recommend going back to the PSExec script. Use an editor like ISE to verify that the second psexec.exe line is only 1 line. There should be no lines that start with double quotes.

    0
  • Colby, 

    Thank you for your continued support. Sorry again for the late reply - snow in Texas. :)

    I did notice that the line "New PC Deployment" -Targets $env:COMPUTERNAME WAS on a separate line, so I appended it to the line above it in ISE, so that it appears below:

    psexec.exe \\(my pdq deployment server) -h -accepteula pdqdeploy.exe Deploy -Package "New PC Deployment" -Targets $env:COMPUTERNAME

    I then updated my deployment share, then tried imaging again. This time, I get this error from MDT:

    The handle is invalid.

    At \\(my WDS server)\\DeploymentShare$\Scripts\pdq_deploy_invoke_command.ps1;4 char:1

    + psexec.exe \\(my pdq server) -h accepteula ipconfig /flushdns

    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NotSpecified: (The handle is invalid.:String) [], RemoteException

    Connecting to (my pdq server)....

    Couldn't access (my pdq server)

    So, it's timing out trying to access the PDQ server. What's strange though is that I can ping the hostname of my PDQ server just fine on the laptop after it is imaged. 

    0
  • I figured it out. 

    In MDT, I had to create a command line task sequence (not powershell):

    powershell -executionpolicy bypass "& ""\\mdtserver\deploymentshare$\Scripts\Invokepdq.ps1"""

    Then set "Run As" my domain admin user account in the task sequence for the command line.

    Then I set the invokepdq script to the following:

    start-sleep 10 Invoke-Command -ComputerName pdqdeployserver.yourdomain.tld -ScriptBlock {ipconfig /flushdns; pdqdeploy.exe Deploy -Package "Package Name" -Targets $args[0]} -ArgumentList "$env:COMPUTERNAME" start-sleep 30 while(test-path "C:\Windows\AdminArsenal\PDQDeployRunner\service-1.lock"){ start-sleep 30 }

     

    0
  • err, here is the ps1 script with the code block.

    start-sleep 10
    
    Invoke-Command -ComputerName pdqdeployserver.yourdomain.tld -ScriptBlock {ipconfig /flushdns;  pdqdeploy.exe Deploy -Package "Package Name" -Targets $args[0]} -ArgumentList "$env:COMPUTERNAME"
    
    start-sleep 30
    while(test-path "C:\Windows\AdminArsenal\PDQDeployRunner\service-1.lock"){
    start-sleep 30
    }

     

    0