PDQ package Deployments to newly domain joined Windows machines fail
We have a package that runs to new laptops right after they are named and joined to the domain, and since the beginning of this week it gets stuck on 'Initializing', then after a few minutes will go to 'Reconnecting' and then will continue to say Reconnecting until aborted.
We tested other packages, same issue. Any package that tries to deploy to any newly domain-joined machine will get stuck on "Initializing" then go to "Reconnecting" and stay stuck until aborted. I tested the same package on my own PC and other PC's that have been on the domain and they run fine, no issues.
I've restarted our PDQ Deploy server, restarted the background service, optimized the database, and still nothing.
I tried this:
https://help.pdq.com/hc/en-us/community/posts/211675287-PDQ-Deployment-stuck-on-Connecting-status
however, I wasn't able to clear the computer stuck in 'connecting' state using the SQLite console commands. I get the return "Error: no such column: Stage'
Thanks in advance for any help!
Comments
Depending on your group policies, could this be the Windows Firewall blocking the connections?
I have the same issue you are seeing, on newly imaged computers PDQ deploy is stuck on Initializing,
The day before this started everything was working fine, the difference between the two days is overnight Windows Updates installed.
I have found to get PDQ Deploy to get past Initializing I first scan the newly image PC using PDQ Inventory (My Inventory scan is from a different Windows 10 PC) as soon as Inventory get to Running, PDQ Deploy will start and finish successfully.
Since no one else is having issues at my work place I believe it is Windows 11 (I am the only one running window 11 right now) update from this past patch Tuesday, but have not had time to figure out anything more than the above. I figured I post my current findings since I came here for the same reason.
We experienced this issue today as well. These links were helpful in developing a workaround:
https://www.reddit.com/r/pdq/comments/s3uxv9/manually_made_deployments_getting_stuck_on/
https://www.reddit.com/r/sysadmin/comments/s1jcue/patch_tuesday_megathread_20220112/hsjgvyi/
It would appear that a Windows update has broken the ability for accounts to automatically grant the "Log on as a service" right to themselves. For existing workstations, the account likely persists but on new workstations it cannot be added and results in the perpetual 'Initializing' scan status. We added the account we use for PDQ manually and the scans and deploys now fly through.
Hope this is helpful for those who do not want to roll the patch back.
kiefer.easton1
Yep that was it. I found those exact threads too! :D
Windows patch KB5009557 was installed on our PDQ Server last Tuesday. I uninstalled it to test, and now the packages are deploying without issue. I believe Microsoft has released a patch to fix that patch, but I haven't dug too deep yet. Just needed to get PDQ back up and running today!
Thank you all!
this could suck when trying to target non domain machines - no gpo to fix it. im thinking DMZ servers.
https://help.pdq.com/hc/en-us/articles/220534287-Enable-Credentials-to-Log-on-as-a-Service-
This solved it for my org