Discussion Forums/PDQ Deploy/Deploy - Knowledge Base

Cannot start service PDQDeployPro on computer '.'.

Shane Corellian
posted this on November 30, 2011 12:07

When running PDQ Deploy Pro 1.4.4 you may see this problem, especially if the password has changed for the User account that is running the PDQ Deploy Pro service.
pdqd144-failedlogon.png
To update the password you must actually change the credentials from the current user to another. After you have change the Service Credentials you can then go edit the old credentials (that gave the error) and enter in the new password. At that point you can reassign the service account to the original account.
I demonstrate this work-a-round in this video. In PDQ Deploy 1.5 (or later) you can simply edit the existing credentials without having to use this workaround.
***It is strongly recommended that any account that is specified to run the PDQ Deploy Pro service has a password policy set to Never Expire. This is common for service accounts. ***
 

Comments

User photo
Ken Staude

Do you have an exact list of permissions / rights for a service account which are needed for PDQ Deploy to run? Basically a checklist to verify this type of account should have access to perform all functions needed for install/deployment?  (If not using Domain Admin)

December 12, 2011 09:22
User photo
Shane Corellian
Admin Arsenal

The credentials must have:

"Logon as a service" right

Credentials must also have membership (either direct or inherited) in the local Administrators group on any target computer.

The Security policy Log on a a service is required. If the specified user credentials do not have this Right then PDQ Deploy will attempt (using the same credentials) to add the credentials to this Policy. Some organizations enforce this Right via Group Policy (GPO) which can cause some headache if the credentials get removed via GPO. The best practice is to work with your security team and to use credentials that are allowed to have this right.

When I work with clients on the issue of credentials I recommend creating Service accounts in Active Directory. I usually call them svc_PDQDeploy or svc_PDQInventory. These accounts not only are granted Logon as a service but their passwords are set to never expire.

December 12, 2011 13:26
User photo
Ken Staude

Thanks Shane, just wanted to know the best way for PDQ to run.  Is there a time issue for replication across DC's or to the machines themselves or will the authentication take place back to AD upon trying to gain access?

December 12, 2011 14:46
User photo
J Devroede

Do the same priviledges apply for the PDQ Inventory service?

March 14, 2012 02:37
User photo
Adam Ruth
Admin Arsenal

Yes, the PDQ Inventory service works using the mechanism and will need the same rights.

March 14, 2012 02:46
Add a comment