none
Administrator Password Changed - WinPE Invalid Credentials. Access Denied

    Question

  • Hi All,

    We've been using MDT 2012 previously 2010 with no problems. However, after a recent Administrator account password change this account can no longer be used for deploying images.

    When using the WinPE environment (from F12) at a client if the Administrator credentials are used we get an Invalid Credentials. Access Denied error message and cannot continue any further.

    We do not specify any user credentials in the Bootstrap.ini file as we prefer to enter them at run time.

    Bizarrely, we get the same result with a newly created Domain Admins account and an existing Domain Admins account. However, 3 other Domain Admin accounts do work.

    From the CMD prompt we cannot connect to the DeploymentShare with NET USE for the accounts that don't work. Not surprisingly with the working Domain Admins accounts we can successfully connect with NET USE.

    We have updated the Deployment Share and Optimised the boot image(s) with no positive effect.

    We're stuck! Any help would be much appreciated.

    Thanks,

    Friday, September 27, 2013 11:12 AM

All replies

  • I put the blame on the server here.

    MDT will simply make a UNC network connection with the deployment share. So you are correct to try to debug the scenario by pressing F8 in WinPE, and running the network commands manually:

    Net use * \\server\deploymentShare$ /u:Server\User *

    If this does *not* work then dump out the acls on the MDT Server:

    C:\windows\system32>net share deploymentshare$
    Share name        DeploymentShare$
    Path              c:\DeploymentShare
    Remark
    Maximum users     No limit
    Users
    Caching           Manual caching of documents
    Permission        NT AUTHORITY\Authenticated Users, FULL
    
    The command completed successfully.
    

    And:

    C:\windows\system32>icacls c:\deploymentshare
    c:\deploymentshare NT AUTHORITY\Authenticated Users:(OI)(CI)(RX)
                       BUILTIN\Administrators:(I)(OI)(CI)(F)
                       NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
                       BUILTIN\Users:(I)(OI)(CI)(RX)
                       NT AUTHORITY\Authenticated Users:(I)(M)
                       NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
    

    -k


    Keith Garner - keithga.wordpress.com

    Saturday, September 28, 2013 12:07 AM
  • Hi Keith,

    Thanks for the reply.

    I have checked the Share and NTFS permissions as suggested and I did need to modify them slightly. However, the original problem remains.

    Interestingly I can successfully map a drive with NET USE from my own pc. I presume this proves that the permissions are ok as I'm using the same sharename and path etc. to make the connection.

    Also, as mentioned the other 3 working domain admin accounts don't have this problem.

    Regards,

    Monday, September 30, 2013 11:30 AM