Problem
When attempting to deploy files an "Error connecting to remote share: \\Domain\netlogon" message is shown.
The profileunity.host.exe.log shows:
ERROR - WebMessage Error: Error connecting to remote share: \\Domain\netlogon
ERROR - Win32 Exception Code: 1312
Possible Cause
The network access policy called "Do not allow storage of credentials or .NET Passports for network authentication" is enabled via Group Policy in Active Directory.
Resolution pre 6.8.4 Console
Disable the network access policy called "Do not allow storage of credentials or .NET Passports for network authentication". This can be found in the Group Policy Editor at the following path:
"Computer Configuration" > "Windows Settings" > "Security Settings" > "Local Policies" > "Security Options". Then in the "Policy" pane, right click the policy and disable it.
To test this solution, you can temporarily change the following registry value on the ProfileUnity Management host and attempt to deploy the files again:
Change
Location: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\
Name: DisableDomainCreds
Value: 1 (DWORD)
to:
Location: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\
Name: DisableDomainCreds
Value: 0 (DWORD)
If on Console version 6.8.4
Update the console to 6.8.4_HF1_CumulativeUpdate. This can be located at:
https://www.liquidware.com/support/articles/360033876051-ProfileUnity-Hot-fix-List
Following the ReadMe.txt do the following
HOW TO INSTALL: 1. Take note of the files in the ZIP and place copies of the originals from "C:\Program Files (x86)\Liquidware Labs\ProfileUnity" to somewhere OUTSIDE of the main ProfileUnity folder *File list: gpo-write.exe, ProfileUnity.Host.exe, ProfileUnity.Host.exe.config, ProfileUnity.Legacy.dll, ProfileUnity.Public.dll, ProfileUnity.Report.dll, ProfileUnity.Setting.dll, ProfileUnity.Web.dll, ProfileUnity.WindowsManagement.dll 2. Stop the Liquidware Labs ProfileUnity Service 3. Extract the contents of the ZIP into "C:\Program Files (x86)\Liquidware Labs\ProfileUnity" 4. Start the Liquidware Labs ProfileUnity Service ---------------------------------------- OPTIONAL INSTRUCTIONS for allowing users denied logon rights to login and to configure the service account functionality contained in the 3-30 update: 1. Create a new service account within AD and add that account into the ProU console server's local Administrators group *This new domain service account will need access to all relevant areas: Create and link GPO, Enum domain security groups, Create/modify INI/XML files on network share(s) 2. Stop the Liquidware Labs ProfileUnity Service 3. Edit the Liquidware Labs ProfileUnity Service and set the Log On tab to the new service account 4. Edit "C:\Program Files (x86)\Liquidware Labs\ProfileUnity\ProfileUnity.Host.exe.config" and change "DisableImpersonation" to "true" 5. Start the Liquidware Labs ProfileUnity Service
Product: ProfileUnity-FlexApp
Product Version: up to 6.8.4 with Hotfix