Deployment errors

When deploying UserLock agents from the console, you may encounter specific error codes indicating connectivity or configuration issues.
This page lists the most frequent deployment errors, explains their causes, and describes how to fix them.

Before troubleshooting a specific error, always verify these basic requirements:

• ✅️ The target machine runs a supported operating system.

• ✅️ ICMP (ping) is allowed in both directions between the UserLock server and the target machine.

• ✅️ File and Printer Sharing (SMB TCP 445) is allowed in both directions.

• ✅️ The Remote Registry service is enabled and started on the protected machines.

For easier maintenance, we recommend enforcing these requirements with Group Policies rather than local configuration.

Unable to resolve the computer name [Machine name]

UserLock cannot find the machine associated with the Active Directory account, often due to DNS issues or the computer being offline.

1. Verify that the computer account exists and that the machine is online.

2. If the machine has been powered off for a while, turn it on and try again after a few minutes.

3. Check your DNS server configuration and look for warnings or errors in the Windows Event Log.

4. Redeploy the agent from the console.

Unable to ping the computer [Machine Name]

The server cannot reach the machine using the ICMP protocol.

1. Verify that the machine is online and still present in Active Directory.

2. Check that firewalls on both ends allow ICMP (ping).

3. In Windows Firewall, click Allow an app or feature through Windows Firewall, then enable File and Printer Sharing for the Domain network.

   • This automatically allows both ICMP and SMB protocols.

4. For improved security, configure this setting using Group Policy and restrict allowed IP addresses to your UserLock server.

See also: Configure firewall rules with Group Policy.

Failed to contact the computer [Machine Name] with the File and Printer Sharing protocol (SMB TCP 445)

The File and Printer Sharing protocol or related Windows services are not available on the target machine.

1. Verify File and Printer Sharing component

   • Open Network and Sharing Center → Change adapter settings.

   • Double-click your active network adapter → Properties.

   • Ensure File and Printer Sharing for Microsoft Networks is listed and checked.

   • If missing, click Install → Service → Add → File and Printer Sharing for Microsoft Networks, then enable it.

2. Check the Server service

   • Open Services.msc.

   • Locate Server service → Set Startup Type to Automatic and start it.

3. Check the firewall

   • Ensure SMB (TCP 445) is allowed.

   • In Windows Firewall, enable File and Printer Sharing for the domain profile.

   • For security, apply this through Group Policy with restricted IP scope.

4. Then try redeploying the agent.

Failed to connect to [Machine Name] registry

The Remote Registry service is disabled on the target machine.

UserLock can automatically enable and start the Remote Registry service when deploying agents.
In the deployment result window, click Fix it for me.

You can disable this automatic repair under Server Settings → Agent distribution if you prefer manual control.

1. Open Services.msc on the target machine.

2. Locate Remote Registry → Set Startup Type to Automatic.

3. Click Start, then OK.

4. Redeploy the agent.

This setting can also be enforced with a Group Policy.

You can enforce this configuration via Group Policy.

The impersonation account registered is invalid or doesn't have the administrative rights on [Machine name]

The account used for deployment either has an incorrect password or lacks administrative privileges on the target machine.

1. Check impersonation account password

   • Go to Server Settings → Service → Service impersonation.

   • If the password is invalid, a red warning message appears.

   • Update the password and let UserLock validate the credentials automatically.

   • Once validated, redeploy the agent.

2. Check impersonation account privileges

   • The account must be a local administrator on all target machines.

   • Update the credentials if necessary and rerun the validation.

If the validation fails, correct the credentials and repeat the process.

Failed to copy the agent file on %WorkstationName% from %source% to %destination% (Error=0x0035).

The administrative share ADMIN$ is disabled on the target machine.

1. Open the registry key:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

2. Set the following values to 1 (type REG_DWORD):

   • AutoShareWks

   • AutoShareServer

3. Restart the computer and try again.

You can enforce this configuration via Group Policy.

You see warnings such as 3034: MRxSmb or 4: Security-Kerberos in the System event log of your UserLock server.

This is not a UserLock issue. It happens when the deployer contacts an obsolete workstation entry in Active Directory, whose IP is reused by another machine.

1. Clean up obsolete (“ghost”) computers from Active Directory.

2. As a temporary workaround:

   • Open the UserLock console

   • Go to Server Settings → Advanced settings → General.

   • Set Check IP conflict to True.

   • This hides the warning but does not solve the root cause.