Cannot Add Physical Machine to Inventory

Product version: 11.1

Last modified: 20 April 2026

Problem

When attempting to add a physical machine to the Inventory via Direct Connect, the operation fails with the following error message in the log:

2025-11-28T20:07:55,925 [ERROR][Controller] Collect host info exit code: 1326

Google 1326

Error 1326 is unknown username or bad password

Background

The issue is related to Windows authentication error 1326, which indicates:

Logon failure: unknown username or bad password

However, in this scenario, credentials are valid. The root cause is typically related to execution context and security restrictions, not the credentials themselves.

When credentials are valid, the common causes for error 1326 include:

  • User Rights Assignment: The account may lack the following rights:

    • Log on as a batch job

    • Access this computer from the network

  • Account restrictions: The account may have the following permissions:

    • Interactive logon

    • Network logon

  • Local Security Policy may restrict remote PowerShell execution even for domain admins

  • The Secondary Logon service must be running on the target host

  • Remote UAC restrictions affecting local administrator tokens (tokens filtering)

  • The probability that special characters in the password are being misinterpreted during remote command execution.

Solution

Follow the steps below to resolve the issue.

  1. Verify User Rights Assignment on the target machine:

    1. Open: secpol.msc

    2. Go to Local Policies > User Rights Assignment

    3. Ensure the account has the following rights:

      • Access this computer from the network

      • Log on as a batch job

  2. Ensure the following services are running:

    • Secondary Logon

    • Windows Remote Management (WinRM)

  3. Verify that remote PowerShell works using the same credentials:

    • No prompts or confirmations should appear

    • Scripts should run without issues

  4. Check UAC Remote Restrictions. If using a local administrator account:

    • Disable or adjust UAC remote restrictions

    • Ensure the account is not filtered to a limited token

  5. Validate Password Format

    • Temporarily test with a simple password (no special characters)

    • Special characters may break authentication in remote execution chains

  6. Verify Account Type and Permissions. Use a domain account where possible and ensure:

    • Administrative privileges

    • Proper domain policies applied

  7. In some cases, the issue is resolved by:

    • Creating a new Active Directory user

    • Assigning required permissions

    • Using this account to add the physical machine