I came across a fairly interesting issue in a fairly locked down Enteprise environment this week. When attempting to perform an automated install of SharePoint 2013 using AutoSPInstaller (Version 3.93) we would continuously see that the accounts would be marked as Invalid during the first check in AutoSPInstaller. While this typically might reek of incorrect password or perhaps a mistyped username, in our case we knew the accounts were correct.
After a lot of digging and tracing, we determined that the issue was that the accounts in question had been configured in Active Directory to only allow logon to specific machines. The actual AD property was userWorkstations. It turns out the few accounts that were succeeding did not have this property defined; however, the accounts that were failing had only been given permission to log into certain workstations, none of which were part of our new SharePoint 2013 farm.
The resolution is of course to add the whole list of servers to the userWorkstations attribute in Active Directory.
I won’t explicitly call out by name the individuals that helped figure this out so that their identities are protected, but to those of you who helped figure this out – thank you!