Solved

Scan to shared folder using SMB - ISA 2004

Posted on 2008-10-07
5
1,004 Views
Last Modified: 2010-04-21
Hi all,

I have a client who uses an OCE TDS400 plotter/scanner. The scanning function is configured to use SMB to forward scanned files to a shared folder on a W2K server. The domain controller is a W2K3 SBS with ISA 2004 installed.

This all worked fine until Friday, when I was working with Microsoft Professional Support to try to figure out why Outlook Web Access wouldn't work. As part of the troubleshooting they uninstalled and reinstalled ISA 2004. I expressed concern at the time about the custom rules, but they assured me that they had saved them using the backup function of ISA 2004 and that we'd reimport them. Unfortunately, after reinstalling ISA 2004, they discovered that for some reason they were unable to reimport the saved rules.

So the connection here is that scanning to the shared folder worked fine -- right up to momemnts before we uninstalled ISA 2004. Now the scanning component is unable to connect to the server. Microsft has pretty much washed their hands of it, saying that all internal network communications on the same LAN would be open by default anyway, so it couldn't be ISA 2004.

Bottom line question...is there anything in ISA I need to configure to allow the scanner to save files onto the server?

Thanks in advance for the help.

Tom
0
Comment
Question by:tgreendyk
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22664027
I have never heard of them tacking that tack before. All internal communications are NOT open by default by dint of the fact that this is an SBS server, not a standard windows server implementation. Secondly, the dafault scenario's expect to have authenticated users performing the activities. I don't know much about plotters but I expect it is not logged in an an SBS domain user - maybe you could confirm?

Does the plotter have a fixed Ip address that it uses?
I assume you have reapplied all of the ISA service packs that were applied prior to the config backup being taken? SP3 is the latest.
After you ran the ceicw (after the service packs) what rules has this left in the firewall policy for From internal TO internal? What is the authentication method assigned? All SBS Users? All Users?

Open the isa gui - select monitoring - logging - click start query.
What do yousee in the logs when you try to save a file to the server?

Keith

0
 
LVL 1

Author Comment

by:tgreendyk
ID: 22664149
Keith,

To answer your questions...

The scanner has a dedicated PC in the cabinet under it that acts as a controller, but when it boots up, it takes you right into a proporetary interface without logging on or anything, so I have to also assume that this PC is not authenticating. I don't think it's any different than newer-generation high end scanners other than the controller being a separate PC as opposed to being imbedded in the unit. The scanning configuration screen has a place to enter the IP address of the server, a user and a password, and the path. The user and password are present in Active Directory, so it's using a valid AD login to connect.

Yes, the plotter has a fixed IP address -- again, even though it's a PC, I believe it's really just like any other network printer.

Yes, when they reinstalled ISA, they installed SP3. I should note that prior to them working on it remotely, SP3 was NOT installed. They said it should be and applied it.

The others I'll have to get back to you on tomorrow.

Thanks!

Tom
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 22664224
No probs - it is 11PM here so my bedtime anyway but I can carry on tomorrow after work.
What I would suggest though (as a test) is creating a 'computer' object in the gui - firewall policy and giving it the ip address of the plotter/pc. Create a new firewall access rule - allow 'all outbound' FROM comp_object & local host TO comp_object & local host - all users. put this rule at the top and apply the policy - watch what traffic passes.

Keith
ISA MVP MCT

0
 
LVL 1

Author Closing Comment

by:tgreendyk
ID: 31504019
After talking to the printer manufacturer I realized that the printer was NOT configured to use SMB, but was using FTP -- which was blocked by ISA.

Thanks for the help!
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22764545
lol - well done :)  (and thanks for the update)
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SBS 2011 (Exchange 2010) Mailbox Sizes 4 74
SBS 2008 cannot logon remotely 7 55
Configure SBS 2008 monitoring 4 52
Certificate name mismatch error when starting Outlook 5 44
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question