?
Solved

Printing fails on server 2008 shared print server

Posted on 2009-02-13
11
Medium Priority
?
720 Views
Last Modified: 2012-11-20
We have our print server set up on Server A which is running server 2008.  Users are able to print to the shared printers we have installed there.

We have a second 2008 server that hosts our ERP software (IBM UniVerse) and has local ports installed for printers which point to the printers on Server A. So Printer 1 on Server B has a local port that points to \\ServerA\Printer1. When users try to print from the ERP software, the software prints to the printer installed on Server B which in turn send the print job to the printers installed on Server A.

When we had this running on Server 2003 everything worked fine. Since we have upgraded to server 2008 the print jobs will not work unless the user is a member of the Print Operators group. I have tried various other permission settings and that seems to be the only setting that works.

If we point the printers on Server B back to the old server 2003 print server, printing works fine. When we try to go between the two 2008 boxes it fails.

Is there some setting I am missing that might be causing this to fail in Server 2008?
0
Comment
Question by:thelaziestninja
  • 6
  • 5
11 Comments
 
LVL 22

Expert Comment

by:cj_1969
ID: 23636723
This sounds like it might be your problem ... http://www.errorsite.com/wp-content/uploads/2009/01/pr4.gif
It sounds like you need to either disable some security permissions or install an actual pront driver on server B and then configure LPR printing or something on printer A to allow an IP port to print to server A.
0
 

Author Comment

by:thelaziestninja
ID: 23636904
I know that all the drivers are installed on Server B for the shared printers on Server A. As far as disabling security permissions I am not sure what permissions to disable.
0
 
LVL 22

Expert Comment

by:cj_1969
ID: 23637195
This might come down to a permissions issue.
Chances are the spooler service is running as under the network service account, whose permissions are isolated by default to the current machine.  The print spoolers are most likely set up to allow machine users (consisting of local and domain users) to print to them ... could be controlled or limited by NTFS permissions on the spooler directory.  Anyway, given the print operator status working ... my guess is that it probably provides a pass-through capability not generally available to the spooler service.

Since they revamped the print spooler service in Windows 2008 and I do not have a server available to me I am purely guessing at this given my knowledge of Win 2/2k3.  

Check the print services on server A and see if you can grant EVERYONE access to the print service and/or the directory where the print queues reside on server A.

If that does not work then my suggestion would be to try changing the service account for the spooler service on server B to a domain account and see if it works then.

Another thought ... a local account with Print Operator role on server B configured for the spooler service might work also.

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:thelaziestninja
ID: 23649538
Ok made some progress but not resolved yet. As an experiment I gave Everyone Full permissions on the Spool folder in Windows\System32\Spool. Now when a user prints it no longer hangs on Server B the print job successfully transfers to Server A. Previously the Prit job would just hang on Server B and eventually error out. Now it hangs on Server A and eventually errors out. Checked the event log and there are no errors from the Print service showing, or any errors that would be helpful even.
0
 

Author Comment

by:thelaziestninja
ID: 23649606
Just tried changing the log on account for the spooler service to a domain admin account we use for running services. I received an error when I attempted to start the service using a different account than the local account:

The Print Spooler service failed to start due to the following error:
A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.
0
 
LVL 22

Expert Comment

by:cj_1969
ID: 23670658
To use a domain account to run something as a service the account will need to be granted Run As A Service permissions ... usually the OS states that the account does not have this permission and then prompts you to add it.  You might also need to grant permissions to the spool directory for the new account ... off hand I don't know that permissions are given.

Also, try making the account a member of the Print Operators group ... this should handle the directory permissions if there are any.

To grant the logon rights (as local admin)
1. run MMC with the Group Policy Editor
2. Expand ... Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights ASsignement
3. Double click on "Logon as a service"
4. Add the domain account to the list of users
0
 

Author Comment

by:thelaziestninja
ID: 23672101
I tried giving the user log on as a service right, I added them to print operators group, I even added them to the security list of the spool folder with full permissions and I am still not able to run the service with their account. I get the same error as before when trying to start the spool service. I have also rebooted the machine after all the changes were made to ensure the settings were taking effect.
0
 
LVL 22

Expert Comment

by:cj_1969
ID: 23672214
Try setting the permissions back to the way they were.
On the second server try adding the machine account of the first server to the print operator group and see if that allows the connection.  The machine account would be in the form of "ad\<machine name>$" (without the quotes).
0
 

Author Comment

by:thelaziestninja
ID: 24193793
It appears part of my problem is due to load balancing and NIC teaming on my HP servers. I don't have a clear answer yet because I haven't had an opportunity to test this on a clean environment but it appears by setting the NICs to fault tolerance instead of load balance my printing issues resolved themselves.
0
 
LVL 22

Accepted Solution

by:
cj_1969 earned 2000 total points
ID: 24194001
Cool.  You got it working and I learned something  :)
0
 

Author Comment

by:thelaziestninja
ID: 24194546
Yeah one of those way out of the blue solutions. Thanks very much for your ideas, I did try all of them to different degrees of success.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question