Solved

LDAP Address query on Canon ScanFront 220 Web

Posted on 2009-04-02
24
3,855 Views
Last Modified: 2013-12-24
Everyone,

Does anyone know how to set this LDAP pull on a Canon ScanFront 220?  It is a web interface and you enter in your address book server.  I have tried everything and it won't connect.

Here is what it asks for
Search Base
Host Name
Port 389
Username
Pass

Search base I think is right, the host name I am using the DC machine name, but still it won't connect.  Any ideas or someone that has got this to work?
0
Comment
Question by:HDSportster08
  • 12
  • 11
24 Comments
 
LVL 9

Expert Comment

by:esmith69
ID: 24053687
I have had issues getting LDAP to work on Canon network copiers in the past.  For me, the key was the formatting of the "username" field.  I believe I had to specify the username in the format username@netbiosdomainname.

So for example, if the username you're using is "administrator", your NETBIOS domain name is CONTOSO, and your FQDN is contoso.local, in the "username" field you'd put:  administrator@contoso.

I'd experiment with different combinations of the formatting of the username field.  Sometimes it'd be contoso\administrator, administrator@contoso.local.  Occasionally it might need to be the email address of the user.
0
 
LVL 6

Author Comment

by:HDSportster08
ID: 24053743
esmith, would love to get this to work, tried all those usernames and nada.  Did you use the ip or the actual machine name for your Host Name?

Any other ideas would be GREATLY appreciated.
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24053763
pretty sure I put in the IP address of the domain controller.

Is there a "domain" field on the screen with the username/password stuff?  Or is there just a field for the username?
0
 
LVL 6

Author Comment

by:HDSportster08
ID: 24053825
There is

LDAP address book :  Another Server from Authentication server - chose this because our exchange is different

Search Base:  dc=somewhere,dc=com

Host Name(address): I have the dc ip in here

Port Number 389

User name


That is all that is listed, I know the mail part works as I have sent one using a manually keyed email off the scanner
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24053975
You could try installing an LDAP utility just as JXplorer (http://www.jxplorer.org/) on a PC other than the Domain Controller.  Then try connecting to the DC using the same settings you're using on the copier.

A question about the first line you mentioned above ("LDAP address book").  I would guess that this should actually be the SAME as the authentication server.  When you're doing the LDAP lookup, it usually is pulling the info from the DC, not from Exchange.  It might be that the DC is pulling the info in turn from the Exchange server, but most likely it's just pulling the info from Active Directory.
0
 
LVL 6

Author Comment

by:HDSportster08
ID: 24054045
I will try that utility, the reason I am using that setting is because they just want to display the list of email addresses.  If you use the authentication server, it makes you login everytime you want to do something, unless I am wrong on that?

Going to download that utility, thanks
0
 
LVL 6

Author Comment

by:HDSportster08
ID: 24058874
anyone else fooled with these things?
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24059619
I am assuming you were able to connect using the same authentication settings with that utility?
0
 
LVL 6

Author Comment

by:HDSportster08
ID: 24059893
Yes, I was, meant to update.  Ok, I checked the domain controller logs this morning and was getting an error that the com could not be queried outside of the dc.  So I went into dcomcnf, did a regedit and found the id of the error it was giving me.  I found the dcom and set the permissions to allow the account I am using to query and update I believe were the two.  

I am not in infrastructure, as funny as that seems, so I need them to restart IIS, I could have but didn't want the hassle from them if I did.  

So I think this whole ldap issue is on the server side and not the settings in the canon.  Any thoughts esmith?
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24059947
Why are you thinking you need to restart IIS?
0
 
LVL 6

Author Comment

by:HDSportster08
ID: 24059979
Ah, my fault, I was thinking sharepoint moss server.  Nevermind.  

Well at any rate, the server is throwing off an ldap in the error log saying it cannot be queried from outside sources.  Have you seen that before?
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24060092
What's the exact error message?
0
Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

 
LVL 6

Author Comment

by:HDSportster08
ID: 24060252
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{D99E6E73-FC88-11D0-B498-00A0C90312F3}
 to the user domain\loginname SID (S-1-5-21-2796758022-4218448519-2534690014-21107).  This security permission can be modified using the Component Services administrative tool.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24060311
So this error you're seeing is popping up every time you try to connect using LDAP?

I looked up that CLSID and I believe that's for the Certification Authority.  Have you already gone into dcomcnfg and enabled the local launch permissions for that SID?

I doubt that is the cause of your problems, but it it pops up only when you try to connect with LDAP then obviously it is related somehow.
0
 
LVL 6

Author Comment

by:HDSportster08
ID: 24060346
It does not popup on me because I am using the web interface of the canon scanner to configure the settings.  The error on the cannon scanner is

There is an error in the settings for the LDAP Address Book. Please check the settings.
80FE0031

I get that no matter what I do, even tried the authentication server method as well.
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24060399
Sorry, when I referred to "this error" in my last comment, I was talking about the Com server thing, not the error on the canon scanner.  What I meant was:  does this DCOM error show up in the server's event log every time you get the error on the canon (i.e. every time it tries to query LDAP)?  Or was that DCOM error just something you happened to see in the server's event log?
0
 
LVL 6

Author Comment

by:HDSportster08
ID: 24061047
Oh ok, yea I think it is showing up everytime I get the error on the canon web screen.
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24061178
Was there any setting on the Canon related to using SSL for the LDAP connection?  Or maybe somewhere in its general network settings?
0
 
LVL 6

Author Comment

by:HDSportster08
ID: 24061231
yes in the network settings
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24061629
I would try turning that off and then attempting to do the LDAP again.
0
 
LVL 6

Author Comment

by:HDSportster08
ID: 24062152
Yea, only problem is that it has never been on, lol.
0
 
LVL 9

Accepted Solution

by:
esmith69 earned 500 total points
ID: 24062333
Yea that is indeed a problem.

Take a look at this post and the followups to it:  http://www.eggheadcafe.com/conversation.aspx?messageid=29991109&threadid=29991109

It's not directly related to your issue and is pretty technical, but they talk a bit about how SSL works with LDAP.  I still think something funky is going on with that, I don't see why else that DCOM error would pop up every time you attempt to use the canon to do an LDAP (the DCOM that specifies the CLSID that is supposedly the certification authority).

Do you have Certification Services installed on the DC?
0
 
LVL 6

Author Comment

by:HDSportster08
ID: 24076402
esmith, I am going to accept this as an answer, I did some research on our server and it does not have certificate services installed, so I would say that is their main problem.  I have handed it off to that department to let them fool with it.  Thanks again for keeping up with this and all your help.
0
 

Expert Comment

by:zefon
ID: 32782846
Did you ever get this working?
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Utilizing an array to gracefully append to a list of EmailAddresses
Resolve DNS query failed errors for Exchange
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now