LDAP Address query on Canon ScanFront 220 Web

I have had issues getting LDAP to work on Canon network copiers in the past.  For me, the key was the formatting of the "username" field.  I believe I had to specify the username in the format username@netbiosdomainname.

So for example, if the username you're using is "administrator", your NETBIOS domain name is CONTOSO, and your FQDN is contoso.local, in the "username" field you'd put:  administrator@contoso.

I'd experiment with different combinations of the formatting of the username field.  Sometimes it'd be contoso\administrator, administrator@contoso.local.  Occasionally it might need to be the email address of the user.

esmith, would love to get this to work, tried all those usernames and nada.  Did you use the ip or the actual machine name for your Host Name?

Any other ideas would be GREATLY appreciated.

pretty sure I put in the IP address of the domain controller.

Is there a "domain" field on the screen with the username/password stuff?  Or is there just a field for the username?

There is

LDAP address book :  Another Server from Authentication server - chose this because our exchange is different

Search Base:  dc=somewhere,dc=com

Host Name(address): I have the dc ip in here

Port Number 389

User name


That is all that is listed, I know the mail part works as I have sent one using a manually keyed email off the scanner

You could try installing an LDAP utility just as JXplorer (http://www.jxplorer.org/) on a PC other than the Domain Controller.  Then try connecting to the DC using the same settings you're using on the copier.

A question about the first line you mentioned above ("LDAP address book").  I would guess that this should actually be the SAME as the authentication server.  When you're doing the LDAP lookup, it usually is pulling the info from the DC, not from Exchange.  It might be that the DC is pulling the info in turn from the Exchange server, but most likely it's just pulling the info from Active Directory.

I will try that utility, the reason I am using that setting is because they just want to display the list of email addresses.  If you use the authentication server, it makes you login everytime you want to do something, unless I am wrong on that?

Going to download that utility, thanks

anyone else fooled with these things?

I am assuming you were able to connect using the same authentication settings with that utility?

Yes, I was, meant to update.  Ok, I checked the domain controller logs this morning and was getting an error that the com could not be queried outside of the dc.  So I went into dcomcnf, did a regedit and found the id of the error it was giving me.  I found the dcom and set the permissions to allow the account I am using to query and update I believe were the two.  

I am not in infrastructure, as funny as that seems, so I need them to restart IIS, I could have but didn't want the hassle from them if I did.  

So I think this whole ldap issue is on the server side and not the settings in the canon.  Any thoughts esmith?

Why are you thinking you need to restart IIS?

Ah, my fault, I was thinking sharepoint moss server.  Nevermind.  

Well at any rate, the server is throwing off an ldap in the error log saying it cannot be queried from outside sources.  Have you seen that before?

What's the exact error message?

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{D99E6E73-FC88-11D0-B498-00A0C90312F3}
 to the user domain\loginname SID (S-1-5-21-2796758022-4218448519-2534690014-21107).  This security permission can be modified using the Component Services administrative tool.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

So this error you're seeing is popping up every time you try to connect using LDAP?

I looked up that CLSID and I believe that's for the Certification Authority.  Have you already gone into dcomcnfg and enabled the local launch permissions for that SID?

I doubt that is the cause of your problems, but it it pops up only when you try to connect with LDAP then obviously it is related somehow.

It does not popup on me because I am using the web interface of the canon scanner to configure the settings.  The error on the cannon scanner is

There is an error in the settings for the LDAP Address Book. Please check the settings.
80FE0031

I get that no matter what I do, even tried the authentication server method as well.

Sorry, when I referred to "this error" in my last comment, I was talking about the Com server thing, not the error on the canon scanner.  What I meant was:  does this DCOM error show up in the server's event log every time you get the error on the canon (i.e. every time it tries to query LDAP)?  Or was that DCOM error just something you happened to see in the server's event log?

Oh ok, yea I think it is showing up everytime I get the error on the canon web screen.

Was there any setting on the Canon related to using SSL for the LDAP connection?  Or maybe somewhere in its general network settings?

yes in the network settings

I would try turning that off and then attempting to do the LDAP again.

Yea, only problem is that it has never been on, lol.

esmith, I am going to accept this as an answer, I did some research on our server and it does not have certificate services installed, so I would say that is their main problem.  I have handed it off to that department to let them fool with it.  Thanks again for keeping up with this and all your help.

Did you ever get this working?