Solved

How to get a Canon IR2200i to store documents on a Windows server 2008

Posted on 2009-04-07
8
1,854 Views
Last Modified: 2013-12-27
Hello everyone,

at our office we have a Canon IR2200i that is supposed to "deliver" scanned documents to a server by storing them on a SMB share. When the share was hosted on Windows server 2003R2, this was merely a matter of disabling SMB signing on the server, since (like so many "professional" copiers) the Canon cannot handle that apparently.

However, since we switched to Windows Server 2008, I cannot get the Canon to store anything on an SMB share, even when I disable SMB signing completely in the domain controllers policy. The copier only produces the less than useful message "FEHLER" ("error").
The error message is displayed immediately after scanning, so a name resolution problem is unlikely (too little delay).

If anyone had an idea either how to make it work or how to get the machine to display a more meaningful error message, it would be greatly appreciated.

The server, in its event log, records a failed logon with the following data (this is for a logon attempt including the domain name, i.e. with a username of "pps\t.test"):
--------
Security ID: NULL SID
Account Name: PPS\T.TEST
Account Domain:

Workstation name: PPS\T.TEST
--------

Especially the reported workstation name sends shivers down my spine. Seems like the copier uses a pretty "free" interpretation of what information to deliver. In its network settings, its name is configured as "canon" btw.

In the unit's address book, I used the following settings to access the server (known to work, tested with Liunx smbclient):
---------
server: \\server-01\Benutzer
Path: \t.test\Dokumente\Scans
User: pps\t.test
Password: ************
---------------
The canon has SMB support switched on; TCP/IP networking is configured by DHCP and working.
0
Comment
Question by:MFollwerk
  • 5
  • 3
8 Comments
 
LVL 9

Accepted Solution

by:
jrtec earned 500 total points
ID: 24092741
Just to check, is this what you have changed and it didn't work?
Microsoft Network Server: Digitally signed communication (always) -> disabled
If so, then try the following also, toghether with the previous setting:
Domain member: Digitally encrypt or sign secure channel data (always) -> disabled

Also you can try
Network security: LAN Manager Authentication level -> Lower the level and test

Dont forget to execute Gpupdate /force or reboot to apply policy each time you change something.


(
You will not be able to change these setting trough gpedit , local computer policy since it is overrided by the Domain security policy.

On server 2008 one way to get there is the following:
Administrative Tools
Server Manager
Features
Group Policy Manager
Forest: ...
Default Domain Policy
 Computer configuration
  Policies
   Windows Settings
    Security Settings
     Local Policies
      Security Options
        Microsoft Network Server: Digitally Sign Communications (Always)
            Ï Define This Policy
            Ï Disabled

execute Gpupdate /force or reboot to apply policy

Just to check if the policy is being correctly applied try the following:
Trough gpedit (local computer policy) you will be able to see the options but not change them (greyed out), so I suggest that after the change you cannot scan to the folder check trough gpedit if it is disabled.
If it is not disabled, disable it at the top of the hierarchy. Something may be overriding the setting.
)

Hope any of this helps
0
 

Author Comment

by:MFollwerk
ID: 24094960
Hello jrtec,

thanks for the suggestions. I am currently out of office, but will test them later today and let you know the results.
0
 

Author Comment

by:MFollwerk
ID: 24098083
Hello again,
I now had time to test it all out. You are right btw in your assumption that I changed the "domain controllers" policy, not the normal domain policy. I even completely disabled SMB signing (not even optional) - no effect.
I followed your other suggestions and lowered the LAN Manager Authentication Level (down to the lowes possible) and even did a reboot to be absolutely certain that the settings were applied.

No effect, unfortunately. :-(

I checked the event log on the Windows server and it says "unknown user name or wrong password" (or simliar, I have to translate it from German) when it rejects the connect. I have quadruple-checkde username and password of course. You even enter them in cleartext on the Canon, so there is little room for error.

I am on it further.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 9

Assisted Solution

by:jrtec
jrtec earned 500 total points
ID: 24100605
Did you also changed Domain member: Digitally encrypt or sign secure channel data (always) -> disabled?

Did you check trough Run -> gpedit.msc (local computer policy) if the options are disabled, you can't change them trought here (greyed out), but you will be able to see if they disabled?

Did you check if you can access the shared folder on the server from another computer on the network using that username and password?

Here are some other things you can try:
See if you can find the domain field in the machine and and enter the correct domain name. Ex: company.local
That will be appended to the username for authentication.
Or if you don't have the domain field in the machine input the username like Ex: user@company.local


0
 
LVL 9

Expert Comment

by:jrtec
ID: 24100649
Sorry, Forget this question since have already tested.
Did you check if you can access the shared folder on the server from another computer on the network using that username and password?
0
 

Author Comment

by:MFollwerk
ID: 24108371
Yes, I did check that. Other Windows- and Linux-systems can access the folder fine using the same credentials. I'll try the hint about the username and domain name after the holiday (which is friday and monday here in Germany) and let you know the results. Thanks for your help so far. Your input is much appreciated.
0
 

Author Comment

by:MFollwerk
ID: 24213288
just to let you know, after lots of debugging and browsing logs, I have given up on this. It turned out that the copier sends completely wring credentials (i.e. user name where domain name should be etc). While Windows Server 2003 apparently gets along with this, neither Linux Samba servers nor windows Server 2008 do. I consider this machine broken by design.
I nevertheless accept your solution, jrtec, because in my experience it works for many other machines and is nicely put together.
0
 

Author Closing Comment

by:MFollwerk
ID: 31567401
It didn't work in the end, but the suggested measures work for many other machines. The Canon is most definitely bugged beyond hope.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question