• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2199
  • Last Modified:

Is SMB blocked by default on domains using Server 2011?

I have a new Xerox Phaser 6180 MFP that uses SMB to send scanned documents across networks.  I believe the firewall or something is blocking this function.  There is no issue with the shared folder itself because I can read and write files to it from another workstation with no problem.  If I attempt to scan from the printer to the workstation I get an error.  

The server is running Server 2011 and the workstation is a Windows 7 Pro.  Is there something by default in the Group Policies that locks SBM from communicating to workstations?

I eventually tried FTP which was another communication option but Microsoft does not make that easy either because FTP has to be installed and it is blocked by the firewall because we could not get it to work unless I disabled the firewall.  

Any recommendations on how to get this accomplished?  Steps?

Thanks in advance.  I can not believe this should be this difficult.
0
MrGD
Asked:
MrGD
  • 5
  • 5
  • 2
  • +2
2 Solutions
 
Todd GerbertIT ConsultantCommented:
I just installed a Small Business Server 2011 system last week, and I'm pretty sure no one has changed any settings yet, so these screenshots should represent default out-of-the-box settings. But you can check yours to make sure.

Control Panel -> System and Security -> Windows Firewall -> Allow a program or feature through Windows Firewall.
SBS 2011 - Firewall Exceptions

Control Panel -> Network and Internet -> Network and Sharing Center -> Change advanced sharing settings.
SBS 2011 - Network
0
 
ChiefITCommented:
I had a xerox MFP and had to update the firmware for it for SMB sharing. I hope this helps.

This issue drove me crazy for a couple WEEKS.
0
 
ChiefITCommented:
ALSO:

SMB is and is not blocked by default:

SMB uses TCP port 445 by default. This is not blocked on most routers.

The legacy means for CIFS sharing uses NETBIOS. This is blocked by windows firewall by default and is still used to this day for some domain functions (including file and print sharing).

Those are the famed ports of:
137
138
and
139
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
MrGDAuthor Commented:
Will log in to investigate Monday.  This has been driving me crazy as well.  I am also baffled as to why it is blocked or not working as well as level 2 support from Xerox.  To me it makes more sense to get SMB working instead of FTP for inter office support since all workstations are Windows but Microsoft is making it difficult.  Thought that SMB was their default file sharing protocol.  Although tried every combination I can think of,  the login credentials within the SMB app would be the domain login correct?  Although there is a userid associated with the PC, the user normally uses the Domain login to gain access to the PC and her files.  The shared file is on the root directly and set to allow everyone access to it anyways.  My thinking or concern is what the OS or Microsoft is looking for if there is some security happening that is not apparent to the user or myself.  I have the share set to full access by everyone and no password is required.
0
 
MrGDAuthor Commented:
Quick update and thanks for all of the quick responses.  Pulled away on another project.  Story of our jobs, anyways, will be getting back to this hopefully tomorrow.
0
 
hollykingCommented:
Did you find the solution ? Facing the same problem here, regards.
0
 
MrGDAuthor Commented:
Actually no.  I just coincidentally got back into investigating this issue today.   I am starting to think that maybe the firewall on this workstation is blocking port 20 that is used for FTP.  Checked and FTP is running on the workstation.  Unfortunately for some reason I can not disable the firewall nor make any changes to it.  This PC is on a domain but we did not implement any Group Policies so by default I thought we should be able to disable.  Oddly enough other workstations can modify their firewalls.  Need to resolve that then will update what I find.
0
 
hollykingCommented:
Ok so you are trying trought ftp instead of smb ? Me im looking for a solution with smb
0
 
MrGDAuthor Commented:
The scanner offers both so figured I would try FTP.  When that would also not work, started looking into firewall issues.  I am assuming SMB could also have an issue with a firewall and right now can not find out which ports are open and which are closed until I can figure out how to enable the disabling option for the firewall.
0
 
hollykingCommented:
Yes i've try to use FTP first but got the same problem with SBS 2011 firewall. Maybe i will try with other FTP software instead of IIS. Let me know if you found a solution.
0
 
MrGDAuthor Commented:
Too many fires to put out.  I am thinking more and more this is a firewall issue.  Had another issue with a client getting login pop-ups from Outlook.  He would log into the server then get pop-ups again after on the domain.  I have narrowed this down to the firewall within his virus protection.  Odd nobody else with the issue.  I will need to post that find because there are a number of people encountering the same thing but everybody is pointing to a profile issue.
0
 
hollykingCommented:
Trying to use filezilla ftp server on port 21 without passive mode. Open the port into the sbs firewall will do some tests on xerox scan tomorrow
0
 
laltobelliCommented:
Hello,

Did tgerbert suggestions really work?  I tried and it did not work.  I even switched off the firewall and that did not work either.  

Any more ideas?

Larry
0
 
hollykingCommented:
Work fine for me with Filezilla FTP Server... and finally OK with SMB too. There was a settings activated on the Xerox machine asking for authentification that i have disabled and solve the issue when i want to use network function (scan to folder or scan to email).
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

  • 5
  • 5
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now