Solved

Cross Forest Printing

Posted on 2013-05-27
11
1,239 Views
Last Modified: 2013-05-29
Hello

I'm setting up a print server for Company A.  Company A requires its (migrated) users to print via the print server in Company B. Do I add the printers on the print server in Company A to point to the relevant print queue on the print server on Company B?

Any ideas anyone ?

Thank you
0
Comment
Question by:nico-
  • 5
  • 5
11 Comments
 
LVL 6

Expert Comment

by:Inderjeetjaggi
ID: 39199048
Hi Nico,

Trust between 2 forest should resolve your issue. Below is more details about same.

 Printing to printer on a different domain
http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/7409f43a-1118-4c0b-8144-2995d8562f30

http://community.spiceworks.com/topic/98440-sharing-printers-across-domains
0
 
LVL 7

Expert Comment

by:eerwalters
ID: 39199303
If you don't want to setup a trust, you can enable LPR on Company A's print server and LPD on Company B's print server.  Then you create print queues on Company A's print server to point to existing print queues on Company B's print server.  This eliminates all issues with authentication/having to have a trust between domains.

  If you are interested in this path, just let me know the OS version of both print servers and I can give you specific instructions.
0
 

Author Comment

by:nico-
ID: 39199381
Thanks eerwalters

There's a Forest Trust setup, but they want the printing path to be

printer client Company A -> Print Queue on Print Server Company A -> Print queue on Print Server Company B -> Print Device Company B

User in Company A will receive the printer from Group Policy Preferences from Company A GPO.

Easier ways of doing it, but this is the way they want it to happen.

OS : Windows 2008 R2 Company A -
        Windows 2003 or 2008 R2 Company B
0
 

Author Comment

by:nico-
ID: 39199386
Eerwalters

I suppose the ultimate question is what is the method of creating print queue's on Company A's servers to point to existing print queues on Company B's print servers when there *is* a trust in existence ?

Thanks for your help
0
 
LVL 7

Expert Comment

by:eerwalters
ID: 39199472
The creation process for print queues on workstations and how you choose to deploy the printers does not not change in either environment with LPR setup between the print servers.
  The only thing that changes is that the output from the print queues on Company A can send to the print queues on Company B without having to have any trust.  If you have a trust, it does not effect the LPR/LPD transfer of print jobs.
  I'll create the instructions this afternoon and post them.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 7

Accepted Solution

by:
eerwalters earned 500 total points
ID: 39200079
There will be 5 basic steps to resolve the issue
    1- Enable LPD print service on the Windows 2008 print server at Company B
    2- Enable LPD (Print Services for Unix) on the Windows 2003 print server at Company B
    3- Install LPR port monitor on the Windows 2008 print server at Company A
    4- Make LPR to not be RFC 1179 compliant on the Company A print server
    5- Create new printers on the Windows 2008 print server at Company A



Step 1 - Enable LPD Service on the Windows 2008 print server at Company B
  If Server Manager loads after logging in, jump to item b, otherwise...
    a- GoTo Start and type servermanager.msc in the search box and hit Enter
    b- Highlight "Roles" in the left pane
    c- Click on "Add Role Services" on the right (This is assuming that the Print Server Role is already installed)
    d- Enable the LPD Service
    e- Click on Next
    f- Click Install
    g- Click Close
    h- GoTo Start
    i- Type services.msc in the search box and hit Enter
    j- Start the LPD Service if it is not started
    k- Close the Services window


Step 2 - Enable Print Services for Unix (LPD) on the Windows 2003 print server at Company B
    a- GoTo Start | Run  
         Type appwiz.cpl in the Open: box and hit Enter
    b- Click on "Add/Remove Windows Components" in the left pane
    c- Highlight "Other Network File and Print Services"
         Click on the "Details" button
    d- Enable the "Print Service for Unix" component
    e- Click OK
    f- Click on Next
    g- Click on Finish
    h- GoTo Start | Run
         Type services.msc in the Open: box and hit Enter
    i- Start the "TCP/IP Print Server" service if it is not started
    j- Close the Services window


Step 3 - Install LPR port monitor on the Windows 2008 print server at Company A
  If Server Manager loads after logging in, jump to item b, otherwise...
    a- GoTo Start and type servermanager.msc in the search box and hit Enter
    b- Highlight "Features" in the left pane
    c- Click on Add Features on the right
    d- Enable the LPR Port Monitor
    e- Click on Next
    f- Click Install
    g- Click Close


Step 4 - Making LPR to not be RFC 1179 compliant on the Company A print server
              (See the Notes area for why we do this step)
     
 Disclaimer:  Using regedit.exe can be very destructive to your PC.  If you are not comfortable using regedit, please seek assistance from someone who is.

    On the Company A print server
         1- Open RegEdit
         2- GoTo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\LPDSVC\lpr
         3- Create a new DWord (32-bit) named "UseNonRFCSourcePorts"  (without the quotes)
         4- Modify the value of the new RegKey to be "1" (without the quotes)
         5- Close RegEdit

 Your RegEdit entry after item 4 should look like the pic below (which reflects the results of items 2 thru 4):


UseNonRFCSourcePorts

Step 5 - Install a printer on the Company A print server to point to a Company B printer
    a- GoTo Start | Devices and Printers
    b- Add a Printer (Choose Add a local or network printer as an Administrator, if prompted)
    c- Add a Local Printer
    d- Select Create a new Port
    e- Select LPR Port from the drop down menu
    f- Click Next
    g- In the top field (Name or address of server providing LPD), enter TCP/IP address of the Company B print server that holds the desired printer
    h- In the bottom field (Name of printer or print queue on that server), enter the name of the desired Windows printer at Company B
    i- Click OK
    j- Continue onward with a normal Windows printer setup by picking the desired print driver and naming the printer until finished
    k- Open the newly created printer's properties
    l- GoTo the Ports tab
    m- Uncheck Enable Bidirectional support if it's enabled
    n- Click Apply
    o- GoTo the General tab and send a test print


Notes:
    1- This will allow the Company A print server to send to a print server at Company B as you have specified but will do so regardless of whether or not a trust exists between the 2 forests.
    2- We made the LPR at Company A to not be RFC 1179 compliant so it will send jobs as fast as they are received.  Had we not done that, there would be a delay if more than 11 print jobs were sent within a 2 minute timeframe.  We can now send thousands of jobs per minute and not have any delays.
    3- You can choose to deploy the new printers at Company A as you do any other printers at Company A.  We just changed the output side of the print queue to point to the Company B print server, so everything else should be defined as you already handle printer deployments.
    4- Installing the LPD Service on the Company B print servers only adds another way to get a print job into a print queue on that server.  It does not change anything else about the printers in their environment.
0
 

Author Comment

by:nico-
ID: 39201102
Hello

My mistake.  Company A PS to Company B Print Device.  Good solution though and good to know. Thanks! Points imminent
0
 

Author Closing Comment

by:nico-
ID: 39201106
Very quick to respond and details. Thanks for the other chap who replied.  Not quite what I was after.
0
 
LVL 7

Expert Comment

by:eerwalters
ID: 39201779
You can still use the solution to point directly to a printer at Company B, just:
 Remove
     Steps 1 and 2

 Replace
    Step 5g = Use the TCP/IP address of the printer
    Step 5h = Use "raw" without the quotes.

(This is assuming that the printer supports LPR and that it is not disabled. Most do support it and are enabled by default.)

Only port 515 would need to be open between the Company A print server and the desired printer at Company B.
0
 

Author Comment

by:nico-
ID: 39203970
Thanks

Would LPD/LPR still be used over the standard new printer creation in the windows 2008 server ? i thought that was more a UNIX solution or a workaround?  Performance is the benefit to using this approach rather than the standard MS approach?
0
 
LVL 7

Expert Comment

by:eerwalters
ID: 39204301
The only thing that we are varying in this scenario is the outbound connectivity from the print queue to the printer.  The inbound connectivity to the print queue from the workstations is still the same.  

 Using LPR per the instructions above does provide a less chatty protocol for talking with the printer than the default settings for the Standard Port Monitor in Windows. LPR is also very fast. However, you can disable the SNMP monitoring in a standard windows setup to make it less chatty too.

 LPR/LPD is a UNIX standard that has been around for years and so it is compatible with just about everything that you want to have talk to each other for printing purposes.  I personally prefer to use LPR on the inbound side of the print queue too and make the print queues be binary pass-through queues.  That turns them into traffic cops for just directing print jobs to their destinations and does not touch the contents of the print job. That setup also eliminates the driver lockup issues that normal Windows servers experience.  That's an entirely different solution than what we have been referring.

 Back to your issue.  The solution that I suggested will work for printing to the Company B print servers (regardless of whether there is a trust or not) or directly to the Company B printers (with the instruction modifications). However, there is no reason that you can't use the standard Windows setup (Standard TCP/IP printing) to the Company B printers if they will allow the Company A print server to connect to them.
    (...meaning vs printing thru the Company B print servers as they would have to allow the Company A print server to connect directly to the printers for LPR too)

  I personally would prefer handing off print jobs from one print server to the other as it:
  1- only requires 1 firewall rule between the print servers for Company A to print to every printer at Company B
  2- makes your troubleshooting easier as once it's handed off, it's the responsibility of Company B to insure that the print job is delivered to the printer
  3- is easier to isolate any problems caused by print jobs from Company A (if I were responsible for Company B printing)
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Weird DFS behavior... 5 46
need help finding HP Scanjet 4890 full software download 16 36
Expand C partition 13 20
hp deskjet 1055 8 26
Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now