Scanner unexpectedly stopped connecting to server share

Hello friends,

Over the weekend, a canon imagerunner 2530 stopped it's ability to place scanned items into a network share on the server.

two canon reps have been to the office and claim they have successfully scanned a document to their laptop, and so therefore blame the server.

The server is SBS 2011 standard, and the \SCANNED folder which is shared on the domain, also is the landing point for the FTP server which another scanner in the office dumps it's scanned documents to via FTP.  Bot have been working fine for 2 months since server installation.

The Imagerunner used standard SMB network protocol when originally set up, and has worked for 2 months without fail recently.

I have tried everything I know to try:
I created a new share and verified a user permissions to that new share
I have tried changing user credentials on the scanner to someone of higher elevated credentials
I have checked and rechecked the settings on the printer/scanner via the web interface repeatedly
I have tried to use the FTP functionality of the same machine and cannot get it to work that way either.

Users CAN print to this machine just fine.

Other things I've tried:
turn off ALL firewalls on every level
turn off Kaspersky completely in addition to all firewalls being turned off

Two office service reps (company responsible for the imagerunner) came and tried to make it work, but said it's the server and beyond their ability to resolve.

EVERY OTHER SERVICE on this server is working perfectly, all users can access this folder, the other machine can drop files into it, and there is no other issue on the network.

I don't know what else to try ....  ASSUMING that the issue really is on my server, I ask for suggestions and ideas to try from better minds than my own.

I've tried a lot of little quirks, but I'm open to all ideas at this point.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AkinsdNetwork AdministratorCommented:
You may want to install wireshark on your server and capture the traffic from the copier to see what's happening to it.

It could also be something as simple as IP address (DNS error)
Is the copier connecting via host name or IP address. If host name, replace with server IP or check if the proper DNS is configured in the copier.

Also check the domain name configuration on the copier. If configured, disable or delete the entry and try again

If the copier supports NTLMv1 and NTLMv2, try setting it to use both. How are you typing the user name ? Domain\username? If not try that too
Also launch and check the secpol.msc from run command or browse to security policies on the server, look for the settings for digital signature

Security settings
Local policies
Security options
Microsoft Network Server: Digitally sign communications (always)
And ............(if client agrees)
Try disabling both and see if it makes any difference
If not, restore the original setting.

If non of those work, ask the reps to come back and initialize the machine, then reload or update the firmware

All the best

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FaxxerAuthor Commented:
Great suggestions Akinsd, I will have to be on site to actually test the settings each time so it might take me a few days.  Thank you and I'll report back asap...
FaxxerAuthor Commented:
Well, I've tried my very best to make sense of the wireshark capture, to no avail....

I have confirmed that I can scan to file and send to ANY other client in the domain without any problems, so the issue is directly with the server.

Quick question on the printer DNS, should it be the server IP or my isp's dns server? (Currently it's the old AT&T one, which has been working up until this last weekend just fine)

Now what I can't figure out ...  is what changed?   I did TWO windows updates in the window from working to not working:
1. Was the Exchange 2010 update rollup 4 (a big update to be sure, but it's for EXCHANGE and shouldn't be responsible for affecting a single printer on the network should it?) Nothing else broke.
2. the other was that timezone update from winupdates....

that's all that happened on this box.

I am using Kaspersky SOS 3 (Small Office Security) but the clients are using it also and no issues there...
I have tried 'disabled' mode on the server firewalls and Kaspersky also

I tried putting in the IP address instead of host, no difference at all. This printer may be older than you doesn't have an option ANYWHERE in the web interface for NTLM.

The 2 things I've not tried yet are the secpol.msc changes you suggested and calling back canon...  Will doing this make the server vulnerable to any outside attack? (Even if it's a short window)  

I'm not sure calling the reps back out to init the printer will be something needed since I can get it to work on client machines.

I am thinking about creating a share on each client that needs this scanner and adding that share in the address book of the printer, (i.e. "Joe" sends to Joe's pc share and so on)

I still would like to resolve to the server as it has backup, and all the users have the share for access, so any other ideas that come to mind, please keep them coming.

Will report back again if I find anything new and try the secpol.msc changes.

Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

AkinsdNetwork AdministratorCommented:
The digital signature is a Microsoft thing to ensure that only the device software they have tested and approved (digitally signed) can connect. It gives some security but in this current technology age, that security is very minimal and many vendors no longer digitally sign their software with Microsoft since it has a dollar cost to it and the signature does not apply to updated version meaning they have to digitally sign each update.

So in short, it shouldn't hurt anything.

There is a possibility that the sever is now using a higher level of authentication that the copier does not support with it's current version. Check with Canon and find out if there's a firmware that adds NTLMv1, v2 or v3 functionality

Any security update, whether for exchange or other services is global on the server. Considering all the vulnerabilities with email transmission in this age, security has become tougher. eg, allowing no authentication or permitting email relays globally will cause your email server to be blacklisted.... That's by the way.

Using a separate file server or scanning directly to clients may not be a bad idea if it won't hurt any workflow, compliance or IT management
FaxxerAuthor Commented:
Thank you for the info!  I will try the next steps and report back asap.
FaxxerAuthor Commented:
ok..I have an update.

I am unable to modify the secpol.msc settings despite adding my user as a network admin to the server, (which is supposed to be the highest authority isn't it?)

I went ahead and uninstalled the Kaspersky to test, I have had trust issues with A/V suites in the past and sometimes I just need to know.  Sadly it resolved nothing.

I also dropped the firewall on the domain side, again no joy.

I'm willing to try the secpol.msc edit, but perhaps you could assist me in gaining access to the properties instead of just poking my mouse at greyed out settings?  

I appreciate your help

FaxxerAuthor Commented:
I gave up and ended up creating an address for each user so they could send their job to their pc.

Thank you for trying.

There are alot of other posts out on the internet regarding ImageRunner about this that seem to all be clammering with no solution also...frustrating.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Hardware-Other

From novice to tech pro — start learning today.