Solved

Scanner unexpectedly stopped connecting to server share

Posted on 2014-01-07
7
557 Views
Last Modified: 2014-02-04
Hello friends,

Over the weekend, a canon imagerunner 2530 stopped it's ability to place scanned items into a network share on the server.

two canon reps have been to the office and claim they have successfully scanned a document to their laptop, and so therefore blame the server.

The server is SBS 2011 standard, and the \SCANNED folder which is shared on the domain, also is the landing point for the FTP server which another scanner in the office dumps it's scanned documents to via FTP.  Bot have been working fine for 2 months since server installation.

The Imagerunner used standard SMB network protocol when originally set up, and has worked for 2 months without fail recently.

I have tried everything I know to try:
I created a new share and verified a user permissions to that new share
I have tried changing user credentials on the scanner to someone of higher elevated credentials
I have checked and rechecked the settings on the printer/scanner via the web interface repeatedly
I have tried to use the FTP functionality of the same machine and cannot get it to work that way either.

Users CAN print to this machine just fine.

Other things I've tried:
turn off ALL firewalls on every level
turn off Kaspersky completely in addition to all firewalls being turned off

Two office service reps (company responsible for the imagerunner) came and tried to make it work, but said it's the server and beyond their ability to resolve.

EVERY OTHER SERVICE on this server is working perfectly, all users can access this folder, the other machine can drop files into it, and there is no other issue on the network.

I don't know what else to try ....  ASSUMING that the issue really is on my server, I ask for suggestions and ideas to try from better minds than my own.

I've tried a lot of little quirks, but I'm open to all ideas at this point.

Ike
0
Comment
Question by:Faxxer
  • 5
  • 2
7 Comments
 
LVL 18

Accepted Solution

by:
Akinsd earned 500 total points
ID: 39764120
You may want to install wireshark on your server and capture the traffic from the copier to see what's happening to it.

It could also be something as simple as IP address (DNS error)
Is the copier connecting via host name or IP address. If host name, replace with server IP or check if the proper DNS is configured in the copier.

Also check the domain name configuration on the copier. If configured, disable or delete the entry and try again

If the copier supports NTLMv1 and NTLMv2, try setting it to use both. How are you typing the user name ? Domain\username? If not try that too
Also launch and check the secpol.msc from run command or browse to security policies on the server, look for the settings for digital signature

Security settings
Local policies
Security options
Microsoft Network Server: Digitally sign communications (always)
And ............(if client agrees)
Try disabling both and see if it makes any difference
If not, restore the original setting.

If non of those work, ask the reps to come back and initialize the machine, then reload or update the firmware


All the best
0
 

Author Comment

by:Faxxer
ID: 39764171
Great suggestions Akinsd, I will have to be on site to actually test the settings each time so it might take me a few days.  Thank you and I'll report back asap...
0
 

Author Comment

by:Faxxer
ID: 39767163
Well, I've tried my very best to make sense of the wireshark capture, to no avail....

I have confirmed that I can scan to file and send to ANY other client in the domain without any problems, so the issue is directly with the server.

Quick question on the printer DNS, should it be the server IP or my isp's dns server? (Currently it's the old AT&T one, which has been working up until this last weekend just fine)

Now what I can't figure out ...  is what changed?   I did TWO windows updates in the window from working to not working:
1. Was the Exchange 2010 update rollup 4 (a big update to be sure, but it's for EXCHANGE and shouldn't be responsible for affecting a single printer on the network should it?) Nothing else broke.
2. the other was that timezone update from winupdates....

that's all that happened on this box.

I am using Kaspersky SOS 3 (Small Office Security) but the clients are using it also and no issues there...
I have tried 'disabled' mode on the server firewalls and Kaspersky also

I tried putting in the IP address instead of host, no difference at all. This printer may be older than you realize...it doesn't have an option ANYWHERE in the web interface for NTLM.

The 2 things I've not tried yet are the secpol.msc changes you suggested and calling back canon...  Will doing this make the server vulnerable to any outside attack? (Even if it's a short window)  

I'm not sure calling the reps back out to init the printer will be something needed since I can get it to work on client machines.

I am thinking about creating a share on each client that needs this scanner and adding that share in the address book of the printer, (i.e. "Joe" sends to Joe's pc share and so on)

I still would like to resolve to the server as it has backup, and all the users have the share for access, so any other ideas that come to mind, please keep them coming.

Will report back again if I find anything new and try the secpol.msc changes.

Ike
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 18

Expert Comment

by:Akinsd
ID: 39768183
The digital signature is a Microsoft thing to ensure that only the device software they have tested and approved (digitally signed) can connect. It gives some security but in this current technology age, that security is very minimal and many vendors no longer digitally sign their software with Microsoft since it has a dollar cost to it and the signature does not apply to updated version meaning they have to digitally sign each update.

So in short, it shouldn't hurt anything.

There is a possibility that the sever is now using a higher level of authentication that the copier does not support with it's current version. Check with Canon and find out if there's a firmware that adds NTLMv1, v2 or v3 functionality

http://technet.microsoft.com/en-us/library/dd566199(v=ws.10).aspx


Any security update, whether for exchange or other services is global on the server. Considering all the vulnerabilities with email transmission in this age, security has become tougher. eg, allowing no authentication or permitting email relays globally will cause your email server to be blacklisted.... That's by the way.

Using a separate file server or scanning directly to clients may not be a bad idea if it won't hurt any workflow, compliance or IT management
0
 

Author Comment

by:Faxxer
ID: 39768250
Thank you for the info!  I will try the next steps and report back asap.
0
 

Author Comment

by:Faxxer
ID: 39770092
ok..I have an update.

I am unable to modify the secpol.msc settings despite adding my user as a network admin to the server, (which is supposed to be the highest authority isn't it?)

I went ahead and uninstalled the Kaspersky to test, I have had trust issues with A/V suites in the past and sometimes I just need to know.  Sadly it resolved nothing.

I also dropped the firewall on the domain side, again no joy.

I'm willing to try the secpol.msc edit, but perhaps you could assist me in gaining access to the properties instead of just poking my mouse at greyed out settings?  

I appreciate your help

ike
0
 

Author Comment

by:Faxxer
ID: 39832396
I gave up and ended up creating an address for each user so they could send their job to their pc.

Thank you for trying.

There are alot of other posts out on the internet regarding ImageRunner about this that seem to all be clammering with no solution also...frustrating.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello All, I have been training on Multicast for a while now and whenever I start the topic , I find out that my friends /  Colleagues mention that they do not know how to test Multicast Joins. As most of the multicast would be video traffic and …
Hi there, This article summarizes what you need if you are going to set up your home or small business Network Attached Storage (NAS) to be accessible from the internet. Of course there are configuration differences based on your NAS or router ma…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question