Print server 2012

As a rule, I disable Windows Firewall, as it seems to cause more problems than solve.
I built a server 2012 R2 print server and installed all the printers - with the firewall disabled.  Everything goes along OK and then no one can print.  On the print server, all the printers were offline.  A reboot solved nothing.  Our network support company turned the firewall on and all the printers came back online right away.  Go figure.  He also said that Microsoft recommended this.  
This afternoon, all the printers went offline again; but the firewall was still on.  I disabled the firewall and all the printers came back online.  Again, go figure.
I've spent all afternoon searching/reading on this and haven't found a real conclusion.  Anybody have any insight on this?
Scott MillerIT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Spike99On-Site IT TechnicianCommented:
I would suspect SNMP settings on the port properties for each printer is to blame.

In Server 2003 SP1 or later, I know that the server would put any printer into "Offline" status if the printer didn't respond to SNMP commands.  The fix was either to just disable SNMP on the port or install a hotfix for Server 2003:

I don't know of any similar hotfix for Server 2012, but you could try disabling SNMP on the ports of one of the printers to see if SNMP is the cause.

If you're not familiar with how to disable SNMP:
1.  just go into Printer Properties
2.  click on the Ports tab.
3.  click on "Configure port..."
4.  uncheck the "SNMP Status Enabled" setting

If the printer goes from "Offline" to "Ready" as soon as you disable the SNMP settings, then I think you found your culprit.   Disabling SNMP will mean that you won't see real-time status of the printer on the print server (if it's out of paper or has a paper jam, for example).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cliff GaliherCommented:
Since flipping the firewall either way seems to solve the issue, my suspicion is a bad NIC or NIC driver. Because the windows firewall has support for IPSec among other things, turning it on or off effectively resets the entire network stack since Vista, so buggy drivers get reloaded too.

And as an aside, I also recommend leaving the firewall on. It is a very different thing than it was in XP. The security benefits are tangible.
Sivakarthi ShanmugamManager - OperationsCommented:
Do Not disable the Firewall service or stop it. Stop the Firewal in Domain / Provate profile as appropriate. To do so, Start>Run>GPEdit.msc

Expand Computer Settings> Windows Settings>SecuritySettings>Windows Firewall with Advanced Security

Also, apply the SNMP fix suggested by Cliff Galiher. I was in that situation and disabling SNMP did solved my issues.

The TCP Port settings are stored in registry @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports

Set "SNMP Enabled" to 0 to disable SNMP on that TCP Port. This can easily be scripted too.
Easiest way to disable SNMP on all ports is to go to
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Try re-installing the network card with new drivers if possible. (Uninstall delete old drivers ) Make sure you have the new drivers and everything ready before doing that.
"As a rule, I disable Windows Firewall," <-- That is a bad rule :-)
Scott MillerIT ManagerAuthor Commented:
I'll try turning off the snmp on each printer port, hopefully, that will solve it.  Since it only happens sporadically, it could be a while before I know if it works.  Thanks for the input.

It's not the network card because it's a VMWare server.  None of the other servers on that VMWare box have any issues.

As far as disabling the Windows Firewall, I have 3-4 other hardware and software firewalls already in place, so there isn't a need for another one that causes more problems than not.
Wow I learn something today.

Thanks Alicia White I will file that Snmp fix for later usage .
Scott MillerIT ManagerAuthor Commented:
Disabling snmp didn't work.
If the firewall is on and the printers go offline - I turn the firewall off and they all come back.  The next time it happens, I turn the firewall on and they all come back.
Spike99On-Site IT TechnicianCommented:
In jobs I've held, our network engineers have generally disabled windows firewalls on servers:  they used hardware firewalls instead.  so, I don't think it's a problem leaving that off (but I'm no networking expert!).

But, given the fact that the printers go back online when you change the state of the firewall seems to indicate an issue with some sort of networking or firewall issue.
Think of it this way yo have a house with a perimeter wall and electric fens. Its secure right. What happens say the gate is left open and some bad guy walks in and you house doors are wide open.. Lets say you add a secons layer of security and the guy who has managed to get in the firewall how has another issue ti get into the house. This has two effects. Once it allows people to notice suspicious activity. as well as make it harder more time consuming and possible stops him from entering.

ITs not a requirements to have the windows firewall on just like its not a requirement to have a hardware firewall. what it does do is add a later of security and complexity. Any good Network engineer will tell you that you you start from a max closed secure network and open up only whats needed.

One last little consideration. what happens if you would be hacker is internal say a staff member picked up a usb key in the car park and thought sweet. Lets plug it in and see whats on it. Look hacker bypassed firewall. Remember your weakest link in the security chain is always the user. So always secure from in going out.

Its just good practice. Remember if Microsoft didn't want you to use the server firewall it would not be enabled by default. its just lazy techs (or time limited techs ) who take shortcuts.
Scott MillerIT ManagerAuthor Commented:
Now you're just being an ass; don't patronize me.  I've been in IT for 25 years and I know what's best for MY NETWORK - you don't.  
I work with a tech support company and the main guy there agrees with me on the firewall usage.
Many IT guys use the firewall and many don't.  I'm not going to knock someone that does.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.