Solved

Print server 2012

Posted on 2014-10-27
11
612 Views
Last Modified: 2014-12-03
As a rule, I disable Windows Firewall, as it seems to cause more problems than solve.
I built a server 2012 R2 print server and installed all the printers - with the firewall disabled.  Everything goes along OK and then no one can print.  On the print server, all the printers were offline.  A reboot solved nothing.  Our network support company turned the firewall on and all the printers came back online right away.  Go figure.  He also said that Microsoft recommended this.  
This afternoon, all the printers went offline again; but the firewall was still on.  I disabled the firewall and all the printers came back online.  Again, go figure.
I've spent all afternoon searching/reading on this and haven't found a real conclusion.  Anybody have any insight on this?
0
Comment
Question by:BigRBTrout
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 16

Accepted Solution

by:
Spike99 earned 500 total points
Comment Utility
I would suspect SNMP settings on the port properties for each printer is to blame.

In Server 2003 SP1 or later, I know that the server would put any printer into "Offline" status if the printer didn't respond to SNMP commands.  The fix was either to just disable SNMP on the port or install a hotfix for Server 2003:
http://support.microsoft.com/kb/946198/en-us

I don't know of any similar hotfix for Server 2012, but you could try disabling SNMP on the ports of one of the printers to see if SNMP is the cause.

If you're not familiar with how to disable SNMP:
1.  just go into Printer Properties
2.  click on the Ports tab.
3.  click on "Configure port..."
4.  uncheck the "SNMP Status Enabled" setting

If the printer goes from "Offline" to "Ready" as soon as you disable the SNMP settings, then I think you found your culprit.   Disabling SNMP will mean that you won't see real-time status of the printer on the print server (if it's out of paper or has a paper jam, for example).
0
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
Since flipping the firewall either way seems to solve the issue, my suspicion is a bad NIC or NIC driver. Because the windows firewall has support for IPSec among other things, turning it on or off effectively resets the entire network stack since Vista, so buggy drivers get reloaded too.

And as an aside, I also recommend leaving the firewall on. It is a very different thing than it was in XP. The security benefits are tangible.
0
 

Expert Comment

by:Sivakarthi Shanmugam
Comment Utility
Do Not disable the Firewall service or stop it. Stop the Firewal in Domain / Provate profile as appropriate. To do so, Start>Run>GPEdit.msc

Expand Computer Settings> Windows Settings>SecuritySettings>Windows Firewall with Advanced Security


Also, apply the SNMP fix suggested by Cliff Galiher. I was in that situation and disabling SNMP did solved my issues.

The TCP Port settings are stored in registry @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports

Set "SNMP Enabled" to 0 to disable SNMP on that TCP Port. This can easily be scripted too.
Easiest way to disable SNMP on all ports is to go to
0
 
LVL 5

Expert Comment

by:Armenio
Comment Utility
Try re-installing the network card with new drivers if possible. (Uninstall delete old drivers ) Make sure you have the new drivers and everything ready before doing that.
0
 
LVL 5

Expert Comment

by:Armenio
Comment Utility
"As a rule, I disable Windows Firewall," <-- That is a bad rule :-)
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Author Comment

by:BigRBTrout
Comment Utility
I'll try turning off the snmp on each printer port, hopefully, that will solve it.  Since it only happens sporadically, it could be a while before I know if it works.  Thanks for the input.

It's not the network card because it's a VMWare server.  None of the other servers on that VMWare box have any issues.

As far as disabling the Windows Firewall, I have 3-4 other hardware and software firewalls already in place, so there isn't a need for another one that causes more problems than not.
0
 
LVL 5

Expert Comment

by:Armenio
Comment Utility
Wow I learn something today.

Thanks Alicia White I will file that Snmp fix for later usage .
0
 
LVL 1

Author Comment

by:BigRBTrout
Comment Utility
Disabling snmp didn't work.
If the firewall is on and the printers go offline - I turn the firewall off and they all come back.  The next time it happens, I turn the firewall on and they all come back.
0
 
LVL 16

Expert Comment

by:Spike99
Comment Utility
In jobs I've held, our network engineers have generally disabled windows firewalls on servers:  they used hardware firewalls instead.  so, I don't think it's a problem leaving that off (but I'm no networking expert!).

But, given the fact that the printers go back online when you change the state of the firewall seems to indicate an issue with some sort of networking or firewall issue.
0
 
LVL 5

Expert Comment

by:Armenio
Comment Utility
Think of it this way yo have a house with a perimeter wall and electric fens. Its secure right. What happens say the gate is left open and some bad guy walks in and you house doors are wide open.. Lets say you add a secons layer of security and the guy who has managed to get in the firewall how has another issue ti get into the house. This has two effects. Once it allows people to notice suspicious activity. as well as make it harder more time consuming and possible stops him from entering.

ITs not a requirements to have the windows firewall on just like its not a requirement to have a hardware firewall. what it does do is add a later of security and complexity. Any good Network engineer will tell you that you you start from a max closed secure network and open up only whats needed.

One last little consideration. what happens if you would be hacker is internal say a staff member picked up a usb key in the car park and thought sweet. Lets plug it in and see whats on it. Look hacker bypassed firewall. Remember your weakest link in the security chain is always the user. So always secure from in going out.

Its just good practice. Remember if Microsoft didn't want you to use the server firewall it would not be enabled by default. its just lazy techs (or time limited techs ) who take shortcuts.
0
 
LVL 1

Author Comment

by:BigRBTrout
Comment Utility
Now you're just being an ass; don't patronize me.  I've been in IT for 25 years and I know what's best for MY NETWORK - you don't.  
I work with a tech support company and the main guy there agrees with me on the firewall usage.
Many IT guys use the firewall and many don't.  I'm not going to knock someone that does.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

In my previous 24 VMware Articles (http://www.experts-exchange.com/ARTH_1864316.html?arthOrderBy=3&arthSort=1#arth), most featured Intermediate VMware Topics. My next series of articles concentrated on topics for the VMware Novice;   If you would…
Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now