Print server 2012

Posted on 2014-10-27
Last Modified: 2014-12-03
As a rule, I disable Windows Firewall, as it seems to cause more problems than solve.
I built a server 2012 R2 print server and installed all the printers - with the firewall disabled.  Everything goes along OK and then no one can print.  On the print server, all the printers were offline.  A reboot solved nothing.  Our network support company turned the firewall on and all the printers came back online right away.  Go figure.  He also said that Microsoft recommended this.  
This afternoon, all the printers went offline again; but the firewall was still on.  I disabled the firewall and all the printers came back online.  Again, go figure.
I've spent all afternoon searching/reading on this and haven't found a real conclusion.  Anybody have any insight on this?
Question by:BigRBTrout
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
LVL 17

Accepted Solution

Spike99 earned 500 total points
ID: 40407545
I would suspect SNMP settings on the port properties for each printer is to blame.

In Server 2003 SP1 or later, I know that the server would put any printer into "Offline" status if the printer didn't respond to SNMP commands.  The fix was either to just disable SNMP on the port or install a hotfix for Server 2003:

I don't know of any similar hotfix for Server 2012, but you could try disabling SNMP on the ports of one of the printers to see if SNMP is the cause.

If you're not familiar with how to disable SNMP:
1.  just go into Printer Properties
2.  click on the Ports tab.
3.  click on "Configure port..."
4.  uncheck the "SNMP Status Enabled" setting

If the printer goes from "Offline" to "Ready" as soon as you disable the SNMP settings, then I think you found your culprit.   Disabling SNMP will mean that you won't see real-time status of the printer on the print server (if it's out of paper or has a paper jam, for example).
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40407561
Since flipping the firewall either way seems to solve the issue, my suspicion is a bad NIC or NIC driver. Because the windows firewall has support for IPSec among other things, turning it on or off effectively resets the entire network stack since Vista, so buggy drivers get reloaded too.

And as an aside, I also recommend leaving the firewall on. It is a very different thing than it was in XP. The security benefits are tangible.

Expert Comment

by:Sivakarthi Shanmugam
ID: 40407587
Do Not disable the Firewall service or stop it. Stop the Firewal in Domain / Provate profile as appropriate. To do so, Start>Run>GPEdit.msc

Expand Computer Settings> Windows Settings>SecuritySettings>Windows Firewall with Advanced Security

Also, apply the SNMP fix suggested by Cliff Galiher. I was in that situation and disabling SNMP did solved my issues.

The TCP Port settings are stored in registry @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports

Set "SNMP Enabled" to 0 to disable SNMP on that TCP Port. This can easily be scripted too.
Easiest way to disable SNMP on all ports is to go to
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.


Expert Comment

ID: 40407635
Try re-installing the network card with new drivers if possible. (Uninstall delete old drivers ) Make sure you have the new drivers and everything ready before doing that.

Expert Comment

ID: 40407733
"As a rule, I disable Windows Firewall," <-- That is a bad rule :-)

Author Comment

ID: 40408595
I'll try turning off the snmp on each printer port, hopefully, that will solve it.  Since it only happens sporadically, it could be a while before I know if it works.  Thanks for the input.

It's not the network card because it's a VMWare server.  None of the other servers on that VMWare box have any issues.

As far as disabling the Windows Firewall, I have 3-4 other hardware and software firewalls already in place, so there isn't a need for another one that causes more problems than not.

Expert Comment

ID: 40414749
Wow I learn something today.

Thanks Alicia White I will file that Snmp fix for later usage .

Author Comment

ID: 40448030
Disabling snmp didn't work.
If the firewall is on and the printers go offline - I turn the firewall off and they all come back.  The next time it happens, I turn the firewall on and they all come back.
LVL 17

Expert Comment

ID: 40448316
In jobs I've held, our network engineers have generally disabled windows firewalls on servers:  they used hardware firewalls instead.  so, I don't think it's a problem leaving that off (but I'm no networking expert!).

But, given the fact that the printers go back online when you change the state of the firewall seems to indicate an issue with some sort of networking or firewall issue.

Expert Comment

ID: 40461106
Think of it this way yo have a house with a perimeter wall and electric fens. Its secure right. What happens say the gate is left open and some bad guy walks in and you house doors are wide open.. Lets say you add a secons layer of security and the guy who has managed to get in the firewall how has another issue ti get into the house. This has two effects. Once it allows people to notice suspicious activity. as well as make it harder more time consuming and possible stops him from entering.

ITs not a requirements to have the windows firewall on just like its not a requirement to have a hardware firewall. what it does do is add a later of security and complexity. Any good Network engineer will tell you that you you start from a max closed secure network and open up only whats needed.

One last little consideration. what happens if you would be hacker is internal say a staff member picked up a usb key in the car park and thought sweet. Lets plug it in and see whats on it. Look hacker bypassed firewall. Remember your weakest link in the security chain is always the user. So always secure from in going out.

Its just good practice. Remember if Microsoft didn't want you to use the server firewall it would not be enabled by default. its just lazy techs (or time limited techs ) who take shortcuts.

Author Comment

ID: 40478963
Now you're just being an ass; don't patronize me.  I've been in IT for 25 years and I know what's best for MY NETWORK - you don't.  
I work with a tech support company and the main guy there agrees with me on the firewall usage.
Many IT guys use the firewall and many don't.  I'm not going to knock someone that does.

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question