Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Print server 2012

Posted on 2014-10-27
11
689 Views
Last Modified: 2014-12-03
As a rule, I disable Windows Firewall, as it seems to cause more problems than solve.
I built a server 2012 R2 print server and installed all the printers - with the firewall disabled.  Everything goes along OK and then no one can print.  On the print server, all the printers were offline.  A reboot solved nothing.  Our network support company turned the firewall on and all the printers came back online right away.  Go figure.  He also said that Microsoft recommended this.  
This afternoon, all the printers went offline again; but the firewall was still on.  I disabled the firewall and all the printers came back online.  Again, go figure.
I've spent all afternoon searching/reading on this and haven't found a real conclusion.  Anybody have any insight on this?
0
Comment
Question by:BigRBTrout
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 17

Accepted Solution

by:
Spike99 earned 500 total points
ID: 40407545
I would suspect SNMP settings on the port properties for each printer is to blame.

In Server 2003 SP1 or later, I know that the server would put any printer into "Offline" status if the printer didn't respond to SNMP commands.  The fix was either to just disable SNMP on the port or install a hotfix for Server 2003:
http://support.microsoft.com/kb/946198/en-us

I don't know of any similar hotfix for Server 2012, but you could try disabling SNMP on the ports of one of the printers to see if SNMP is the cause.

If you're not familiar with how to disable SNMP:
1.  just go into Printer Properties
2.  click on the Ports tab.
3.  click on "Configure port..."
4.  uncheck the "SNMP Status Enabled" setting

If the printer goes from "Offline" to "Ready" as soon as you disable the SNMP settings, then I think you found your culprit.   Disabling SNMP will mean that you won't see real-time status of the printer on the print server (if it's out of paper or has a paper jam, for example).
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40407561
Since flipping the firewall either way seems to solve the issue, my suspicion is a bad NIC or NIC driver. Because the windows firewall has support for IPSec among other things, turning it on or off effectively resets the entire network stack since Vista, so buggy drivers get reloaded too.

And as an aside, I also recommend leaving the firewall on. It is a very different thing than it was in XP. The security benefits are tangible.
0
 

Expert Comment

by:Sivakarthi Shanmugam
ID: 40407587
Do Not disable the Firewall service or stop it. Stop the Firewal in Domain / Provate profile as appropriate. To do so, Start>Run>GPEdit.msc

Expand Computer Settings> Windows Settings>SecuritySettings>Windows Firewall with Advanced Security


Also, apply the SNMP fix suggested by Cliff Galiher. I was in that situation and disabling SNMP did solved my issues.

The TCP Port settings are stored in registry @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports

Set "SNMP Enabled" to 0 to disable SNMP on that TCP Port. This can easily be scripted too.
Easiest way to disable SNMP on all ports is to go to
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 5

Expert Comment

by:Armenio
ID: 40407635
Try re-installing the network card with new drivers if possible. (Uninstall delete old drivers ) Make sure you have the new drivers and everything ready before doing that.
0
 
LVL 5

Expert Comment

by:Armenio
ID: 40407733
"As a rule, I disable Windows Firewall," <-- That is a bad rule :-)
0
 
LVL 1

Author Comment

by:BigRBTrout
ID: 40408595
I'll try turning off the snmp on each printer port, hopefully, that will solve it.  Since it only happens sporadically, it could be a while before I know if it works.  Thanks for the input.

It's not the network card because it's a VMWare server.  None of the other servers on that VMWare box have any issues.

As far as disabling the Windows Firewall, I have 3-4 other hardware and software firewalls already in place, so there isn't a need for another one that causes more problems than not.
0
 
LVL 5

Expert Comment

by:Armenio
ID: 40414749
Wow I learn something today.

Thanks Alicia White I will file that Snmp fix for later usage .
0
 
LVL 1

Author Comment

by:BigRBTrout
ID: 40448030
Disabling snmp didn't work.
If the firewall is on and the printers go offline - I turn the firewall off and they all come back.  The next time it happens, I turn the firewall on and they all come back.
0
 
LVL 17

Expert Comment

by:Spike99
ID: 40448316
In jobs I've held, our network engineers have generally disabled windows firewalls on servers:  they used hardware firewalls instead.  so, I don't think it's a problem leaving that off (but I'm no networking expert!).

But, given the fact that the printers go back online when you change the state of the firewall seems to indicate an issue with some sort of networking or firewall issue.
0
 
LVL 5

Expert Comment

by:Armenio
ID: 40461106
Think of it this way yo have a house with a perimeter wall and electric fens. Its secure right. What happens say the gate is left open and some bad guy walks in and you house doors are wide open.. Lets say you add a secons layer of security and the guy who has managed to get in the firewall how has another issue ti get into the house. This has two effects. Once it allows people to notice suspicious activity. as well as make it harder more time consuming and possible stops him from entering.

ITs not a requirements to have the windows firewall on just like its not a requirement to have a hardware firewall. what it does do is add a later of security and complexity. Any good Network engineer will tell you that you you start from a max closed secure network and open up only whats needed.

One last little consideration. what happens if you would be hacker is internal say a staff member picked up a usb key in the car park and thought sweet. Lets plug it in and see whats on it. Look hacker bypassed firewall. Remember your weakest link in the security chain is always the user. So always secure from in going out.

Its just good practice. Remember if Microsoft didn't want you to use the server firewall it would not be enabled by default. its just lazy techs (or time limited techs ) who take shortcuts.
0
 
LVL 1

Author Comment

by:BigRBTrout
ID: 40478963
Now you're just being an ass; don't patronize me.  I've been in IT for 25 years and I know what's best for MY NETWORK - you don't.  
I work with a tech support company and the main guy there agrees with me on the firewall usage.
Many IT guys use the firewall and many don't.  I'm not going to knock someone that does.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My GPO's made for 2008 R2 servers were not allowing me to RDP into a new 2012 server by default.  That’s why I tried to allow RDP via Powershell, because I could log into a remote shell without further configuration. Below I will describe how I wen…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question