Print server 2012

Posted on 2014-10-27
Last Modified: 2014-12-03
As a rule, I disable Windows Firewall, as it seems to cause more problems than solve.
I built a server 2012 R2 print server and installed all the printers - with the firewall disabled.  Everything goes along OK and then no one can print.  On the print server, all the printers were offline.  A reboot solved nothing.  Our network support company turned the firewall on and all the printers came back online right away.  Go figure.  He also said that Microsoft recommended this.  
This afternoon, all the printers went offline again; but the firewall was still on.  I disabled the firewall and all the printers came back online.  Again, go figure.
I've spent all afternoon searching/reading on this and haven't found a real conclusion.  Anybody have any insight on this?
Question by:BigRBTrout
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
LVL 17

Accepted Solution

Spike99 earned 500 total points
ID: 40407545
I would suspect SNMP settings on the port properties for each printer is to blame.

In Server 2003 SP1 or later, I know that the server would put any printer into "Offline" status if the printer didn't respond to SNMP commands.  The fix was either to just disable SNMP on the port or install a hotfix for Server 2003:

I don't know of any similar hotfix for Server 2012, but you could try disabling SNMP on the ports of one of the printers to see if SNMP is the cause.

If you're not familiar with how to disable SNMP:
1.  just go into Printer Properties
2.  click on the Ports tab.
3.  click on "Configure port..."
4.  uncheck the "SNMP Status Enabled" setting

If the printer goes from "Offline" to "Ready" as soon as you disable the SNMP settings, then I think you found your culprit.   Disabling SNMP will mean that you won't see real-time status of the printer on the print server (if it's out of paper or has a paper jam, for example).
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40407561
Since flipping the firewall either way seems to solve the issue, my suspicion is a bad NIC or NIC driver. Because the windows firewall has support for IPSec among other things, turning it on or off effectively resets the entire network stack since Vista, so buggy drivers get reloaded too.

And as an aside, I also recommend leaving the firewall on. It is a very different thing than it was in XP. The security benefits are tangible.

Expert Comment

by:Sivakarthi Shanmugam
ID: 40407587
Do Not disable the Firewall service or stop it. Stop the Firewal in Domain / Provate profile as appropriate. To do so, Start>Run>GPEdit.msc

Expand Computer Settings> Windows Settings>SecuritySettings>Windows Firewall with Advanced Security

Also, apply the SNMP fix suggested by Cliff Galiher. I was in that situation and disabling SNMP did solved my issues.

The TCP Port settings are stored in registry @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports

Set "SNMP Enabled" to 0 to disable SNMP on that TCP Port. This can easily be scripted too.
Easiest way to disable SNMP on all ports is to go to
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Expert Comment

ID: 40407635
Try re-installing the network card with new drivers if possible. (Uninstall delete old drivers ) Make sure you have the new drivers and everything ready before doing that.

Expert Comment

ID: 40407733
"As a rule, I disable Windows Firewall," <-- That is a bad rule :-)

Author Comment

ID: 40408595
I'll try turning off the snmp on each printer port, hopefully, that will solve it.  Since it only happens sporadically, it could be a while before I know if it works.  Thanks for the input.

It's not the network card because it's a VMWare server.  None of the other servers on that VMWare box have any issues.

As far as disabling the Windows Firewall, I have 3-4 other hardware and software firewalls already in place, so there isn't a need for another one that causes more problems than not.

Expert Comment

ID: 40414749
Wow I learn something today.

Thanks Alicia White I will file that Snmp fix for later usage .

Author Comment

ID: 40448030
Disabling snmp didn't work.
If the firewall is on and the printers go offline - I turn the firewall off and they all come back.  The next time it happens, I turn the firewall on and they all come back.
LVL 17

Expert Comment

ID: 40448316
In jobs I've held, our network engineers have generally disabled windows firewalls on servers:  they used hardware firewalls instead.  so, I don't think it's a problem leaving that off (but I'm no networking expert!).

But, given the fact that the printers go back online when you change the state of the firewall seems to indicate an issue with some sort of networking or firewall issue.

Expert Comment

ID: 40461106
Think of it this way yo have a house with a perimeter wall and electric fens. Its secure right. What happens say the gate is left open and some bad guy walks in and you house doors are wide open.. Lets say you add a secons layer of security and the guy who has managed to get in the firewall how has another issue ti get into the house. This has two effects. Once it allows people to notice suspicious activity. as well as make it harder more time consuming and possible stops him from entering.

ITs not a requirements to have the windows firewall on just like its not a requirement to have a hardware firewall. what it does do is add a later of security and complexity. Any good Network engineer will tell you that you you start from a max closed secure network and open up only whats needed.

One last little consideration. what happens if you would be hacker is internal say a staff member picked up a usb key in the car park and thought sweet. Lets plug it in and see whats on it. Look hacker bypassed firewall. Remember your weakest link in the security chain is always the user. So always secure from in going out.

Its just good practice. Remember if Microsoft didn't want you to use the server firewall it would not be enabled by default. its just lazy techs (or time limited techs ) who take shortcuts.

Author Comment

ID: 40478963
Now you're just being an ass; don't patronize me.  I've been in IT for 25 years and I know what's best for MY NETWORK - you don't.  
I work with a tech support company and the main guy there agrees with me on the firewall usage.
Many IT guys use the firewall and many don't.  I'm not going to knock someone that does.

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question