SMB Scanning to a Windows Desktop
Windows 2012 R2 domain with a mix of Windows 7 Pro and Windows 10 Pro computers. All 9 computers are 64bit, and fully patched. All computers have the same suite of software installed including antivirus. All computers and users have the same permissions on the network. In essence, they're all pretty much configured the same.
When the Konica Minolta BizHub 363 was installed, scanning to the desktop was setup using Konica's FTP utility using anonymous FTP with each computer having a static IP address. I'm in the process of changing the scanning to SMB with computers using DHCP IP addresses.
I've been successful changing to SMB scanning with 6 out of 9 computers. The FTP utility was uninstalled, and the IP address is now DHCP. But...it's been rocky getting SMB scanning on those 6 to work. There's C:\SCANS folder on all computers. I created a regular user, named Scanuser with a password, and added it to the Share (read/write) and NTFS permissions (Full Control) for the C:\SCANS folder. I changed the scanning on the Konica from FTP to SMB scanning for those computer.
That worked for several of the 6 computers. For the rest of the 6 I had to add "Everyone" to both the Share and NTFS permissions.
Believe me that I played with all permutations of the permissions. I never saw any pattern of success or why "Everyone" was needed on some computers and not others. Then there are the remaining 3 recalcitrant computers (2 Win10 and 1 Win7) where nothing has worked. The Konica just says it can't make a network connection which not very helpful.
The computers are pingable to both IP address and NETBIOS name. They all have the same Share and NTFS permissions. File sharing encryption is downgraded to 40/56 bit on all computers. The firewall shows SMB file sharing (IN) is enabled. While I'm testing I leave static IP addresses until I get SMB scanning working, so FTP scanning will still work until I get it figured out.
Help!
Thank you!
Mark
When the Konica Minolta BizHub 363 was installed, scanning to the desktop was setup using Konica's FTP utility using anonymous FTP with each computer having a static IP address. I'm in the process of changing the scanning to SMB with computers using DHCP IP addresses.
I've been successful changing to SMB scanning with 6 out of 9 computers. The FTP utility was uninstalled, and the IP address is now DHCP. But...it's been rocky getting SMB scanning on those 6 to work. There's C:\SCANS folder on all computers. I created a regular user, named Scanuser with a password, and added it to the Share (read/write) and NTFS permissions (Full Control) for the C:\SCANS folder. I changed the scanning on the Konica from FTP to SMB scanning for those computer.
That worked for several of the 6 computers. For the rest of the 6 I had to add "Everyone" to both the Share and NTFS permissions.
Believe me that I played with all permutations of the permissions. I never saw any pattern of success or why "Everyone" was needed on some computers and not others. Then there are the remaining 3 recalcitrant computers (2 Win10 and 1 Win7) where nothing has worked. The Konica just says it can't make a network connection which not very helpful.
The computers are pingable to both IP address and NETBIOS name. They all have the same Share and NTFS permissions. File sharing encryption is downgraded to 40/56 bit on all computers. The firewall shows SMB file sharing (IN) is enabled. While I'm testing I leave static IP addresses until I get SMB scanning working, so FTP scanning will still work until I get it figured out.
Help!
Thank you!
Mark
Cliff Galiher
There are widespread reports that the SMB 2 stack on those older printers is broken. My suggestion is don't scan to SMB, or uodrade to a unit that supports SMB 3.
Some target machines might have disabled smb1 while your scanner probably only speaks smb1.
Have you made sure each workstation is set to PRIVATE network. Also make sure in your antivirus / firewall software on each workstation to allow for file sharing. This is a common mistake.
ASKER
Cliff, thanks, but not an option.
McKnife, I'll have to check, but can't imagine why/how/when SMB1 being disabled.
Jason, all workstations are in a Domain network, not Private. All are configured the same. All have the same AV/firewall settings for sharing. The 4 Win10 computers were setup new and exactly the same out of the box. 2 were easily setup for SMB scanning, and I've never been able to configure the other 2 to work.
It's this inconsistency that I don't understand.
McKnife, I'll have to check, but can't imagine why/how/when SMB1 being disabled.
Jason, all workstations are in a Domain network, not Private. All are configured the same. All have the same AV/firewall settings for sharing. The 4 Win10 computers were setup new and exactly the same out of the box. 2 were easily setup for SMB scanning, and I've never been able to configure the other 2 to work.
It's this inconsistency that I don't understand.
In regards to SMBv1:
SMBv1 is not recommended for use after the WannaCrypt ransomware outbreak. Microsoft even pushed out updates for Server2003/XP specifically for this purpose. SMBv1 is disabled or not installed by default on W7, W10, 2012. Anything after Windows Vista (SP1) run SMBv2 or higher.
https://blogs.technet.microsoft.com/josebda/2013/10/02/windows-server-2012-r2-which-version-of-the-smb-protocol-smb-1-0-smb-2-0-smb-2-1-smb-3-0-or-smb-3-02-are-you-using/
SMBv1 is not recommended for use after the WannaCrypt ransomware outbreak. Microsoft even pushed out updates for Server2003/XP specifically for this purpose. SMBv1 is disabled or not installed by default on W7, W10, 2012. Anything after Windows Vista (SP1) run SMBv2 or higher.
https://blogs.technet.microsoft.com/josebda/2013/10/02/windows-server-2012-r2-which-version-of-the-smb-protocol-smb-1-0-smb-2-0-smb-2-1-smb-3-0-or-smb-3-02-are-you-using/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Cliff
I appreciate the time you took to respond and all of the information you've provided. What I don't understand, however, is why you found it necessary to include, what I felt was a real "attitude," i.e "You have three choices (and don't tell me it isn't an option...because a) I don't care...it isn't my network...," from what was, otherwise, a very well thought out and informative reply.
Nonetheless...thank you!
Mark
I appreciate the time you took to respond and all of the information you've provided. What I don't understand, however, is why you found it necessary to include, what I felt was a real "attitude," i.e "You have three choices (and don't tell me it isn't an option...because a) I don't care...it isn't my network...," from what was, otherwise, a very well thought out and informative reply.
Nonetheless...thank you!
Mark