SMB Scanning to a Windows Desktop

Windows 2012 R2 domain with a mix of Windows 7 Pro and Windows 10 Pro computers. All 9 computers are 64bit, and fully patched. All computers have the same suite of software installed including antivirus. All computers and users have the same permissions on the network. In essence, they're all pretty much configured the same.

When the Konica Minolta BizHub 363 was installed, scanning to the desktop was setup using Konica's FTP utility using anonymous FTP with each computer having a static IP address. I'm in the process of changing  the scanning to SMB with computers using DHCP IP addresses.

I've been successful changing to SMB scanning with 6 out of 9 computers. The FTP utility was uninstalled, and the IP address is now DHCP.'s been rocky getting SMB scanning on those 6 to work. There's C:\SCANS folder on all computers. I created a regular user, named Scanuser with a password, and added it to the Share (read/write) and NTFS permissions (Full Control) for the C:\SCANS folder. I changed the scanning on the Konica from FTP to SMB scanning for those computer.

That worked for several of the 6 computers. For the rest of the 6 I had to add "Everyone" to both the Share and NTFS permissions.

Believe me that I played with all permutations of the permissions. I never saw any pattern of success or why "Everyone" was needed on some computers and not others. Then there are the remaining 3 recalcitrant computers (2 Win10 and 1 Win7) where nothing has worked. The Konica just says it can't make a network connection which not very helpful.

The computers are pingable to both IP address and NETBIOS name. They all have the same Share and NTFS permissions. File sharing encryption is downgraded to 40/56 bit on all computers. The firewall shows SMB file sharing (IN) is enabled. While I'm testing I leave static IP addresses until I get SMB scanning working, so FTP scanning will still work until I get it figured out.


Thank you!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
There are widespread reports that the SMB 2 stack on those older printers is broken. My suggestion is don't scan to SMB, or uodrade to a unit that supports SMB 3.
Some target machines might have disabled smb1 while your scanner probably only speaks smb1.
Jason JohanknechtIT ManagerCommented:
Have you made sure each workstation is set to PRIVATE network.  Also make sure in your antivirus / firewall software on each workstation to allow for file sharing.  This is a common mistake.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

markperl1Author Commented:
Cliff, thanks, but not an option.

McKnife, I'll have to check, but can't imagine why/how/when SMB1 being disabled.

Jason, all workstations are in a Domain network, not Private. All are configured the same. All have the same AV/firewall settings for sharing. The 4 Win10 computers were setup new and exactly the same out of the box. 2 were easily setup for SMB scanning, and I've never been able to configure the other 2 to work.

It's this inconsistency that I don't understand.
In regards to SMBv1:

SMBv1 is not recommended for use after the WannaCrypt ransomware outbreak.  Microsoft even pushed out updates for Server2003/XP specifically for this purpose.  SMBv1 is disabled or not installed by default on W7, W10, 2012.  Anything after Windows Vista (SP1) run SMBv2 or higher.
Cliff GaliherCommented:
To be clear, the Bizhub 363 did advertise SMB2 support.  But it *is* broken, and won't be fixed (since the 363 is effectively, if not officially, end of life.)

SMB1 is broken and Microsoft has put it end-of-life, and has written *many* blog posts about it.

You have three choices (and don't tell me it isn't an option...because a) I don't isn't my network, and b) Unless you have Konica's ear and Microsoft's ear and can convince one or both of them to change their HAVE to choose one of these options..not because I say so, but because sometimes that's just the cards your dealt...this is one of those times.)

Your three options:

1) Continue to use the 363 and accept the inconsistency due it's SMB2 implementation.  Like I said, it is broken, won't be fixed, so that's an acceptance you choose to deal with by sticking with this path.

2) Go to something besides SMB.  Scan to email.  Scan to FTP.  I even think Konica has app-support for the 363 to scan to dropbox/sharepoint/google drive.  With the 363 effectively EOL, I didn't dig too deep so don't quote me on which of those options is available, but I know a couple are.  All would be more reliable than their built-in SMB2 option.

3) Upgrade to something that supports SMB3.  I understand that this may not be an option. But that is why I am re-iterating what I said my previous comment and am stressing option 2 ...was always an option.

If you have a boss/client/whoever saying that they *need* SMB scanning, and are unwilling to consider a newer device nor anything besides SMB then that's option 1 (which admittedly I did not include in my previous comment.)

If the boss/client/whoever insists that they want SMB scanning *and* expect you to make it 100% reliable...well...that's no more an option than what you told me is not an option.   I want a mansion in Malibu too, but don't want to have to pay for it.  Some expectations just aren't reasonable to make. could argue that it is reasonable to expect a feature like SMB scanning to work.  Or for Konica to have a working SMB2 network stack. And I'd agree. But I think it's reasonable to expect Microsoft to release patches that don't brick computers.  But the May 8th patch for window 10-1803 bricked computers nonetheless.  I think that's unreasonable, but we get to deal with it no matter how unreasonable it is. Konica chose to never fix their SMB2 stack...that's their choice and unless you have their ear (do many millions of dollars with them) I doubt it'll get fixed.  So that does, for better or worse, limit your options.

I am not unsympathetic to your plight.  I am just the messenger.  You can protest and say "that's not an option" ...but I'm not the one you need to convince.  I, nor is it likely any expert here, can wave the magic wand and fix the situation at hand.  I am just presenting the options I see before you as I see them.  You can choose to believe me or not...I won't try to convince you beyond this last comment.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
markperl1Author Commented:

I appreciate the time you took to respond and all of the information you've provided. What I don't understand, however, is why you found it necessary to include, what I felt was a real "attitude," i.e "You have three choices (and don't tell me it isn't an option...because a) I don't isn't my network...," from what was, otherwise, a very well thought out and informative reply.

Nonetheless...thank you!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.