Link to home
Start Free TrialLog in
Avatar of Bob Vaal
Bob VaalFlag for United States of America

asked on

All shared printers on Print Server 2019 show offline at workstations.

All my printers on my Windows Server 2019 Print Server show offline at the client computers.  Worked fine yesterday.  So far here is what I found.


1. I can print a test page from the actual print server VM via printer management.

2. I cannot test print to that same printer from the printer control panel from the actual server VM

3. I can open printer properties via the old style control panel on the actual server VM 

4. I cannot open printer properties from the "settings" "printers & scanners" GUI.  It comes up with a rundll32.exe error.

5. At the workstation, all printers configured from the print server show offline.

Avatar of Bob Vaal
Bob Vaal
Flag of United States of America image

ASKER

Screenshot of error.  This is form the screen of the actual print server.
rundll-error.png
Ok - so I only get the rundll32 error when I am logged into the server VM via the domain administrator account.  Not when I'm logged in with the local server administrator account.  So I still don't know why all of the sudden no one can print to the print shares on this 2019 Windows Server.  Like mentioned, I can send test pages to each of the shared printers directly from the server itself but not from any workstation.
Avatar of Steve Knight
Permissions by the sounds of it then to the printers. Or more likely it has problems talking to the domain.

Apart from a reboot to start with, check event logs, that the dns servers set in is ip properties are correct  that it can do nslookup of your domain name.   Server lost trust relationship then perhaps - e.g someone accidentally brought a new server online with same name or test restored server and allowed it to communicate on the lab to dcs.

Can you login with domain account to the console / rdp with an account not logged in there before?

Steve
Ok - did some more digging.  One site recommended I check if I had domain controller issues.  I ran this test in PS and here it the result.  I then ran it on all my member servers with the same results.  Could this be why my workstations can't print.

PS C:\WINDOWS\system32> Test-ComputerSecureChannel -verbose
VERBOSE: Performing the operation "Test-ComputerSecureChannel" on target "server-srv".
False
VERBOSE: The secure channel between the local computer and the domain mydomain.org is broken.
ASKER CERTIFIED SOLUTION
Avatar of Steve Knight
Steve Knight
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Steve,

First off I have my immediate issue fixed. All my shared printers are now back online and users can print.  I ran IPCONFIG/ALL on all my servers and my workstation and the primary and secondary DNS settings are set the same.

However I still have some DC issues.  Not just with the print server but I believe across my entire domain.  From all my workstations and all my server VMs I get this error when I run nltest.  

PS C:\Windows\system32> nltest /sc_query:my.domain
Flags: 0
Trusted DC Name
Trusted DC Connection Status Status = 5 0x5 ERROR_ACCESS_DENIED
The command completed successfully

I get the same 5 0x5 errors when running dcdiag from each of my DCs. Here are those results:

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = AD1-SRV
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\AD1-SRV
      Starting test: Connectivity
         ......................... AD1-SRV passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\AD1-SRV
      Starting test: Advertising
         ......................... AD1-SRV passed test Advertising
      Starting test: FrsEvent
         ......................... AD1-SRV passed test FrsEvent
      Starting test: DFSREvent
         The event log DFS Replication on server AD1-SRV.my.domain could not be queried, error 0x5
         "Access is denied."
         ......................... AD1-SRV failed test DFSREvent
      Starting test: SysVolCheck
         ......................... AD1-SRV passed test SysVolCheck
      Starting test: KccEvent
         The event log Directory Service on server AD1-SRV.my.domain could not be queried, error 0x5
         "Access is denied."
         ......................... AD1-SRV failed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... AD1-SRV passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         Warning:  Attribute userAccountControl of AD1-SRV is:
         0x82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION )
         Typical setting for a DC is 0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION )
         This may be affecting replication?
         ......................... AD1-SRV passed test MachineAccount
      Starting test: NCSecDesc
         ......................... AD1-SRV passed test NCSecDesc
      Starting test: NetLogons
         ......................... AD1-SRV passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... AD1-SRV passed test ObjectsReplicated
      Starting test: Replications
         ......................... AD1-SRV passed test Replications
      Starting test: RidManager
         ......................... AD1-SRV passed test RidManager
      Starting test: Services
         ......................... AD1-SRV passed test Services
      Starting test: SystemLog
         The event log System on server AD1-SRV.my.domain could not be queried, error 0x5 "Access is denied."
         ......................... AD1-SRV failed test SystemLog
      Starting test: VerifyReferences
         ......................... AD1-SRV passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : my.domain
      Starting test: CheckSDRefDom
         ......................... my.domain passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... my.domain passed test CrossRefValidation

   Running enterprise tests on : my.domain
      Starting test: LocatorCheck
         ......................... my.domain passed test LocatorCheck
      Starting test: Intersite
         ......................... my.domain passed test Intersite
PS C:\Windows\system32>



I ran this command on my member server as well as my workstation but still get the errors.

netdom /resetpwd /server:ad-srv /userd:Administrator /passwordd:Pas$Word


Are these run in a run-as-administrator command prompt?
Steve,

PowerShell ran as Admin
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Good catch there.  Good old MS updates to the rescue again :-)  That update is fairly unspecific about what exactly it DOES do with but the fact it has made adjustments to AD replication and Kerberos authentication is interesting.

After you posted your DCDIAG I did look around for recent updates that flagged any issues but didn't get too far.

Glad you are working at least!

Steve