Ricoh & Server 2008 SMB Scanning

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Mark

    Ricoh & Server 2008 SMB Scanning

    Question, any advice very welcome.

    Windows Server 2008 Small Business Edition. Ricoh MFD's, applies to all of them. Scan to folder does not work. It is not possible to browse to the share from the copier. There is no sharing/NTFS permission errors. The account is a domain admin account.
    We have tried editing the settings that affected SMB scanning on Server 2003. We also have a Server 2008 Standard Edition and scanning to shares on this work as normal.
  • jneezy2008
    Software/IT

    50+ Posts
    • Mar 2009
    • 72

    #2
    Are you able to browse to the share, on the Small Business Edition, using a workstation?
    The snozberries taste like snozberries!!

    Comment

    • john_551
      Technician
      • May 2009
      • 23

      #3
      You can thank MS for this little screw up. Have you done this below.
      I have several server 2003/2008 smb set ups using ricoh.

      You should also always create a new user name and password for the Rico. I never use the Admin account, bad security.

      Dont know if the following is your case, but I have had this issue on Server 2003, SBS 2003, Server 2008 and SBS 2008 when they are configured as domain controllers.
      If this server is also a domain controler that is usually caused by the following setting:
      Microsoft Network Server: Digitally Sign Communications (Always), The default setting for domain controllers is enabled, for others is not configured or disabled. This usually causes problems when acessing the share from devices are not cable of Digitally Sign Communications, like some multifunctionals/scanners or linux machines. This does not happen on all machines since some are capable of Digitally Sign Communications. Usually older machines have this issue.
      So, try to disable this setting on the server, on the Domain controller security policy and Default Domain Policy.

      Administrative Tools
      Domain controller security policy
      Local Policies
      Security options
      Microsoft Network Server: Digitally signed communication (always) -> should be changed to DISABLE
      Execute Gpupdate /force or reboot the server to apply the policy change

      You will not be able to change this setting trough gpedit , local computer policy since it is overrided by the Domain security policy.

      On server 2008 one way to get there is the following:
      Administrative Tools
      Server Manager
      Features
      Group Policy Manager
      Forest: ...
      Default Domain Policy
      Computer configuration
      Policies
      Windows Settings
      Security Settings
      Local Policies
      Security Options
      Microsoft Network Server: Digitally Sign Communications (Always)
      - Define This Policy
      - Disabled

      Execute Gpupdate /force or reboot to apply policy

      Trough gpedit you will be able to see the option but not change it, so I suggest that after the change you cannot scan to the folder check trough gpedit if it is disabled.
      If it is not disabled, disable it at the top of the hierarchy. Something may be overriding the setting.

      If it still does not work try the following, togheter with the previous setting
      Domain member: Digitally encrypt or sign secure channel data (always) -> disabled

      Dont forget to execute Gpupdate /force or reboot to apply policy each time you change something.

      Also

      are you scanning to the server using \\server_ip_address\shared_folder or \\server_name\shared_folder?
      Jus
      t wondering about name resolution.
      Is the domain field configured in the machine? if not you might have to specify the user for authentication like for example: user@domain.local

      Comment

      • Mark

        #4
        Yeah I tried that, those are the server 2003 settings I was refferring to in my original post.
        It only affects 2008 small business server, the other versions work fine.
        It applies to all Ricoh MFD's, newer Ricohs can scan to smb on server 2003 without those settings being adjusted anyway.

        Yeah I can browse the share from a workstation and from our HP scanners.

        Comment

        • john_551
          Technician
          • May 2009
          • 23

          #5
          Here is a link for MS Technet perhaps this could be of help, it was for me.

          Managing Permissions for Shared Folders

          This is another possible solution for turning off smb in server 2008.
          Disable SMB 2.0 on Windows Server 2008 | Lyle Epstein's Systems Engineer Blog

          Comment

          • n25an
            Service Manager

            Site Contributor
            1,000+ Posts
            • Jul 2008
            • 1030

            #6
            great call

            Originally posted by john_551
            You can thank MS for this little screw up. Have you done this below.
            I have several server 2003/2008 smb set ups using ricoh.

            You should also always create a new user name and password for the Rico. I never use the Admin account, bad security.

            Dont know if the following is your case, but I have had this issue on Server 2003, SBS 2003, Server 2008 and SBS 2008 when they are configured as domain controllers.
            If this server is also a domain controler that is usually caused by the following setting:
            Microsoft Network Server: Digitally Sign Communications (Always), The default setting for domain controllers is enabled, for others is not configured or disabled. This usually causes problems when acessing the share from devices are not cable of Digitally Sign Communications, like some multifunctionals/scanners or linux machines. This does not happen on all machines since some are capable of Digitally Sign Communications. Usually older machines have this issue.
            So, try to disable this setting on the server, on the Domain controller security policy and Default Domain Policy.

            Administrative Tools
            Domain controller security policy
            Local Policies
            Security options
            Microsoft Network Server: Digitally signed communication (always) -> should be changed to DISABLE
            Execute Gpupdate /force or reboot the server to apply the policy change

            You will not be able to change this setting trough gpedit , local computer policy since it is overrided by the Domain security policy.

            On server 2008 one way to get there is the following:
            Administrative Tools
            Server Manager
            Features
            Group Policy Manager
            Forest: ...
            Default Domain Policy
            Computer configuration
            Policies
            Windows Settings
            Security Settings
            Local Policies
            Security Options
            Microsoft Network Server: Digitally Sign Communications (Always)
            - Define This Policy
            - Disabled

            Execute Gpupdate /force or reboot to apply policy

            Trough gpedit you will be able to see the option but not change it, so I suggest that after the change you cannot scan to the folder check trough gpedit if it is disabled.
            If it is not disabled, disable it at the top of the hierarchy. Something may be overriding the setting.

            If it still does not work try the following, togheter with the previous setting
            Domain member: Digitally encrypt or sign secure channel data (always) -> disabled

            Dont forget to execute Gpupdate /force or reboot to apply policy each time you change something.

            Also

            are you scanning to the server using \server_ip_addressshared_folder or \server_nameshared_folder?
            Jus
            t wondering about name resolution.
            Is the domain field configured in the machine? if not you might have to specify the user for authentication like for example: user@domain.local
            dude I am a kyocera copier tech and this call of yours saved my JU JU... thanks a million... great call
            Sad To Say I Don't Have a Life
            I do this stuff on the weekends too

            Comment

            • user245470

              #7
              fix for sharp 2600 with server 2008

              i had a user name and password with all rights avalible and would get a ce-00 i tried everything in the post didnt work then i moved my user name and made a member of the admin group and it worked so if all else fails try that

              Comment

              • Ralph S

                #8
                My last experiance

                On the MFP in the address book, start with a New entry. Put in the \\<server Ip Address> for the path to folder, then select browse. It asked me for credentials, even though tihad them already entered in SMB for file transfer. I put in ewhat I needed and was able to se teh shares. I had to do this for EACH scare that I wanted to complete.....3 in my case.

                FUN STUFF M$..............

                Comment

                • RoadKing
                  Technician
                  • Jan 2010
                  • 19

                  #9
                  What Ricoh models are you scanning from? Older models required the custom firmware for the digital signing required by Windows 2003 (and newer).
                  I'm trying to think, but nothing happens...

                  Comment

                  • Choro1dal
                    Trusted Tech

                    100+ Posts
                    • Jun 2008
                    • 176

                    #10
                    If disabling digital signatures does not resolve the issue in a Win 7 or 2K8 environment, try entering the full path to the destination instead of browsing to it. Win 7 and 2K8 use Samba V3.0.23 which is not supported on all Ricoh family MFDs at present.

                    Comment

                    • RicohSE
                      Solutions Engineer
                      • Oct 2009
                      • 14

                      #11
                      Windows 7 uses a higher level of encryption than before. In advance sharing allow sharing to devices that only use 40 or 64 bit encryption.
                      It only takes one drink to get me drunk. The problem is I can't remember if it is the thirteenth or fourteenth. - George Burns

                      Comment

                      • Carrie

                        #12
                        I ran into this same issue with a couple of Sharp's and a 2008 server. It was as simple as using the UPN name (username@domain.com) instead of domain\username. I couldn't tell you why, because I was able to scan to the 2003 server (the domain controller) on the same network using domain\username.

                        Can anyone explain what would cause me to have to use the UPN name on the 2008 server but not any other computer or server on the network?

                        Comment

                        • KenB
                          Geek Extraordinaire

                          2,500+ Posts
                          • Dec 2007
                          • 3946

                          #13
                          Originally posted by Carrie
                          I ran into this same issue with a couple of Sharp's and a 2008 server. It was as simple as using the UPN name (username@domain.com) instead of domain\username. I couldn't tell you why, because I was able to scan to the 2003 server (the domain controller) on the same network using domain\username.

                          Can anyone explain what would cause me to have to use the UPN name on the 2008 server but not any other computer or server on the network?
                          Maybe it's the way Server 2008 integrates with AD?
                          “I think you should treat good friends like a fine wine. That’s why I keep mine locked up in the basement.” - Tim Hawkins

                          Comment

                          • GiuseppeM

                            #14
                            hello, I have the same problem with a scanner konica minolta c250 bitzu, I can not in any way, it will save your scans on Windows Server 2008R2 64bit.
                            is there a solution?

                            Comment

                            • tcp

                              #15
                              Re: Ricoh &amp; Server 2008 SMB Scanning

                              This worked perfectly for us on a SBS 2011 server/domain. Thanks!

                              Originally posted by john_551
                              You can thank MS for this little screw up. Have you done this below.
                              I have several server 2003/2008 smb set ups using ricoh.

                              You should also always create a new user name and password for the Rico. I never use the Admin account, bad security.

                              Dont know if the following is your case, but I have had this issue on Server 2003, SBS 2003, Server 2008 and SBS 2008 when they are configured as domain controllers.
                              If this server is also a domain controler that is usually caused by the following setting:
                              Microsoft Network Server: Digitally Sign Communications (Always), The default setting for domain controllers is enabled, for others is not configured or disabled. This usually causes problems when acessing the share from devices are not cable of Digitally Sign Communications, like some multifunctionals/scanners or linux machines. This does not happen on all machines since some are capable of Digitally Sign Communications. Usually older machines have this issue.
                              So, try to disable this setting on the server, on the Domain controller security policy and Default Domain Policy.

                              Administrative Tools
                              Domain controller security policy
                              Local Policies
                              Security options
                              Microsoft Network Server: Digitally signed communication (always) -> should be changed to DISABLE
                              Execute Gpupdate /force or reboot the server to apply the policy change

                              You will not be able to change this setting trough gpedit , local computer policy since it is overrided by the Domain security policy.

                              On server 2008 one way to get there is the following:
                              Administrative Tools
                              Server Manager
                              Features
                              Group Policy Manager
                              Forest: ...
                              Default Domain Policy
                              Computer configuration
                              Policies
                              Windows Settings
                              Security Settings
                              Local Policies
                              Security Options
                              Microsoft Network Server: Digitally Sign Communications (Always)
                              - Define This Policy
                              - Disabled

                              Execute Gpupdate /force or reboot to apply policy

                              Trough gpedit you will be able to see the option but not change it, so I suggest that after the change you cannot scan to the folder check trough gpedit if it is disabled.
                              If it is not disabled, disable it at the top of the hierarchy. Something may be overriding the setting.

                              If it still does not work try the following, togheter with the previous setting
                              Domain member: Digitally encrypt or sign secure channel data (always) -> disabled

                              Dont forget to execute Gpupdate /force or reboot to apply policy each time you change something.

                              Also

                              are you scanning to the server using \\server_ip_address\shared_folder or \\server_name\shared_folder?
                              Jus
                              t wondering about name resolution.
                              Is the domain field configured in the machine? if not you might have to specify the user for authentication like for example: user@domain.local

                              Comment

                              Working...