@Remote difficulties with units configured with a device certificate

**KenB** · 03-16-2017, 03:29 AM

Re: @Remote difficulties with units configured with a device certificate

Originally posted by zed255

I have been alerted to a client who refreshed a fleet of devices and is not able to put the devices into managed mode.

There is a mix of devices involved but the lion's share are MPCxx04 MFPs. The units are discovered into monitored status just fine but when you try to flip them into managed mode as an HTTPS device the result ends up with @REMOTE_RESULT_NG. They can be put into managed mode as an SNMP device but that is not acceptable since toner orders placed from SNMP devices are not fulfilled and the client wants automatic toner replenishments.

Over the course of investigation I found all devices with a self-signed 'Device Certificate' exhibited the issue and the small desktop printers that were set up without the certificate had no issue being managed as HTTPS devices. The appliance is one of the older RC Gate BN1 units, firmware is up-to-date. The fellow I was working with was not sure why the certificates were installed and the technician who installed the units did not install the certificates. It is unclear if there is a legitimate reason for having the MFPs configured with device certificates, or if someone just was poking about and thought it a good idea.

Anyone have any experience or advice regarding this?

Hi, Zed,

I'm almost 100% sure that new machines are leaving the factory with SSL/TLS enabled, along with a device certificate installed.

If you work directly for Ricoh, as I do, the only other possibility would be that the config centers are sending them out that way, but that is extremely unlikely.

I just had this happen at an account with an MP C3004 and an MP 3504.

I installed GSNX Serverless on a PC, and had no issue installing the MFP software, and the profile properly synchronized on both.

The issue came when they went to send to DocMall, the reason for having GSNX. When I opened the GSNX logs, it was quite clear there was an authentication issue sending to DocMall.

Once I turned off SSL / TLS, and deleted the certs, all was good with the World again.

I had suggestions of registering the cert in the GSNX PC, but that was a pure guess. I don't think it would have mattered, as I don't see how it would make it into the profile on the MFP.

**Cipher** · 03-16-2017, 08:36 AM

Re: @Remote difficulties with units configured with a device certificate

Just PDIed an MP C4504 and an self signed cert was present but SSL/TLS was disabled by default.

I'm not 100% sure but I don't think that has always been the case though.

**Ricoh-ono** · 03-17-2017, 10:48 PM

Re: @Remote difficulties with units configured with a device certificate

Check SP mode 5816-202. If it has an 18 digit registration number then it was probably configured at setup. To clear it, run 5816-209, 5870-3, 5870-1, reboot, in that order. Probably will have to reach out to Ricoh @Remote Admins to clear it out of the Center Server. Once that is done then your appliance should be able to manage devices properly.

**zed255** · 03-17-2017, 11:45 PM

Re: @Remote difficulties with units configured with a device certificate

Originally posted by Ricoh-ono

Check SP mode 5816-202. If it has an 18 digit registration number then it was probably configured at setup. To clear it, run 5816-209, 5870-3, 5870-1, reboot, in that order. Probably will have to reach out to Ricoh @Remote Admins to clear it out of the Center Server. Once that is done then your appliance should be able to manage devices properly.

Thanks for the suggestion, but that is way back in the rear view mirror at this point. I have access to the Centre Server for appliance and device administration across Canada and know these units were not registered during pre-delivery setup. I have even performed the reset as a precaution to no avail.

I will be arranging another site visit and will report back on a few tips I have gotten.

**Ricohguy** · 08-04-2017, 08:14 PM

Re: @Remote difficulties with units configured with a device certificate

Was this ever resolved? I am trying to figure this issue out right now.

**zed255** · 08-05-2017, 04:51 PM

Re: @Remote difficulties with units configured with a device certificate

Originally posted by Ricohguy

Was this ever resolved? I am trying to figure this issue out right now.

I'd say more of an unofficial workaround that worked for me rather than a true Ricoh sanctioned solution, for whatever that is worth.

In the end I did the following to get the new units working with the RC Gate (BN1):

Remove devices from Centre Server
Set via WIM: SSL/TLS to Cyphertext/Cleartext, enable SSL 3.0, and enable RC4 128bit
Via SP: 5-816-209, 5-870-3, and 5-870-1
Restart
Either perform a manual discovery and register devices via the appliance or wait for auto discovery and switch to managed mode via Centre Server.

Depending on the firmware level the units were born with some options may be either correct from the start or require rectification. Good luck.

@Remote difficulties with units configured with a device certificate

@Remote difficulties with units configured with a device certificate

Comment

Comment

Comment

Comment

Comment

Comment