mp 301 scan to folder issues

**ridgemill** · 07-08-2024, 04:28 PM

For SMB v2/v3 Make sure the firmwares are at least the following:

System/Copy v3.24 (D1275780Y)
Network Support v12.36.1 (D1275791P)
Web Support v1.13 (D1275787P)
Scanner v01.09 (D1275786H)

OpePanel
- Europe and China model: v1.24 (D1271491P)
- North America, Asia, and Korea model: v1.04 (D1271498C)

Also, try full qualifying the username, e.g. "domain\username" or "username@domain"

Please note, some devices use v3 for the handshake, but v2, or even v1, for the data transfer.

**brett02** · 07-08-2024, 04:30 PM

Originally posted by ridgemill

For SMB v2/v3 Make sure the firmwares are at least the following:

System/Copy v3.24 (D1275780Y)
Network Support v12.36.1 (D1275791P)
Web Support v1.13 (D1275787P)
Scanner v01.09 (D1275786H)

OpePanel
- Europe and China model: v1.24 (D1271491P)
- North America, Asia, and Korea model: v1.04 (D1271498C)

Also, try full qualifying the username, e.g. "domain\username" or "username@domain"

Please note, some devices use v3 for the handshake, but v2, or even v1, for the data transfer.

Thanks, I made sure we have the latest firmware and the issues remains. I am attempting to get ahold of the server team to see if they made changes and also with Ricoh to see if this model is compatible with Server 2022 if they did indeed upgrade to that version.

**rthonpm** · 07-08-2024, 09:54 PM

I've got equipment as old as the MP 171 working just fine with Server 2022 with SMB 3. SMB will negotiate to the highest level supported so even if 3.1.1 isn't the machine would still use a variant of SMB 3 or SMB 2 to connect.

It sounds more like an account issue server side. Have the team check for instances of Security Event ID 4625, failed logon. That may give you something to work on.

**brett02** · 07-18-2024, 10:07 PM

Had another Bridge call and the MP301 will scan successfully literally every other scan ????

On the file server they are not seeing the Failed Login but this

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: Lanier
Source Workstation: RNP5838798886CB
Error Code: 0xC0000064

Basically it can't identify the domain ? But other models that have it entered the same work . So we tried adding the domain\username and still literally every other one . racking my brain on this one.

Validated they are using server 2022 and mentioned that if there is no domain it will kick the scan
Windows updates add new NTLM pass-through authentication protections for CVE-2022-21857

**dalewb74** · 07-18-2024, 10:13 PM

something i have had to do in the past. discuss with the IT dept. see if you can just bypass the server all together. see if you can setup the scans on just one pc. to eliminate the server from the equation. i had an IT guy swear to me once that the server wasn't the issue. after i told him 3 different times. he called one morning and finally confessed that was the issue. it was a new server, and hadn't be properly configured. good luck getting them to admit something like that.

**slimslob** · 07-18-2024, 10:44 PM

Originally posted by dalewb74

something i have had to do in the past. discuss with the IT dept. see if you can just bypass the server all together. see if you can setup the scans on just one pc. to eliminate the server from the equation. i had an IT guy swear to me once that the server wasn't the issue. after i told him 3 different times. he called one morning and finally confessed that was the issue. it was a new server, and hadn't be properly configured. good luck getting them to admit something like that.

The only time I have ever had a problem scanning to a server was when I made a typo in the domain name on one machine. It had been working using the IP address until they updated to Server 2016. It was at a school district with multiple campuses and at least 2 machines at each campus. All the others had been setup using the server name. When I changed to using the name it still got an error. Checking the error log I noticed a DNS login error. Found out it had been setup using .net which was their internet domain instead of ,local.

**brett02** · 07-18-2024, 10:53 PM

Originally posted by dalewb74

something i have had to do in the past. discuss with the IT dept. see if you can just bypass the server all together. see if you can setup the scans on just one pc. to eliminate the server from the equation. i had an IT guy swear to me once that the server wasn't the issue. after i told him 3 different times. he called one morning and finally confessed that was the issue. it was a new server, and hadn't be properly configured. good luck getting them to admit something like that.

Luckily we have the scans go through while we were on the call with the server team . On top of all this the account is going through DNS remediation so I have a feeling that is playing a part in this fun time.

**rthonpm** · 07-19-2024, 01:19 AM

Originally posted by brett02

On the file server they are not seeing the Failed Login but this

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: Lanier
Source Workstation: RNP5838798886CB
Error Code: 0xC0000064

A 64 error means the account doesn't exist.

Is the account a domain account or a local account on the server?

DNS servers only pointed at domain controllers?

Any NTLM restrictions in the environment like only allowing NTLMv2?

Kerberos realm configured on the machine?

Any way for the customer's IT to get a packet capture from the 301 to the server?

**Captain Scott** · 07-19-2024, 02:40 PM

Have you tried \\server ip instead of server name as the path as a test. Ping the name and it will reply with the server IP
but it sounds like you would of tried this already.

**brett02** · 07-19-2024, 02:46 PM

Originally posted by rthonpm

A 64 error means the account doesn't exist.

Is the account a domain account or a local account on the server?

DNS servers only pointed at domain controllers?

Any NTLM restrictions in the environment like only allowing NTLMv2?

Kerberos realm configured on the machine?

Any way for the customer's IT to get a packet capture from the 301 to the server?

I went down the Rabbit hole of NTLMv2 and did a telnet session into the MP301 and see it is not enabled
Thank you Wisconsin University from vintage 2012 for making your email public lol

https://kb.wisc.edu/images/group106/22836/NTLMv2RicohSettings.pdf

So I am now testing that which surprises me that they would opt for that authentication over Kerberos

My theory now is that we are hitting a server cluster , since the cyber event they did not just reimage the servers but decided to update them to 2022 but now stating they did not do that on all of them. On our next bridge call I will ask if we are indeed dealing with a server cluster .

Just waiting on my tech to be able to test scanning and see if we get more consistent results now

Captain Scott , We did ping and we also converted servername in the path to the IP address and the same issue occurs every other scan .

mp 301 scan to folder issues

mp 301 scan to folder issues

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment