PDA

View Full Version : Bizhub 350 - unable to scan to network folder


Custom Search


grupy
07-30-2008, 05:44 PM
We replaced our older copiers with the Bizhub 350 and I've been unable to configure the device to successfully scan to a network folder.

I have created an account within AD and set the permission to never change password. I have connected to the copiers web interface and configured a button to Scan PDF. This button is set to the IP address of the server where the folder is stored and the network folder is also configured, along with the account that I created earlier. I am using the TX:PC (SMB) option and for one reason or another am unable to scan to the desired folder. I have left the coding method to MH.

I have even tried to send a PDF file to my PC directly as well without any success. I used my IP address and created a new folder called "scan", which I shared out to all users (with full access) and still am unable to recieve any kind of document. So, scanning over the network to my PC doesnt work either nor does it work for the file server.

Am I missing something in particular here? Any suggestions into a fix would be greatly appreciated.

discontained
07-31-2008, 01:51 PM
are you trying to set it up onto a server where everyone can access the shared folder on the server, or a individual workstation?

grupy
07-31-2008, 04:46 PM
are you trying to set it up onto a server where everyone can access the shared folder on the server, or a individual workstation?

In the end, I need to configure it to a server where everyone has access to it. The network folder is a shared folder, and everyone has full control over each of the folders that reside in that location.

The account that was created for the server access, has full rights and the password is set not to change either - I know a bad security risk but the account only has access to this one share drive.

As for the individual workstation, this was just a simple test to get it working for testing purposes.

discontained
07-31-2008, 04:50 PM
I just setup a client with scan to desktop, make sure the server login and the password is setup on the copier itself.

Also you want to edit the server's network IP (start>run>cmd... ipconfig and whatever the ip for the server is you want to enter that into the host IP address... Than you want to point to the folder loctaion
make sure your folder on the Server Desktop or whever it is, is setup shared.

EX. D:\Shared Docs\Scans

you want to edit the scan directory on the copier itself either thru pagescope or via one touch registration entry on the copier to say "D:\Shared Docs\Scans" you should than be able to see the scan show up in the folder


Hope that helps

grupy
07-31-2008, 06:41 PM
I have set our test account, lets call it ScanUser, will full access to a network folder on our local P: drive. The P: drive is public for all users in my office, and in there I have created a folder called Scans.

I have used PageScope to configure the one-touch button on my 350 and the settings are as follows:

TX:PC (SMB) - this is set as the Com. Mode

IP Address: 1.2.3.4 (I have entered the IP address of our server)
File Path: Parent\Child\Scan (this is actually P:\Parent\Child\Scan on our network)
UserName: ScanUser (this is the network account created for this only)
Password: ***** (entered in the AD password for this account)
Retype Password: ***** (re-entered in AD password)
File Type: PDF
Coding Method: MH

I get the following error message: ED09C7
This error indicates that the username/password is incorrect.

Does the user account ScanUser need more special priviledges, such as domain admin to store a file onto a shared folder that all users have full access to??

Thanks for your earlier reply.

dallas
08-02-2008, 04:09 PM
Change the default domain security settings.

Open Server Management:
Default Domain Controller Policy -> Security Settings -> Local Policies -> Security Options

Change:
Mircosoft network server: Digitally sign communications (always) to "disabled"
Microsoft network server: Digitally sign communications (if client agrees) to "disabled"

michael517mi
08-12-2008, 04:26 PM
with the backslash on the front as well?

pepper38_cnd
08-12-2008, 11:43 PM
Try in the copier network settings under Wins enter the address of your server even if you are not running Wins on the server! I have found on 2003 server this helps when scanning to folder (SMB).

johnj_01201
02-20-2009, 08:55 PM
Remember that the manufactuer says this model will NOT scan to a DC. However, the following is usually all that is needed. It does not fix you specific issue though. With your issue, I have found that you cannot use the domain user account to scan to a worksation. You have to create a local user. In theory you could do this on the DC as well, but I am told that many settings have to be changed to allow a local user account.

To disable SMB packet and secure channel signing enforcement on Windows Server 2003–based domain controllers

1. From Administrative Tools open Domain Controller Security Policy
2. Smile
3. Select \Security Settings\Local Policies\Security Options folder.
4. In the details pane, double-click Microsoft network server: Digitally sign communications (always), and then click Disabled to prevent SMB packet signing
from being required.
5. Click OK.
6. In the details pane, double-click Domain member: Digitally encrypt or sign secure channel data (always), and then click Disabled to prevent secure channel
signing from being required.
7. Click OK.
To apply the Group Policy change immediately, either restart the domain controller, or type gpupdate at a command line, and then press ENTER.

This should make the 2003 server act like a Win2k server as far as SMB security is concerned.

ivovb
02-20-2009, 09:19 PM
I would suggest to enter for file path ONLY the name of shared folder. In your example it is
Scan
Folder Scan must be shared! and your ScanUser must have full rights to this folder (permissions and security fields).

BR

TheOwl
02-22-2009, 10:52 PM
This machine is NOT Active Directory compliant. Which means that you cannot scan to anything other than a local user account.

Konica Minolta are not going to fix this issue due to the ROM size being too small on the machine to add the coding to the firmware and the fact that the new range of B&W Bizhubs are being released which are AD compliant.

johnj_01201
02-23-2009, 12:33 AM
Actually you can, and we do it at our own office with SBS 2003 R2. We have many customers doing it with this machine (200,250, and 350) on 2003 servers as well. It only has to pass the SMB authentication process. It doesn't use Active Directory in any real sence. To date, we only have 2 customers that cannot do this with their 2003 servers.

TheOwl
02-23-2009, 01:19 AM
Konica Minolta's official statement is these machines are not capable of NTLM v2 which is required to use Active Directory. We recently got caught out on this one in a major tender where by the sales guys said yes when the official answer is no.

If you are using Server 2003 or other versions of server, you can create a local account, but this is impossible on a Domain Controller as the local accounts and groups are disabled when you install Active Directory.

The only way I can think of to get the machines to scan to file on a Domain Controller is to install IIS (or similar FTP program) and get the machine to scan scan via FTP instead of SMB.

By disabling 'SMB Packet Digital Signing' you are also creating a possible security risk. From memory, SBS 2003 and Server 2008 are the only versions with this group policy enabled by default.

johnj_01201
02-24-2009, 01:17 AM
We're just talking about scanning to an SMB share, nothing more. It's a simple authentication process. Our salesmen tell the customers that it will scan to their desktops, but that it usually works on the server IF their IT is OK with the changes and wants to go threw with it. We give the info to their IT and their IT determine if they want to do it or not. The machine is also capable of using AD with LDAP, and AD is the default setting. The changes make the 2003 server the same as the default 2000 server settings.


Also, I see KM is now saying the newest copiers can scan to "SMB(Desktop)" in all the spec sheets.

Your also correct that the most of the other copiers do not need these changes. At one point KM had Windows signature capability, but I am told they had to backtrack, so I do not know which models will work out of the box with 2003\2008 server at this time.

TheOwl
02-24-2009, 01:26 AM
Basically all the new machines with the Emperon technology can authenticate with AD.

The BH 250 / 350 is basically a Di 2510 / 3510 with a couple of differences made. The Australian release for the new series B&W machines (25 and 35 cpm) is set for late April. These are fully capable of NTLM v2 and AD authentication.

Scanning to a local desktop uses NTLM v1 because the user name and password are kept locally on that desktop, not with in the Active Directory. You can do this on a server, but only if it isn't a DC which will disable the local logon credentials.

johnj_01201
02-24-2009, 01:13 PM
Oh, OK, we must have different firmware in the US. For example, this morning I disabled the SBS 2003 R2 firewall (ISA 2004) and set the 350 to use Active Directory Authentication and it worked.

Would you by any chance know what protocol or ports I need to open on the firewall for AD authentication? None of our copiers will authenticate to 2003 server with the default firewall settings. This morning when I said I disabled it, I just made a new rule that allowed every DNS, RPC, etc. protocols that I would not normally have turned on and it worked. I will have to try each one to find the correct setting. I google'd AD ports, but did not find anything that actually worked.

ivovb
02-24-2009, 01:54 PM
Oh, OK, we must have different firmware in the US. For example, this morning I disabled the SBS 2003 R2 firewall (ISA 2004) and set the 350 to use Active Directory Authentication and it worked.

Would you by any chance know what protocol or ports I need to open on the firewall for AD authentication? None of our copiers will authenticate to 2003 server with the default firewall settings. This morning when I said I disabled it, I just made a new rule that allowed every DNS, RPC, etc. protocols that I would not normally have turned on and it worked. I will have to try each one to find the correct setting. I google'd AD ports, but did not find anything that actually worked.

Are you sure you need a port for AD? Why not try the SMB port? If my memory serves me well it is 489.

BR

johnj_01201
02-24-2009, 03:03 PM
Yes, the ISA firewall shows it is dropping the packets and blocking it. In the past we've always used Account Tracking. Now we are moving towards Authentication via Windows servers and Active Directory. Konica is starting to add new scanning features to all the new machines, and some of the previous models, that do secured scanning using AD. It is plain and simple there are no copier account codes to maintain. The copier will only scan to the user's (who is logged into the copier) email or home folder that is listed in AD. It is also supposedly, be able to limited scanning either the logged in user or to email addresses that are part of the domain.

joneze
02-24-2009, 05:01 PM
I have set our test account, lets call it ScanUser, will full access to a network folder on our local P: drive. The P: drive is public for all users in my office, and in there I have created a folder called Scans.

I have used PageScope to configure the one-touch button on my 350 and the settings are as follows:

TX:PC (SMB) - this is set as the Com. Mode

IP Address: 1.2.3.4 (I have entered the IP address of our server)
File Path: ParentChildScan (this is actually P:ParentChildScan on our network)
UserName: ScanUser (this is the network account created for this only)
Password: ***** (entered in the AD password for this account)
Retype Password: ***** (re-entered in AD password)
File Type: PDF
Coding Method: MH

I get the following error message: ED09C7
This error indicates that the username/password is incorrect.

Does the user account ScanUser need more special priviledges, such as domain admin to store a file onto a shared folder that all users have full access to??

Thanks for your earlier reply.


I might be pointing out the obvious here but your file path on the setup of copier says Parent\Child\Scan this should just be the share name only not the full path.


Regards
Mark

johnj_01201
02-24-2009, 05:58 PM
Well, just so you know it is not just a username\password error. It is a basic "login failure" error. I know the service manual says differently, but it can mean any login failure.

/Public/Public-Data is how I have it entered on our 350

Standard Domain User, with the previosuly mentioned policy changes.

johnj_01201
02-24-2009, 07:10 PM
<snip>
I ended up applying the security policy changes to all the local security policies and domain policies as well as the policy for the domain controller. I also added the / prior to the share name and it seems to be working fine. I am still working on setting up a more private scan folder for the users, but am having trouble scanning to another existing share “Users Shared Folders” and think it may have to do with the spaces in the share name.
<snip>

Does anyone know about space or folder length or anything that might help here?
Thanks

i8smeian
12-19-2009, 06:54 AM
Hi all,

Is windows authentication, applicable also in printing aside scanning?

Hope i can get some help here. I am setting up new konica 350 to centralize printing, scanning to email with user authentication and account tracking through Windows Active Directory and LDAP services.

Appreciate a lot if you can post links or pdf guides on "how to".

thanks,

panchristo
12-12-2011, 09:13 PM
Thought I shouldn't create just another thread since my problem is really similar.

I administer a Bizhub350 in a local network (no Active directory) of PCs running Win XP (one Vista), a Mac and a Linux NAS (Fujitsu Celvin Q700).
I'm trying to setup Scan-To-FTP (to the NAS) but can't get it to work.
I have read similar threads and found out everything I've done so far is correct:
1)Logged via WEB interface to BizHub, Register FTP Server
2)Created the "Address shortcuts" on the Bizhub panel,

But when I perform a scan it returns error "Folder not found".
I once tested scaning to a PC running the Konica FTP Utility and worked fine but I need to do that to the Linux NAS instead.

However, after many attempts,

Logging in to the NAS I can see successful Logins, but no WRITE action.
I'm suspecting this has to do with how server path is declared in Network settings of Bizhub but can't get it solved.
Let's say I've created a share on the NAS called: scandoc where I want to save the scanned images.
Typing "scandoc" to the "File path" field doesnt' work. Does all of this have to do with the fact that the NAS runs on Linux? Is there something different in Linux as foar as paths are concerned (/ instead of \ or vice-versa?). I also spotted here that they prefix a sharename$ (https://wikis.uit.tufts.edu/confluence/display/KonicaMinoltaDocumentationProject/Scan+to+SMB+on+Konica+Minolta+Bizhub) when it comes to Scan-to-SMB. Is it somewhat similar or not?

Any help greatly appreciated in advance.

Custom Search