PDA

View Full Version : Error Code Scan error with smb protocol on Windows 10


Custom Search


DiVallelunga_Makhymo
05-30-2018, 11:04 AM
Hi,

it is from several days that we find problems in programming the scan using the SMB protocol due to the latest updates of Windows 10, therefore having to change the sending protocol in FTP. Has anyone managed to solve this problem with SMB?

Thank you.

mincopier
05-30-2018, 12:49 PM
What model machine are you scanning from? It might be to old to scan to a modern OS.

Windows 10 has been disabling SMB V1 with updates. Some machines cannot use SMB V2/V3. Firmware updates on the Konicaminolta will sometimes fix this issue. You can also go into Administrator mode, Network settings, SMB Client settings. Enable NTLM V1/V2.

In th folder properties on the sharing make sure the account being used for authentication has permissions for this folder. Have seen instances where that even though sharing was allowed for the folder if the permissions were not correct in the properties of that folder scanning did not work.

Last thing to try is Control panel, Programs features, left panel Turn Windows Features On and Off, and turn SMB V1 back on. Keep in mind that Microsoft is turning this off because of a security risk and by enabling you could be exposing the computer to problems. Personally I feel if the problem gets past the company firewall there are bigger problems then enabling SMB V1. Never the less use caution.

There are some Windows 10 computers that no matter what we did SMB would not work.

Phil B.
05-30-2018, 02:44 PM
What model machine are you scanning from? It might be to old to scan to a modern OS.

Windows 10 has been disabling SMB V1 with updates. Some machines cannot use SMB V2/V3. Firmware updates on the Konicaminolta will sometimes fix this issue. You can also go into Administrator mode, Network settings, SMB Client settings. Enable NTLM V1/V2.

In th folder properties on the sharing make sure the account being used for authentication has permissions for this folder. Have seen instances where that even though sharing was allowed for the folder if the permissions were not correct in the properties of that folder scanning did not work.

Last thing to try is Control panel, Programs features, left panel Turn Windows Features On and Off, and turn SMB V1 back on. Keep in mind that Microsoft is turning this off because of a security risk and by enabling you could be exposing the computer to problems. Personally I feel if the problem gets past the company firewall there are bigger problems then enabling SMB V1. Never the less use caution.

There are some Windows 10 computers that no matter what we did SMB would not work.

BEFORE you go turning SMB 1 back on .. I would get with the customers IT ( or manager if no it ) and tell them of the RISK to their network if you turn it back on.

Search CTN there are other work arounds for this issue.

DiVallelunga_Makhymo
05-30-2018, 03:58 PM
Enabling SMB 1 has returned to work (restarting the PC). I will present it to IT!

Thanks for the support.

Phil B.
05-30-2018, 08:48 PM
Enabling SMB 1 has returned to work (restarting the PC). I will present it to IT!

Thanks for the support.

now you have enabled a RansomWare or Virus to be able to get into their network.

Hope your boss has DEEP Pockets!

jotunn
05-30-2018, 10:45 PM
now you have enabled a RansomWare or Virus to be able to get into their network.

That's not true... most RansomWare/viruses need "retarded" users interaction to get into the local network - like opening any "invoice" e-mail attachment.
In normal cases your local network is behind NAT/firewall, so there is no way to use SMB as an attack vector from Internet.
In some cases SMBv1 can help to spread RansomWare inside your local network - but attack is usually limited to shared folders. SMB is not the main problem, the problem is with sharing whole drive without password at all, with write access to everyone.

mincopier
06-01-2018, 03:42 AM
Since turning SMBV1 fixed the immediate problem, not is the time to fix the next issue. As I said before this opens the computer to a security risk and needs to be used with caution. Upgrade the firmware of the machine so that it is capable of SMBV2/V3.

Phil B.
06-01-2018, 08:49 PM
That's not true... most RansomWare/viruses need "retarded" users interaction to get into the local network - like opening any "invoice" e-mail attachment.
In normal cases your local network is behind NAT/firewall, so there is no way to use SMB as an attack vector from Internet.
In some cases SMBv1 can help to spread RansomWare inside your local network - but attack is usually limited to shared folders. SMB is not the main problem, the problem is with sharing whole drive without password at all, with write access to everyone.

no you are incorrect.

search CTN for that issue and in INDUSTRY NEWS there were SEVERAL reports from national printer security people giving the 411 on the poop.

Phil B.
06-01-2018, 08:50 PM
Since turning SMBV1 fixed the immediate problem, not is the time to fix the next issue. As I said before this opens the computer to a security risk and needs to be used with caution. Upgrade the firmware of the machine so that it is capable of SMBV2/V3.

some of the older machines cannot use anything but SMB1

mincopier
06-01-2018, 10:27 PM
some of the older machines cannot use anything but SMB1

I realize that older machines may not be able to use SMBV1. But the Original Poster never mentioned the model of the machine so that we would know whether the machine can or cannot be upgraded to use SMBV2/V3.

wjurls
06-01-2018, 10:56 PM
KM "4e" series will support SMB 2.0 with a simple firmware update. "4" "non-e" can be brought up to latest through a complicated multi step firmware upgrade, backup procedure. Older machines will not support anything except SMB 1.0

I wouldn't enable SMB 1.0 unless the customer specifically requests it. Then have them sign a disclaimer.

All "8" series support SMB 2.0 out of the box.

T_foot2
08-03-2018, 08:12 PM
KM "4e" series will support SMB 2.0 with a simple firmware update. "4" "non-e" can be brought up to latest through a complicated multi step firmware upgrade, backup procedure. Older machines will not support anything except SMB 1.0

I wouldn't enable SMB 1.0 unless the customer specifically requests it. Then have them sign a disclaimer.

All "8" series support SMB 2.0 out of the box.

I have 454e's that are giving me trouble scan to smb what is the firmware need to fix?

Thanks
Terry

mincopier
08-05-2018, 01:27 PM
I have 454e's that are giving me trouble scan to smb what is the firmware need to fix?

Thanks
Terry

On the "e" series of these machines it is best to just upgrade to the latest firmware and not worry about a specific version.

With that being said there have been a few windows 10 computers that have refused to do SMB no matter what we tried, other than SMB V1 being enabled. With that being said I'm still a firm believer that if ransomware is getting to the PC IT needs a better firewall. Not saying all firewall's will stop ransomware. But if it can be proven that something we did directly results in a company losing money we, or the company we work for, can be sued for loss and damages. These machines have multiple ways of scanning for a reason. One or more should be bale to work with in IT's guidelines. SMB, FTP, HDD of copier, Email. Machine can also do Webdav but I have not had success with it.

Phil B.
08-06-2018, 03:35 PM
That's not true... most RansomWare/viruses need "retarded" users interaction to get into the local network - like opening any "invoice" e-mail attachment.
In normal cases your local network is behind NAT/firewall, so there is no way to use SMB as an attack vector from Internet.
In some cases SMBv1 can help to spread RansomWare inside your local network - but attack is usually limited to shared folders. SMB is not the main problem, the problem is with sharing whole drive without password at all, with write access to everyone.

funny you are the ONLY one that seems to feel SMB1 is not a problem ( that is including ALL hardware manufacturers ... MicroSoft ... Cisco et al ) you must be one hellofa tech!

Custom Search