PDA

View Full Version : Konica 361 CAC Set Up issue


Custom Search


AFITguy
07-31-2013, 07:47 PM
Good afternoon everyone!

I am a government IT guy that has recently got put in charge of supporting all of the multi function devices for our command. They include a few Konica's and a bunch of Ricoh MFD's. The Ricoh's I know very well and have set many of them up now but I am having a problem with one of the Konica Minolta's and the cac set up portion.

I have a working two working ones that I basically mirrored the settings off of and it keep failing when it tries to authenticate the CAC card. It shows a message at the top that says trying to contact external server for a split second then goes to failed. I can remote in to the MFD and also myself and other users can print to it with no issues. I have verified all of my settings and made sure that the Time is set correctly and within 10 seconds. I have no clue what else to do at this point so any help would be appreciative!!!

gl0ryh0und
07-31-2013, 08:47 PM
Ensure that the DNS servers and domain entries are correct. I have seen these devices fail to make out going connections if the DNS entries are not populated and correct. Also ensure that the protocals used by CAC are enabled on the 361, by default a number of protocols are disabled. That's where I would start, I can't speak directly about CAC, I don't have a single one in my fleet of 700+ 361s.

AFITguy
07-31-2013, 08:52 PM
Ensure that the DNS servers and domain entries are correct. I have seen these devices fail to make out going connections if the DNS entries are not populated and correct. Also ensure that the protocals used by CAC are enabled on the 361, by default a number of protocols are disabled. That's where I would start, I can't speak directly about CAC, I don't have a single one in my fleet of 700+ 361s.

I have tripled checked the DNS and domain entries to make sure.

How can I check to make sure that the protocols are enabled?

Thanks

gl0ryh0und
08-01-2013, 02:29 PM
What is the Option you have installed to achieve the functionality? AU101, 201, 201H/Cardman5125, 204H or 211P?
Pretty sure some of those are biometric, but just covering all my basis.

AFITguy
08-01-2013, 02:34 PM
What is the Option you have installed to achieve the functionality? AU101, 201, 201H/Cardman5125, 204H or 211P?
Pretty sure some of those are biometric, but just covering all my basis.

See, I am not 100%. I'm not a actual Konica technician. We had one come out to help us set it up, but he wasn't very helpful. All he said is everything is fine on his end and the rest it up to us. Well I am 100% all of my settings are correct and there is nothing wrong with the network port or anything like that. It has to be either a option or like you said protocol that is not turned on or enabled. I'm pretty tech capable, so if could tell me how to check anything that may need to be looked at that would be great.

Thanks!

gl0ryh0und
08-01-2013, 02:57 PM
well I have access to all the documents for all these options, but for me to root through all of them.. hmm

I'm not seeing anything in the hardware setup that would could lead to the problem you described.

Assuming that it is the AU-201H which seems to be the standard one for the BH361
Is the card reader of the slotted variant that you insert the card into, or is it a proximity looking unit?

AFITguy
08-01-2013, 03:04 PM
well I have access to all the documents for all these options, but for me to root through all of them.. hmm

I'm not seeing anything in the hardware setup that would could lead to the problem you described.

Assuming that it is the AU-201H which seems to be the standard one for the BH361
Is the card reader of the slotted variant that you insert the card into, or is it a proximity looking unit?

It's a slotted one, model SCR3310. I took it off of a working bizhub 361 just to test with it.

gl0ryh0und
08-01-2013, 03:26 PM
connect to the device through the web connect.. <the hostname or IP in the browser on a connected PC.>
login as administrator,

Wait! before I go too far, have you tried pinging another device on your network from the control panel of the copier?
Utility -> Administrator -> Network -> page 2/2 -> Detail Settings -> Ping confirmation
Make sure your copier can even get a response from the server, if ping is disabled on your network, then arrange for a successful test and then close it up.
If you can't even ping outwardly then the problem is not at the device. Or at the DNS but you've tried all that already.

proceed to verify the authentication settings in the Authentication menu, I would presume you are authenticating via kerberos/AD?
I'm sure I'm going through things you have done a few times already.
If you are using something other than AD what is it? what protocols are utilitzed? NTLM? V1 V2?
LDAP ?
If so, ensure that the protocol is properly configured in the Network tab.
You may need to setup your LDAP or NTLM client settings.
Is WINS going to be a factor in your setup, granted it probably shouldn't.

So basically I would go through, setup and enable every protocol. There should be no reason for it not working now.
Then systematically disable each protocol you aren't using until you break it, re-enable that protocol and proceed onto the other protocols until you have eliminate all the un-useful ones.

This all assumes that you are not using a third party server application to manage all the users, IE a vendor specific fleet management package.

AFITguy
08-01-2013, 03:55 PM
connect to the device through the web connect.. <the hostname or IP in the browser on a connected PC.>
login as administrator,

Wait! before I go too far, have you tried pinging another device on your network from the control panel of the copier? Yes, I have pinged successfully from it.
Utility -> Administrator -> Network -> page 2/2 -> Detail Settings -> Ping confirmation
Make sure your copier can even get a response from the server, if ping is disabled on your network, then arrange for a successful test and then close it up.
If you can't even ping outwardly then the problem is not at the device. Or at the DNS but you've tried all that already.

proceed to verify the authentication settings in the Authentication menu, I would presume you are authenticating via kerberos/AD? Correct, it verifies through AD
I'm sure I'm going through things you have done a few times already.
If you are using something other than AD what is it? what protocols are utilitzed? NTLM? V1 V2?
LDAP ?
If so, ensure that the protocol is properly configured in the Network tab.
You may need to setup your LDAP or NTLM client settings. We don't use those.
Is WINS going to be a factor in your setup, granted it probably shouldn't. I'm not sure, I know on my Ricoh MFD's I have to input WINS, but I didnt see any option for it on the Konica, nor the two working Konica's.

So basically I would go through, setup and enable every protocol. There should be no reason for it not working now. Are you talking about in Security - > PKI Settings - > Protocol Setting ?? None of them are enabled on the 2 known working
I can enable all of them though to test, do I just create one with the cert in the machine? Will I have to actually configure them? ones

Then systematically disable each protocol you aren't using until you break it, re-enable that protocol and proceed onto the other protocols until you have eliminate all the un-useful ones.

This all assumes that you are not using a third party server application to manage all the users, IE a vendor specific fleet management package.

I put all of my answers/questions in red next to your info.

gl0ryh0und
08-01-2013, 04:21 PM
WINS can be setup under the SMB menu under the network tab in Web Connect.
Sometimes the BizHub 361s pickup the WINS automatically sometimes they don't.

It's worth a look I've seen it affect some AD profile activity before, so perhaps it's the culperit.

I would ignore the PKI.. if you have two working BizHubs then I would trust the disabled settings there.

AFITguy
08-01-2013, 04:33 PM
WINS can be setup under the SMB menu under the network tab in Web Connect.
Sometimes the BizHub 361s pickup the WINS automatically sometimes they don't.

It's worth a look I've seen it affect some AD profile activity before, so perhaps it's the culperit.

I would ignore the PKI.. if you have two working BizHubs then I would trust the disabled settings there.

One other thing I just noticed while messing with it, after I put in my PIN for my CAC it errors out very quickly. I thought I read somewhere that if it can load up to three progress bars, if it errors on the first one it means something, second and third mean something else. It is erroring out on the first progression bar, sometimes sooner. Its like its not even trying to contact the server??

It looks like WINS is NOT supposed to be set, I checked the others and it is not set on those either.

gl0ryh0und
08-01-2013, 08:24 PM
WINS not being set makes sense.. but why do your Sharp devices need it to be set to work??

You also mentioned that you have BizHubs that work.. 361s I presume?

If so check the ROM versions on the working ones with the failing ones, make sure they are the same. If not get the Konica tech back to rectify that.

Also with the BH361s I see that they get a special driver loaded in the firmware to allow this option to work, it might not hurt to reload that driver, again something the technician will likely have to do.

I've looked on the knowledge database and didn't see anything similar to what you describe, however my experience with that option is pretty much non-existent so I may be looking in the wrong place/way for the right answers.

Sorry I couldn't be more helpful.

AFITguy
08-01-2013, 08:51 PM
WINS not being set makes sense.. but why do your Sharp devices need it to be set to work??

You also mentioned that you have BizHubs that work.. 361s I presume?

If so check the ROM versions on the working ones with the failing ones, make sure they are the same. If not get the Konica tech back to rectify that.

Also with the BH361s I see that they get a special driver loaded in the firmware to allow this option to work, it might not hurt to reload that driver, again something the technician will likely have to do.

I've looked on the knowledge database and didn't see anything similar to what you describe, however my experience with that option is pretty much non-existent so I may be looking in the wrong place/way for the right answers.

Sorry I couldn't be more helpful.

You have been very helpful! The ROM versions are different. I called to get a tech back out here to see if he can straighten that out and I will ask him to reload the driver as well.

Gort
08-02-2013, 04:55 AM
Check this thread: http://www.copytechnet.com/forums/konica-minolta/76739-bizhub-363-cac-piv-setup-issue.html

Custom Search