Adding a printer

Discussion in 'Server Networking' started by Joe, Nov 26, 2004.

  1. Joe

    Joe Guest


    I have a question please?Hopefully I can explain it well?

    I have one server and two XP Pro machines connected to it via 8 port switch
    and no router. the server has 2 nic cards.

    One is connected to the internet and the other is out to the 8 port switch.
    8 port switch to both machines.

    Both printers are connected to one of the XP machines via USB
    I have run the wizard in XP 2 on both to be able to share printers and files.

    The server is also set up as a Single VPN connection ( not VPN server) in
    from another XP machine 5 miles away

    Inside the network I can access all printers and print from any location
    inside the network. All is fine.

    I can also VPN in from the XP machine 5 miles away but I cannot get this
    machine to add the printer so I can print from at the remote location.

    This may not be possible?

    If so... Do I have to connect them directly to the server and then go from

    Joe, Nov 26, 2004
    1. Advertisements

  2. Joe

    Dana Brash Guest

    Hi Joe,

    Your remote client needs to have TCP/IP connectivity with the internal print
    server (in your case an XP client), and the user connecting needs to have
    permissions to use the printer that is shared on the print server. Name
    resolution is generally nice as well, though not strictly necessary.

    One way to do this is to make the remote XP client a member of your domain,
    and make sure the user logs on with proper credentials. One way to log your
    remote client in to the domain would be to use the 'Log On using Dial-up
    Networking' at the login prompt. Another would be to first log on to the
    remote client using a domain user's cached credentials (because the machine
    was already joined to the domain and that user logged into the machine while
    there), then make the VPN connection to the network.

    Either way, you'll then be logged into your office network with proper
    domain credentials. Make sure your VPN connection's TCP/IP properties are
    using your office network's DNS server(s). This will give you name

    Now test your VPN connection. Does ipconfig /all show your VPN connection
    with an IP address in the same subnet as your office network? Can you ping
    everywhere by IP? By Name? If not, you need to go back and make sure your
    VPN connection is configured properly at both the client and server.

    If you can ping everywhere by name, and you're logged in as a domain user,
    you can simply browse to the print server, right click on the shared
    printer, and choose 'connect'. If you don't have name resolution, well, you
    should probably fix that, but you could also browse to the print server by
    IP and connect to the print share that way. If you're using a static IP on
    your print server, you won't have to re-map the printer.


    Dana Brash

    Dana Brash, Nov 26, 2004
    1. Advertisements

  3. Joe

    Joe Guest

    Hello Dana,

    Thanks for your response.

    My server is not configured as a Domain controller it is a workstation. The
    Main internet nic is set to share the internet connection with the other XP

    So when I logon to one of the XP machines the user and password are the same
    on the server as on the machine I am logging onto.(there is a user account on
    the server too) is what I am saying.

    As for VPN I do get an IP but I didnot get it the way you said. I can access any file on the server but I cannot on any of the
    XP clients on the internal side of this. (downstream of the 8 port switch)

    All machines can access the server But the remote cannot access the XP
    internal Machines via VPN. I am not sure how to set this up. I am aware that
    if I had the Printers on the server itself I could easily add the printers.
    But I am trying not to load this server anymore that it already is.

    I probably do not have this configured as most would. Maybe I should?
    However everyhting works so well..

    Most appreciated,
    Joe, Nov 26, 2004
  4. Joe

    Dana Brash Guest

    Hi Joe,

    In a workgroup scenario, if your remote client is on the same workgroup and
    you're using the same username/password combination, your authentication
    will work as you expect it to. So this is not the problem.

    The IP address that you're getting is an APIPA address. This is the range
    that Windows will assign itself when it can not find a DHCP server to give
    it a proper address on the same subnet. As soon as you fix the process of
    leasing an address to your remote client, you will be on the same subnet and
    good to go. You having a 169.254.x.x IP address is indicative of the
    problem: you're on the wrong subnet because you don't have DHCP setup on the

    You don't really say what you're using as a VPN server, so it's hard to give
    you specifics on how to set that up. Look through your configuration for IP
    address assignment settings. Make sure you're using a DHCP server that
    exists, or you're assigning from a static pool on the same subnet as your
    internal network.



    Dana Brash

    Dana Brash, Nov 27, 2004
  5. Joe

    Joe Guest

    I want to thank you very much this is helping me tremendously.

    I am using a Server 2003 Enterprise machine (Sorry I got caught up in the

    It is configured as an IIS, Mail (non MS) and file server. I did not enable
    or "turn on" the DHCP as you have correctly spotted for me. I wanted to keep
    the configuration as simple as possible because only 4 machines will access
    this server. Two internally and two externally. It was (in my thoughts) to
    not use DHCP for simplicity.

    For VPN I ran the wizard on both server and remote client. I then manually
    set the IP's not knowing the were incorrect because everything
    worked as planned. Well... I guess until I tried to add a printer on the
    network : ) oops!

    If there is a way to get me on the right track I would love to try ; )
    I don't think I am that far off it seems?

    Thanks again
    Joe, Nov 28, 2004
  6. Joe

    Dana Brash Guest

    Hi Joe,

    You are very close. The only thing you need to do at this point is to
    configure RRAS to provide an address to the client. I would recommend
    installing DHCP on the server, as it's not large overhead and pretty easy to
    configure. You have a small network, but personally I'm lazy and prefer to
    make changes in one place instead of four wherever possible.

    How To Install and Configure a DHCP Server in a Workgroup in Windows Server

    Alternatively, you can just use RRAS with an address pool. In RRAS, right
    click the server, select Properties, on the IP tab choose either DHCP if you
    set up a server or if not choose Static Address Pool and add a range with
    addresses in the right subnet. Your VPN client should then receive an IP
    from the server.


    Dana Brash

    Dana Brash, Nov 28, 2004
  7. Joe

    Joe Guest

    Hello Dana,

    So before I install the DHCP should I remove the Internet connection sharing
    on the #1 nic to the internet?

    Thanks Dana, I will intall the DHCP after I confirm this with you

    Joe, Nov 28, 2004
  8. Joe

    Dana Brash Guest

    ICS?!? this is Jack kicking himself for not clueing in earlier... ;-)

    Yes, remove the ICS, and configure NAT in RRAS to provide internet to the
    internal clients. (right click on the server name in RRAS and tick the
    'Router' box, select the correct option below for your configuration,
    probably LAN only) Use the DHCP server to assign addresses to all clients,
    but the server will of course have a static IP.


    Dana Brash

    Dana Brash, Nov 28, 2004
  9. Joe

    Joe Guest

    Hello Dana,

    I ran the wizard to enable and confugure NAT but it has my firewall down I
    am worried I am not behind a router. I am able to also run the wizard on the
    xp machines internally and get connected to the internet again.

    I am kinda lost with NAT here I have never used it before. I set the
    addresses to a pool or scope.(right click Machine in RRAS >properties> etc. I
    do not think this is working because the nics in the xp machines are still at and so on

    I have not installed the DHCP either I am in over my head here and swimming
    I am not as savvy with Networking as in most areas of servers such as mail
    and IIS

    This might help
    my server is set like this DIRECTLY to the internet. (Public IP) nic #1

    The second nic the same server nic #2
    has been configured by nat ot the XP wizard "obtain an IP address

    THe nics ineach of the XP machines are the same wich turn up with
    addresses. I can get to the internet and print inside the net work I have not
    tried the VPN But the firewall scares me.
    So... where exactly am I ?
    Thank you
    Joe, Nov 28, 2004
  10. Joe

    Dana Brash Guest

    Hi Joe,

    One thing to consider may be getting a small hardware firewall/router with
    VPN capabilities. They usually have very simple interfaces, are quick to
    set up, and can be had for $100 or so. (remember you get what you pay for:
    do your homework and spend as much as you can). I prefer using Win2k3 RRAS
    if I have an extra machine (or ISA2004 if I have extra money) but I also
    prefer isolating my data as well. Having a server I keep information on
    with a publicly exposed IP address never sits well with me. That said.....

    I'm going to assume that this is a typo:
    and that you actually mean the Configure RRAS wizard in Win2k3....

    One recommendation I would have is that you shun the wizards at this point.
    Honestly, I don't use them at all (with one exception: I use the wizard for
    initial configuration of RRAS) so when you refer to them it's hard for me to
    make sure that you're taking the steps you need to. I have two problems
    with wizards. 1, they are basically a way to try to turn technical terms
    into 'English' for people that don't know the technology. That's fine for
    the Winword paperclip, but when you're setting up networking, it's actually
    an obfuscation for what's really going on. DO pay attention to the man
    behind the curtain, and you'll be a lot better off. 2, They really end up
    being the long way around. It's much easier for me to step into the TCP/IP
    properties on the NIC I want to configure and change my settings there.
    Interact with the settings directly: right click is your friend....

    A couple of key points:
    1. NAT does not give the clients IP addresses, DHCP does. Enabling NAT in
    RRAS is unrelated to the clients having APIPA (169.254.x.x) addresses,
    configuring the address scope in NAT should work though, and uses the DHCP
    protocol to configure clients. It isn't working because your PRIVATE NIC
    doesn't have a static IP (see 4). If you want to use DHCP instead of the
    static pool, make sure you read through and follow the instructions in the
    following link to enable DHCP, then set it up. I usually use DHCP, but
    either will work. This should get you going.

    How To Install and Configure a DHCP Server in a Workgroup in Windows
    Server 2003;en-us;323416

    2. "obtain an IP address automatically" MEANS "Find a DHCP server to assign
    your IP address, Subnet Mask, Default Gateway, DNS Server(s), NTP (time)
    servers, etc, etc., ad naseum..." i.e. all IP configuration information.
    If you tell your clients to find a server, you need to set up a server for
    them to get that information. The information that can be handed out using
    the address scope in RRAS is limited. Use a DHCP server for more robust
    control of your clients' IP configuration.

    3. RRAS in Win2k3 has a basic firewall in it that is every bit as good as
    any hardware router. I would also suggest enabling the firewall on the
    public and private NIC's, and then after you get everything running you can
    install a software firewall on this server as well. Zone Alarm Pro works
    great as a gateway firewall, and is just one of many options. You will also
    want to disable File and Print Sharing, as well as Client for MS Networks on
    the WAN NIC.

    4. The second NIC on your machine (the LAN, or Private NIC) needs to have a
    static IP address. Pick a private range, something common like,
    and make the subnet mask This is why the pool/scope you
    configured in RRAS is not working as well. Configure your PRIVATE NIC with
    a static IP and reconfigure RRAS, using either DHCP or a scope in the same
    subnet. The first NIC (WAN, or PUBLIC) is probably also configured to use
    DHCP to get it's address, and this is fine.

    You're going to need to do some reading. When all else fails, RTFM. I'm
    sorry, but other people have written better stuff than I can, and if you get
    a solid grasp on the fundamentals you'll save yourself many headaches. Here
    are some great places to start (I've included the searches to both point you
    to resources, and also because you may see something else in the results
    that's helpful):

    * from this search:

    How To Configure a VPN Server to Act as a Router in Windows Server
    2003(816573) - This article describes how to configure the Routing and
    Remote Access service to forward packets over the interface that is selected
    as the Internet or public interface after you configure a virtual private
    network (VPN) server. When you start the...;en-us;816573

    How To Allow Remote Users to Access Your Network in Windows Server
    2003(323381) - This step-by-step article describes how to configure a
    computer that is running Windows Server 2003 to allow remote users to
    establish an encrypted channel to a corporate network. Users can connect to
    a remote access server through a dial-up...;en-us;323381

    * from this search Configuration&x=0&y=0&srch=sup&range=21-40

    How to configure Network Address Translation in Windows Server
    2003(816581) - about how to configure a NAT server324264HOW TO: Configure a
    NAT server in Windows Server 2003 For additional information about how to
    configure a NAT server, click the following article number to view the
    article in the Microsoft Knowledge Base:...;en-us;816581

    * from this search: and ~ good overview, but dated ~ Great article with plenty of pictures.


    Dana Brash

    Dana Brash, Nov 28, 2004
  11. Joe

    Joe Guest

    Hello Dana,

    Yes this is a typo:
    I'm going to assume that this is a typo:
    and that you actually mean the Configure RRAS wizard in Win2k3....

    Sorry I noticed after the post.

    I want to say thanks for taking the time for all that typing because you
    have definitley cleared up a lot of confusion. Your time is very valuable to

    #4 of your answer- has the answer. I did not know what subnet I had to use.
    Also my IP on NIC #1 is a static IP from my ISP it is manually configured.
    (all ISP assigned)


    I agree about the wizards. I usally shy away from them also. But in this
    case I had to get as educated and as much help as possible.

    There are things I cannot answer in the NAT RRAS setup about DNS
    servers(lack of knowlegde). I understand DNS but I have no DNS servers. I
    only have my ISP's There are none internally.

    If you refer to #8 in the KB323416 about DHCP and Worksatation on page 2 (I
    printed it). This is one I cannot answer.
    #7 is also, I do not know the default GTWay or if i am to make one up?
    #5 is quite explanitory but do exclude my Servers static public IP?

    I had used This is probably my error for subnet.

    Since my last post I did enable the DHCP and I then rebooted the server.
    When I return to the console for DHCP the server it is no longer there? wierd?

    Ok so do I have to give the second nic a static IP
    such as
    what would the second nic's subnet be?
    gateway? ??
    DNS ???

    Now last, but not least, how would you configure each nic on the XP machines
    internally? or would the DHCP handle this?

    These links you have provided are fabulous!-Thank you!
    I will look them over carefully
    Joe, Nov 28, 2004
  12. Joe

    Dana Brash Guest

    Hi Joe,

    Follow the links. All the answers are there. There are also some diagrams
    that should make the addressing scheme clear. Particularly see: ~
    Great article with plenty of pictures.


    Provide your ISP's DNS Server information in DHCP. Configure your Static IP
    on PRIVATE NIC before configuring DHCP. Using ISP's static IP information
    on PUBLIC NIC is fine, of course.

    #5 Exclusions apply to IP addresses in the same subnet only
    #7 PRIVATE NIC is you're Clients' default Gateway
    #8 starts with " If you are using DNS servers on your network " so doesn't
    apply to you.

    Configure all clients to use DHCP.


    Dana Brash
    Great article with plenty of pictures.
    Dana Brash, Nov 28, 2004
  13. Joe

    Joe Guest

    Hello Dana,

    I have followed the links and yes you are correct this was great
    you tell me what the demand dial interface means in the first part of this
    tutorial? Do I have this?

    When I configured mine earlier today it did not have this screenshot. It
    asked for VPN and NAT or Just NAT or a few others and I chose VPN and NAT.
    Well when I try again I will follow this tutorial.

    Thank You
    Joe, Nov 29, 2004
  14. Joe

    Dana Brash Guest

    Hi Joe,

    Demand dial lets you use a modem as your ISP. You can configure the demand
    dial to be always on, or if you are concerned about using too many minutes,
    you can have it time out and disconnect. When a client tries to connect, it
    will re-dial the modem connection to provide internet service to the client.
    I believe you do not have this since you are using a static IP assigned by
    your ISP.

    All the best,


    Dana Brash

    Dana Brash, Nov 29, 2004
  15. Joe

    Joe Guest

    Well Dana I got It!

    I have configured the NAT and I didn't use DHCP. I used section 2 of the KB
    article on" how to set up NAT in windows server 2003." 816581

    Ok However I do have two small issues maybe you can shortcut this.

    I have opened all ports on the VPN and can connect. However I am still
    unable to add the printer.

    I cannot type
    \\Server_name\c$ or any thing by name just IP which is now
    But I can type the IP and sharename and access files
    almost there!

    I have also found the firewall works good too = )

    Do I have to add a user from the remote client onto the server?

    So how do I get this to see the printer? Add a share name to the printer?

    Thank you Dana
    Joe, Nov 29, 2004
  16. Joe

    Dana Brash Guest

    All Right!! That's great!

    Connecting to the printer by IP will work fine for you, and the reason that
    you can't connect to it by name is that you're blocking NetBIOS broadcasting
    (like you should be).
    If you want to connect to the printer using servername instead of IP, you
    could add an entry in your HOSTS file, which would probably be the easiest
    way. Use Notepad to edit: c:\windows\system32\drivers\etc\HOSTS and add the
    entry similarly to the entry for the localhost address.
    i.e.: servername

    You also need to make sure you're sharing the printer out on the print
    server. Again, right click on the printer and go to properties. Look to
    the sharing tab, and it's pretty self explanatory. You should then be able
    to browse to \\servername\printsharename from the remote client, see the
    shared printer, right click on it and then choose connect. This will
    install the printer on the remote client so that you can then use it from
    your applications as you would a directly connected printer.

    HOWEVER, since the print server machine is configured to use DHCP (which the
    RRAS server is configured to supply address allocations from the static pool
    you configured), there is a remote (VERY remote considering the size of your
    network) chance that the IP address of the print server will change. So
    remote is the chance, in fact, that I wouldn't worry about it changing, just
    remember that in the future if you're having problems to confirm that your
    remote client's HOSTS file is reflecting the right IP.

    Regarding the user issue, since you're in workgroup mode, if you're logging
    on to the remote client with a username and password that matches a username
    and password on the print server, it will authenticate as such. Otherwise,
    it should prompt you for credentials, though I can't be 100% sure of that.
    Behavior of the remote client in this regard should be the same as the
    clients directly on the LAN.

    Happy printing! ;-)


    Dana Brash

    Dana Brash, Nov 29, 2004
  17. Joe

    Joe Guest

    Hello Dana
    I am sorry to say I am in no better shape than when we first started I
    cannot get to the printers on the XP machine. I am only able to remote in to
    the server and that is all?

    This maybe a better question because I have the exact same issue as I did
    before NAT and RRAS.
    (Please keep in mind internally I have no problem whatsoever seeing these
    printers and adding them even to the MAIN server it is only
    with the remote machine)

    How would I look for this printer?
    The IP of the server not print server.

    On the VPN connection is: From remote PC

    The IP of the machine the printers are on is: Internally from 8 port switch

    They are both shared
    Sharename is: HP5600
    SHarename is: HP845c

    It appeares to me that RRAS and NAT didn't help at all? Just more confusing.
    In my thoughts if VPN can "roam" on the server why cant it see the other PC's?

    Joe, Nov 29, 2004
  18. Joe

    Joe Guest


    I have a nifty litle site that I use for cases like this please go here and
    look at the
    "error gallery" from the first dropdown navigation box.

    You will see the error from the VPN remote machine in pictures.

    I hope you like this
    Joe, Nov 29, 2004
  19. Joe

    Joe Guest

    Joe, Nov 29, 2004
  20. Joe

    Joe Guest

    Well I have been trying for a week now,and posted three days ago

    I deeply appreciate your help.It was excellent information.
    But my server or network will not cooperate. It's like an old bar hag trying
    to break her
    drinking problem. SHe just ain't gonna do it!

    But I have tried everything possible except connecting the printer to the
    server itself.

    I know this will work because I have done it before.

    I am worn out
    I hope to hear from you again on sometime Dana!

    Joe, Nov 29, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.