networked printer stops communicating after SBS connection

Discussion in 'Windows Small Business Server' started by Greg Kirkpatrick, Jul 6, 2006.

  1. Very small business: 2 laptops, 1 desktop, and an HP Color Laserjet 2600n (as
    in networked) printer.

    Until the SBS server is added, each can print to the Laserjet (which is at
    192.168.16.3).

    The SBS server is located at 192.168.16.2 -- on the internal NIC.

    Now, all of the clients show that the Windows Firewall is turned OFF, and
    that it is being controlled by Group Policy.

    Further, the HP is no longer accessible to the clients, even though all are
    connected to a switch on the inside of the SBS server's internal NIC.

    The laptops and the desktop are pulling IPs from the SBS server's DHCP
    (192.168.16.10, etc.).
     
    Greg Kirkpatrick, Jul 6, 2006
    #1
    1. Advertisements

  2. Did the Printer accidentally Grab a new IP?
    If you put http://PrintersIP/ Does anything show up?

    Russ

    --

    Russell Grover
    SBITS.Biz
    Enterprise Solutions for Small Business
    Microsoft Certified Small Business Specialist.
    MCP, MCPS MCNPS, (MCP-SBS)
    Portland/Beaverton Oregon USA
    Support @ SBITS.Biz
    http://www.SBITS.Biz
     
    Russ - SBITS.Biz \(MCP-SBS\), Jul 6, 2006
    #2
    1. Advertisements

  3. No, the printer did not change its IP, as I assigned it manually to
    192.168.16.3 (which was one of the excluded IPs in the Scope) -- I did
    confirm that on the printer itself. At the moment, none of the three
    workstations will ping to that address (and they did prior to joining the
    domain).

    http://PrintersIP/ is a new one for me -- I will try that in about 2 hours,
    but given that none can ping, I doubt that will show anything.

    I forgot to mention -- this is SBS 2003 Premium SP1, but ISA 2004 has not
    yet been installed. It was necessary for me to disable the 2nd NIC on the
    server, so ConnectComputer would work, and the 2nd NIC has not yet been
    re-enabled, nor has the DSL router/modem been attached yet (that gets
    installed on 7/7/6).

    What is curious is that the workstations say that Windows Firewall is OFF,
    despite the obvious firewall block of the printer. Two of the three use
    Windows Live OneCare, the 3rd uses McAfee, but all were printing to the HP
    prior to joining the domain.
     
    Greg Kirkpatrick, Jul 6, 2006
    #3
  4. It just hit me -- the reason the firewall is showing disabled is due to
    server's 2nd NIC being disabled.

    I'm going to rerun CEICW after enabling the 2nd NIC.
     
    Greg Kirkpatrick, Jul 6, 2006
    #4
  5. and then give us the output of IPConfig /all from the server and one
    workstation, please.
     
    SuperGumby [SBS MVP], Jul 6, 2006
    #5
  6. CEICW has been rerun several times, each time marking the firewall to be
    turned ON, but when it finishes, the workstations still show the firewall OFF
    (even after reboot).
    Here are the ipconfig's -- for the SBS2003 Premium and the first desktop.
    Note: ISA 2004 is not installed.

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : server
    Primary Dns Suffix . . . . . . . : mycompany.local
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : Yes
    WINS Proxy Enabled. . . . . . . . : Yes
    DNS Suffix Search List. . . . . . : mycompany.local

    Ethernet adapter Local Area Network Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
    Physical Address. . . . . . . . . : 00-E0-81-5C-61-F7
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.16.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : 192.168.16.2
    Primary WINS Server . . . . . . . : 192.168.16.2

    Ethernet adapter Internet Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
    Physical Address. . . . . . . . . : 00-E0-81-5C-61-F8
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.1.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DNS Servers . . . . . . . . . . . : 192.168.16.2
    Primary WINS Server . . . . . . . : 192.168.16.2
    NetBIOS over Tcpip. . . . . . . . : Disabled

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : desktop1
    Primary Dns Suffix . . . . . . . : mycompany.local
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : mycompany.local
    mycompany.local

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . : mycompany.local
    Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet
    Adapter (Generic)
    Physical Address. . . . . . . . . : 00-C0-F0-32-32-93
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 192.168.16.21
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.16.1
    DHCP Server . . . . . . . . . . . : 192.168.16.2
    DNS Servers . . . . . . . . . . . : 192.168.16.2
    Primary WINS Server . . . . . . . : 192.168.16.2
    Lease Obtained. . . . . . . . . . : Thursday, July 06, 2006 8:58:49 AM
    Lease Expires . . . . . . . . . . : Friday, July 14, 2006 8:58:49 AM
     
    Greg Kirkpatrick, Jul 6, 2006
    #6
  7. I presume that's a typo on the desktop1 IP config:

    Default Gateway . . . . . . . . . : 192.168.16.1

    (should be: 192.168.16.2)
     
    Merv Porter [SBS-MVP], Jul 6, 2006
    #7
  8. The firewall setting during the CEICW does not control the Windows Firewall
    on either the Server or Workstations.

    If ISA is installed it configures ISA, if not it configures RRAS NAT, in
    both cases on the server only. It does nothing to workstations.

    Except for the workstation(s) having 16.1 as default gateway the IPConfigs
    look good (I'm supposing the info is a strict cut-paste, no adjustments so
    no typo's) but the fact that the workstations are getting the wrong info
    when acting as a DHCP client means we need to look elsewhere.

    Run the 'Change Server IP' wizard from the Internet and Networking branch of
    the SBS console. Put the server's internal NIC into a different subnet (say
    192.168.33.x) and then run the wiz again to come back to this subnet. The
    wiz not only changes the IP but also ensures various services are properly
    configured (including, but not limited to, DHCP & DNS).
     
    SuperGumby [SBS MVP], Jul 6, 2006
    #8
  9. Ok, I tried this -- serveral times. Changed server IP to 192.168.33.2, then
    again to 192.168.16.2, then again to 192.168.33.2 -- no effects.

    I changed the printer to 192.168.33.3 and its Gateway setting to
    192.168.33.2 .

    I tried using Group Policy Object Editor, and changed each of the Windows
    Firewall settings (for Domain and Standard) to "Disabled" -- including
    allowing an exception for port 9100 -- used gpudate /force to apply that,
    then used GPO Editor to reset those to appropriate settings, and used
    gpupdate /force again.

    I still cannot ping the network printer, let alone set it up using its
    software.

    I used to be able to do this, when the desktops were connected to a switch,
    and IPs were manually set (prior to adding the server, and using
    connectcomputer).

    Here are a couple of text files, which may help to identify the cause of this:

    These two successive reports are from event logs:

    Windows Defender Real-Time Protection agent has detected potential malware.
    For more information please see the following:
    http://www.microsoft.com
    Scan ID: {1CEB0473-FC01-40CA-AB1D-B1BB0DA69E96}
    User: mycompany/laptop2
    Threat Name: Unknown
    Threat Id:
    Threat Severity:
    Threat Category:
    Path Found: driver:HPJNDIS5;file:D:\PortMonitor\hpjndis5.sys
    Threat Classification: Unknown
    Detection Type:


    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.

    -------------------------------

    Windows Defender Real-Time Protection agent has taken action to protect
    this machine from potential malware.
    For more information please see the following:
    http://www.microsoft.com
    Scan ID: {12F31AD3-3002-4FC9-8983-8EF9B14F9ECA}
    User: mycompany\laptop2
    Threat Name: Unknown
    Threat Id:
    Threat Severity:
    Threat Category:
    Threat Classification: Unknown
    Action: Ignore


    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.

    ---------------------

    This is a netsh report:

    netsh firewall show state verbose=enable

    Firewall status:
    -------------------------------------------------------------------
    Profile = Domain
    Operational mode = Disable
    Exception mode = Enable
    Multicast/broadcast response mode = Disable
    Notification mode = Enable
    Group policy version = Windows Firewall
    Remote admin mode = Disable
    Scope: *

    Local exceptions allowed by group policy:
    -------------------------------------------------------------------
    Open ports = Enable
    Allowed programs = Enable

    Log settings:
    -------------------------------------------------------------------
    File location = C:\WINDOWS\pfirewall.log
    Max file size = 4096 KB
    Dropped packets = Disable
    Connections = Disable

    Service settings:
    Mode Customized Name
    -------------------------------------------------------------------
    Enable No File and Printer Sharing
    Scope: *
    Enable No UPnP Framework
    Scope: *
    Enable No Remote Desktop
    Scope: *

    Program exceptions:
    Mode Local policy Name / Program
    -------------------------------------------------------------------
    Enable Yes QuickBooks 2006 Data Manager / C:\Program
    Files\Intuit\QuickBooks 2006\QBDBMgrN.exe
    Scope: *
    Enable Yes Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
    Scope: *

    Port exceptions:
    Port Protocol Local policy Mode Name / Service type
    -------------------------------------------------------------------
    137 UDP No Enable NetBIOS Name Service / File and
    Printer Sharing
    Scope: *
    138 UDP No Enable NetBIOS Datagram Service / File and
    Printer Sharing
    Scope: *
    139 TCP No Enable NetBIOS Session Service / File and
    Printer Sharing
    Scope: *
    445 TCP No Enable SMB over TCP / File and Printer
    Sharing
    Scope: *
    1900 UDP No Enable SSDP Component of UPnP Framework /
    UPnP Framework
    Scope: *
    2869 TCP No Enable UPnP Framework over TCP / UPnP
    Framework
    Scope: *
    3389 TCP No Enable Remote Desktop / Remote Desktop
    Scope: *
    9100 TCP Yes Enable HP Laserjet / None
    Scope: *
    10243 TCP Yes Enable Windows Media Connect / None
    Scope: LocalSubNet
    10280 UDP Yes Enable Windows Media Connect / None
    Scope: LocalSubNet
    10281 UDP Yes Enable Windows Media Connect / None
    Scope: LocalSubNet
    10282 UDP Yes Enable Windows Media Connect / None
    Scope: LocalSubNet
    10283 UDP Yes Enable Windows Media Connect / None
    Scope: LocalSubNet
    10284 UDP Yes Enable Windows Media Connect / None
    Scope: LocalSubNet

    Ports currently open on all network interfaces:
    Port Protocol Version Program
    -------------------------------------------------------------------
    10243 TCP IPv4 (null)
    Scope: LocalSubNet
    10280 UDP IPv4 (null)
    Scope: LocalSubNet
    10281 UDP IPv4 (null)
    Scope: LocalSubNet
    10282 UDP IPv4 (null)
    Scope: LocalSubNet
    10283 UDP IPv4 (null)
    Scope: LocalSubNet
    10284 UDP IPv4 (null)
    Scope: LocalSubNet
    137 UDP IPv4 (null)
    Scope: *
    139 TCP IPv4 (null)
    Scope: *
    138 UDP IPv4 (null)
    Scope: *
    3389 TCP IPv4 (null)
    Scope: *
    445 TCP IPv4 (null)
    Scope: *
    2869 TCP IPv4 (null)
    Scope: *
    1900 UDP IPv4 (null)
    Scope: *
    9100 TCP IPv4 (null)
    Scope: *

    ICMP settings for all network interfaces:
    Mode Type Description
    -------------------------------------------------------------------
    Disable 2 Allow outbound packet too big
    Disable 3 Allow outbound destination unreachable
    Disable 4 Allow outbound source quench
    Disable 5 Allow redirect
    Enable 8 Allow inbound echo request
    Disable 9 Allow inbound router request
    Disable 11 Allow outbound time exceeded
    Disable 12 Allow outbound parameter problem
    Disable 13 Allow inbound timestamp request
    Disable 17 Allow inbound mask request

    Additional ICMP settings on Wireless Network Connection:
    Mode Type Description
    -------------------------------------------------------------------
    Disable 2 Allow outbound packet too big
    Disable 3 Allow outbound destination unreachable
    Disable 4 Allow outbound source quench
    Disable 5 Allow redirect
    Disable 8 Allow inbound echo request
    Disable 9 Allow inbound router request
    Disable 11 Allow outbound time exceeded
    Disable 12 Allow outbound parameter problem
    Disable 13 Allow inbound timestamp request
    Disable 17 Allow inbound mask request

    Additional ICMP settings on Local Area Connection:
    Mode Type Description
    -------------------------------------------------------------------
    Disable 2 Allow outbound packet too big
    Disable 3 Allow outbound destination unreachable
    Disable 4 Allow outbound source quench
    Disable 5 Allow redirect
    Disable 8 Allow inbound echo request
    Disable 9 Allow inbound router request
    Disable 11 Allow outbound time exceeded
    Disable 12 Allow outbound parameter problem
    Disable 13 Allow inbound timestamp request
    Disable 17 Allow inbound mask request

    Wireless Network Connection firewall settings:
    -------------------------------------------------------------------
    Operational mode = Enable
    Version = IPv4
    GUID = {3EC52183-3E08-4F24-98CB-02D5CF82790A}

    Local Area Connection firewall settings:
     
    Greg Kirkpatrick, Jul 7, 2006
    #9
  10. A further update --

    I can ping and print from the server to the network printer.

    I cannot ping or print from a workstation to the network printer.
     
    Greg Kirkpatrick, Jul 7, 2006
    #10
  11. A further update --

    I cannot ping or print from a workstation to the network printer.

    http://PrintersIP does nothing on the workstations.

    The printer is installed (via the network port) on the server, and it prints
    fine, coming from the server. I have shared the printer, and the
    workstations can see the shared printer, and can print to it -- so I have a
    workaround.

    It still bothers me (and worse, my customer) that Windows Firewall in the
    Control Panel says that it is turned OFF, and that its settings are being
    controlled by Group Policy. When the two laptop users connect to a
    non-domain (home) network, they still cannot turn on the firewall.

    Now they are asking me if I need to reinstall the server. Ugh.
     
    Greg Kirkpatrick, Jul 7, 2006
    #11
  12. In looking over the notes, these seem to be the problem areas for the
    workstations to be able to print directly to the networked printer. I swear
    I thought I had turned on File and Printer Sharing, etc., but this says it
    still is not.

    Tuesday (BellSouth and rain permitting) this business gets their DSL
    installed, so I can try a few RWWs to correct the network printing and the
    Windows Firewall problems.

    .....
     
    Greg Kirkpatrick, Jul 10, 2006
    #12
  13. Greg Kirkpatrick

    S. Ahmed Guest

    Greg, do you realize, you are talking to yourself, All gurus are gone hunting
    something easy to deal with ........ HA HA
     
    S. Ahmed, Oct 19, 2006
    #13
  14. In
    This is a stale thread, and the original post has been purged from the news
    server. Moreover, the OP hasn't included/quoted the original message, so it
    will be difficult for any "guru" to know what he refers to.

    However, as you are apparently a very clever fellow, why don't *you* answer
    his question? Then we can all learn from you.
     
    Lanwench [MVP - Exchange], Oct 19, 2006
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.