Universal Send to push a file to a SMB share

Last updated Mar 31 2004

Problems using Universal Send to push a file to a SMB share on a Windows 2000 host.

Canon uses NetBIOS over TCP/IP for the SMB protocol with all its Universal Send machines. It is possible to disable NetBIOS over TCP/IP on most Microsoft Windows operating systems. If it is disabled on a host, we will not be able to push a document to that host. By default NetBIOS over TCP/IP is enabled, this allows users to look for resources through the graphical "Network Neighborhood".

With Active Directory on Windows 2000 you can disable NetBIOS over TCP/IP and you will still be able to see the shares from Windows 2000 clients but not from any universal send machine. You will NOT be able to browse to an SMB share or use the trusted old \\ipaddress\share to push to the SMB share.

Enabling NetBIOS over TCP/IP on Windows 2000.

Right click on 'My Network Places', Choose 'properties'
Right click on the appropriate 'Local Area Connection x', Choose 'Properties'
Highlight ' Internet Protocol (TCP/IP)' Click on 'Properties'
Click on 'Advanced'
Select the 'WINS' tab
Make sure that 'Enable NetBIOS over TCP/IP' is selected

Click 'OK' If you are not running a WINS server you will get a pop up saying, "This connection has an empty primary WINS address. Do you want to continue?" This is OK, choose 'Yes' and 'OK' your way out.

Things should work now.

Problems using Universal Send to push a file to a SMB share on a Windows Server 2003 host.

You have a Windows 2003 Server running Active Directory.
When you try to push scan with SMB, the imageRUNNER is unable to logon.
You can browse to the server, but cannot logon.
The user name and password are rejected.

This issue is caused by the default security policy on Windows Server 2003 Domain Controllers
By default, the Windows Server 2003 Domain Controllers require SMB packet and secure channel signing
The iR products do not currently support SMB packet and secure channel signing

Here are some workarounds

1. Choose a different Windows XP or 2000 client
It does not matter if they are on the Windows 2003 domain

2. Use an alternative protocol like FTP or IPX

3. Disable SMB packet and secure channel signing enforcement

I'll explain number 3 here

The following information was borrowed from Knowledge base article #811497 from http://support.microsoft.com/ and http://www.microsoft.com/technet/

It is advised to first backup your Default Domain Controllers Policy Group Policy object before modifying it.
According to Microsoft you must use the Group Policy Management Console (gpmc) to back it up.
Search for gpmc using this http://search.microsoft.com/search/

To disable SMB packet and secure channel signing enforcement on Windows Server 2003–based domain controllers

1. From Administrative Tools open Domain Controller Security Policy
2. Smile
3. Select \Security Settings\Local Policies\Security Options folder.
4. In the details pane, double-click Microsoft network server: Digitally sign communications (always), and then click Disabled to prevent SMB packet signing
from being required.
5. Click OK.
6. In the details pane, double-click Domain member: Digitally encrypt or sign secure channel data (always), and then click Disabled to prevent secure channel
signing from being required.
7. Click OK.

To apply the Group Policy change immediately, either restart the domain controller, or type gpupdate at a command line, and then press ENTER.

If you change these setting and still have a problem, try checking in the following area. Is there a MS person out there who knows about these settings and when the system would use one setting over the other? I would love to hear from you. (I don't do MS, yet)

1. Open Active Directory Users and Computers, right click the Domain Controllers container and click Properties
2. Click the group policy tab and then on edit
3. Under Computer Configuration, go to the Windows Settings\Security Settings\Local Policies\Security Options folder.
4. In the details pane, double-click Microsoft network server: Digitally sign communications (always), and then click Disabled to prevent SMB packet signing
from being required.
5. Click OK.
6. In the details pane, double-click Domain member: Digitally encrypt or sign secure channel data (always), and then click Disabled to prevent secure channel
signing from being required.
7. Click OK.

To apply the Group Policy change immediately, either restart the domain controller, or type gpupdate at a command line, and then press ENTER.

Use the source Luke

Using Microsoft Systems Management Server and can't connect.

MS KBA #311257

I have made the changes suggested at the beginning of this page but still can not connect to the server. Yes I am using the MS Systems Management Server.
It could be the computer is not accepting anonymous connections. Lets take a look.

1. From Administrative Tools open Domain Controller Security Policy
2. Select \Security Settings\Local Policies\Additional restrictions for anonymous connections\
3a. I don't have MS SMS. If you can fill the rest of this in for more please email me. rick_preston at canada.canon.com with the subject ISGSP.
There should be a way to enable anonymous connections here.
3b. for how to do this from the registry see MS KBA 143474 and 246261
Hopefully we can update this section soon.

Just a note I didn't want to lose.
Universal Send: SMB push without WINS.
When you press browse on the copier, it broadcasts a packet on port 137 "NetBIOS Name Service:Request"
The Browse Master on the network should respond with "NetBIOS Name Service:Responce"

Back Home