Question : Problem: How to get a Canon IR2200i to store documents on a Windows server 2008

Hello everyone,

at our office we have a Canon IR2200i that is supposed to "deliver" scanned documents to a server by storing them on a SMB share. When the share was hosted on Windows server 2003R2, this was merely a matter of disabling SMB signing on the server, since (like so many "professional" copiers) the Canon cannot handle that apparently.

However, since we switched to Windows Server 2008, I cannot get the Canon to store anything on an SMB share, even when I disable SMB signing completely in the domain controllers policy. The copier only produces the less than useful message "FEHLER" ("error").
The error message is displayed immediately after scanning, so a name resolution problem is unlikely (too little delay).

If anyone had an idea either how to make it work or how to get the machine to display a more meaningful error message, it would be greatly appreciated.

The server, in its event log, records a failed logon with the following data (this is for a logon attempt including the domain name, i.e. with a username of "pps\t.test"):
--------
Security ID: NULL SID
Account Name: PPS\T.TEST
Account Domain:

Workstation name: PPS\T.TEST
--------

Especially the reported workstation name sends shivers down my spine. Seems like the copier uses a pretty "free" interpretation of what information to deliver. In its network settings, its name is configured as "canon" btw.

In the unit's address book, I used the following settings to access the server (known to work, tested with Liunx smbclient):
---------
server: \\server-01\Benutzer
Path: \t.test\Dokumente\Scans
User: pps\t.test
Password: ************
---------------
The canon has SMB support switched on; TCP/IP networking is configured by DHCP and working.

Answer : Problem: How to get a Canon IR2200i to store documents on a Windows server 2008

Just to check, is this what you have changed and it didn't work?
Microsoft Network Server: Digitally signed communication (always) -> disabled
If so, then try the following also, toghether with the previous setting:
Domain member: Digitally encrypt or sign secure channel data (always) -> disabled

Also you can try
Network security: LAN Manager Authentication level -> Lower the level and test

Dont forget to execute Gpupdate /force or reboot to apply policy each time you change something.


(
You will not be able to change these setting trough gpedit , local computer policy since it is overrided by the Domain security policy.

On server 2008 one way to get there is the following:
Administrative Tools
Server Manager
Features
Group Policy Manager
Forest: ...
Default Domain Policy
 Computer configuration
  Policies
   Windows Settings
    Security Settings
     Local Policies
      Security Options
        Microsoft Network Server: Digitally Sign Communications (Always)
            Ï Define This Policy
            Ï Disabled

execute Gpupdate /force or reboot to apply policy

Just to check if the policy is being correctly applied try the following:
Trough gpedit (local computer policy) you will be able to see the options but not change them (greyed out), so I suggest that after the change you cannot scan to the folder check trough gpedit if it is disabled.
If it is not disabled, disable it at the top of the hierarchy. Something may be overriding the setting.
)

Hope any of this helps