none
MDT 2012 kills port 139 or the gpo step in the task sequence kills port 139 with copier scanning. RRS feed

  • Question

  • These shares that I will speak about can be accessed from other computers but cannot be accessed by the copiers to place the scanned document.

    Hello,

    I have created some images from Windows 7 clean installations. But the GPO pack which gets applied in MDT 2012 changes the settings in windows 7 in such a manner that port 139 doesn't work properly with network scanning trough SMB. The Xerox copier cannot place the document on the share, however the shared folder can be accesed from another windows machine.

    Recently We have purchased Workstations which already have an Windows 7 image on them. But because the computers' OS was deployed trough some imaging manner, port 139 doesn't function properly. Is there such a tool from Microsoft to restore the port 139 functionality to a Fresh Windows 7 CD installation?

    Or is any Microsoft GURU that has done any research in this problem and tested it and found a solution to this problem?

    I tried enabling all the rules and settings within the windows firewall and disabling the firewall. On One windows 7 machine with clean install from a windows 7 DVD the scanning works fine. 

    On the other machine imaged with an OEM image from the manufacturer the SMB port 139 scanning doesn't work with scanning.

    I captured some frames on both machines and the some frames have different sizes. And these are Response network frames from the Windows 7 machines back to the copier. So is any Microsoft person that would know why the Machines would respond with different size frames on the same protocol? 

    The names of the frames are Negotiate Protocol Response. The frame size on the machine that accepts the scan without problems is of 275 bytes. And the frame size on the machine which doesn't accept the scan is of 475 bytes.

    Is there anyone there who knows which settings alter the frames. There must be some security settings which change the behavior because if one applies an image with MDT 2012 and applies the Default GPO pack which comes with MDT 2012 on that image then that computer will not be able to accept accept scans on port 139.

    So I am giving here all my findings for a person which would know where to look and understand why the frame behavior or the network packet are different.

    Even after clearing the security settings from the windows firewall policy the functionality wasn't restored. Could there be some IPsec settings which get modified?

     In the link below there was an issue where the frame size would not allow to see shares on Windows XP.

    Back in Windows XP I've met this issue once where a administrative share or a regular share could not be accessed. the issue was resolved by this article: http://support.microsoft.com/kb/177078/en-us It was connected to the IRPstackSize - but it was amazing that such a setting could bring down the sharing process. So I am thinking that this port 139 issue might be similar because of some security settings which might affect the SMB.

    I have been working on this problem for sometime now.
    Thank you for any response.

    Please do not forget to select the best answer if it helps you! The Ultimate computer newbie guide since the discovery of spoon feeding! The Computer Manual dot Com

    Wednesday, May 15, 2013 7:34 PM

All replies

  • Ok spoke with Helpdesk from our xerox supplier and they uninstalled windows live essentials. Now I am waiting to find out if the MDT 2012 has anything to do with it. Ill post back when I find that out.

    Please do not forget to select the best answer if it helps you! The Ultimate computer newbie guide since the discovery of spoon feeding! The Computer Manual dot Com

    Thursday, May 16, 2013 1:58 PM