none
Installing Printers from Windows 2008 R2 printer server using the Cname

    Question

  • Am having issues installing printers on workstations from the windows 2008 R2 print server using the DNS names. the servername and Full qualified Name works fine.

    l have tweaked the Registry and Disabled the StrictNameChecking but still getting an error.  this is the message am getting...

    Printer Installation Failed

    You do not have enough privilege to complete the printer installation on the local machine.

    I found this KB and did exactly what is in the KB but stilll....

    lhttp://support.microsoft.com/kb/870911/en-us

     need help

    Sunday, November 8, 2009 3:27 AM

Answers

  • Please see if this addresses the issue. 

    Enable CNAMEs on ‘print servers’

     

    If you can ‘ping’ the print server and authenticate, but the server still fails it is likely you need to enable this setting on the server for CNAMEs to work on ‘print servers’.

     

    reg add HKLM\SYSTEM\CurrentControlSet\Control\Print /v DnsOnWire /t REG_DWORD /d 1

     

    Tuesday, November 24, 2009 10:57 PM
    Answerer
  • Hi Alan,

    We appreciate your help on this.  If you have access to your DNS server you should be able to setup an alias recored pointing to your print server.  Also you'll need to add the reg key for disablestrictnamechecking=1 in order for you to browse the shares using the alias.  Two things to look at.

    1.  if you browse to the shares using the server host name or FQDN you can browse the shares and printers and will be able to add printers to your workstation.

    2. if you browse via the alias name you can see all of the shares and printers BUT if you try to add the printer you will get an error message.


    This method worked in server 2003-2008 but for some reason not in 2008R2.  Let us know if you see the same issues, and if you can possibly escalte this.  I anticipate you will see more people asking about this issue.

    Thanks for your help.
    Saturday, November 21, 2009 4:29 PM

All replies

  • i have the same probleme, i have already trie the micrososft help. But doesnt work.
    Wednesday, November 18, 2009 8:17 PM
  • Add the print driver first to the real machine name, then use the Add Network Printer wizard and select the print driver from the list. 

    Thursday, November 19, 2009 6:50 AM
    Answerer
  • Hi Alan

    It doesn't work. A lot of other administrators have the same problem

    see here:

    http://social.technet.microsoft.com/Forums/en-US/winserverprint/thread/e3bf391d-df87-4400-92c4-fda464419638

    Please try to help us to find a soöution to connect to the printserver with a cname, thanks.
    Friday, November 20, 2009 8:47 AM
  • Hi Alan,

    We appreciate your help on this.  If you have access to your DNS server you should be able to setup an alias recored pointing to your print server.  Also you'll need to add the reg key for disablestrictnamechecking=1 in order for you to browse the shares using the alias.  Two things to look at.

    1.  if you browse to the shares using the server host name or FQDN you can browse the shares and printers and will be able to add printers to your workstation.

    2. if you browse via the alias name you can see all of the shares and printers BUT if you try to add the printer you will get an error message.


    This method worked in server 2003-2008 but for some reason not in 2008R2.  Let us know if you see the same issues, and if you can possibly escalte this.  I anticipate you will see more people asking about this issue.

    Thanks for your help.
    Saturday, November 21, 2009 4:29 PM
  • I don't have access to DNS servers but I'll ask around.  Are these Windows 7 client machines or XP, or Vista.   I see the disablestrictnamechecking=1 setting is in the security layer, have you posed this to any security forums?

    Can the client view the contents of the \\printserver\print$ share on Server 2003?   Just confirm the same result to the cname entry for Server 2008 R2.


    Have you tried adding Anonymous Logon to one of the printers security settings?  I don't think this is it but just curious.


    Do all clients fail the same way?


    Sunday, November 22, 2009 12:07 AM
    Answerer
  • 1. This happens on Windows 7 and Windows XP clients.
    2. All clients can view the contents on the \\prinserver print shares on server 2003.  Same result on Server 2008 R2.
    3. I added the anonymous logon to a print share but that didn't work.
    4. All clients fail the same way.

    The advantage of using a cname/alias of a print server to install printers is when you migrate your printer shares to a different print server all you have to do is change the alias record in DNS and then the clients will reconnect to the new print server.  This is very powerful when you have alot of users.


    I haven't added this issue to the security forums but I think that is a start in the right direction.

    I guess if this doesn't get resolved soon I can migrate my printers to another 2003 server I have until a resolution.
    Monday, November 23, 2009 12:57 AM
  • Hi Andy504

    Same problem here. I'm able reproduce it. I hope MS is getting us a solution soon, because it's really a bad problem for me.
    Monday, November 23, 2009 9:15 AM
  • Please see if this addresses the issue. 

    Enable CNAMEs on ‘print servers’

     

    If you can ‘ping’ the print server and authenticate, but the server still fails it is likely you need to enable this setting on the server for CNAMEs to work on ‘print servers’.

     

    reg add HKLM\SYSTEM\CurrentControlSet\Control\Print /v DnsOnWire /t REG_DWORD /d 1

     

    Tuesday, November 24, 2009 10:57 PM
    Answerer
  • This worked!  Appreciate your help.  Where did you find this solution? =D
    Tuesday, November 24, 2009 11:24 PM
  •   I'll work with a Program manager to document the registry setting.
    Wednesday, November 25, 2009 12:31 AM
    Answerer
  • It worked also for me. Thanks a lot Alan for your help.
    Wednesday, November 25, 2009 9:46 AM
  • Thank you so much Alan! This worked for me as well.
    Thursday, December 17, 2009 5:41 AM
  • any other suggestion?
    I can see the  printer alias name in my computer but can't map it i got the following error message

    "Operations could not be completed .Either the printer was typed incorrectly , or the specified printer has lost it conenction to the server. For more information, click Help."

    I can map the printer using physical name so the sharing is correctly.

    I have added disable strict name check registry (value =1) and the registry dnsonwire , still doesnt work.

    My OS is windows server 2008 Enterprise 32 bits
    Monday, December 21, 2009 7:00 AM
  • Hi, I would like to know if anyone found a solution for this? I've applied both the DisableStrictNameCheck setting and the DNSOnWire as explained above and I'm still receivng the same error. The server is 2008 R2 and the clients are either XP Pro or 7 Pro. This is somewhat critical or we'll have to roll back to 2003.

    Thanks,

    Adam

    Friday, October 29, 2010 5:59 PM
  • Verify you have the registry set correctly on the print server

    DnsOnWire REG_DWORD  set to 1

    This only applies to 2008 R2.  You will need to restart the print spooler service or reboot the print server in order for the spooler on the server to hit the DNS server for the CNAME.  Make sure the print server can actually look up the CNAME information as well.


    Alan Morris Windows Printing Team
    Friday, October 29, 2010 6:14 PM
    Answerer
  • Thanks for the reply Alan, I've been distracted with other issues, but yes, I can confirm the setting is correct.

    I had to roll back out the legacy 2003 server as a result. Any thoughts?

    Thank you,

    Adam

    Friday, November 5, 2010 7:48 PM
  • On the 2008 R2 machine type

    net view \\TheCNAMEname

    if the print server can get to the DNS server to determine that the registered CNAME points back to the machine, then you should get a list of shares from the machine.

    You should also add a shared folder and verify that clients can access the share.

    The 2008 R2 changes in the spooler revolve around having a cached set of server names and IP addresses that the spooler service knows belongs to the local machine.  The local machine will never go out to DNS (previous OSs, the spooler would hit the DNS server all the time) unless you specify the registry key. 


    Alan Morris Windows Printing Team
    Friday, November 5, 2010 10:51 PM
    Answerer
  • File share has been working well. I just tested something and now it appears to be working correctly. Sorry, to put this on hold, but I'll need to schedule some downtime to do more testing.

     

    To clarify. I have a server named "OSPREY" it's got several CNAMES, one of which is PRINTERS. The idea being that people can go to: \\printers and add a queue. So, since I had the trouble, I removed the PRINTERS CNAME and just rolled out the old print server and gave it the ANAME of PRINTERS. Now, when i try to add printers from the OSPREY server using other CNAMES, it IS working, despite having gotten errors when using the PRINTERS CNAME. Very odd. It will definitely take some tinkering on my part to sort this out, but I'll update the thread later with the results.

     

    Thanks for your patience and attention, I appreciate the willingness to help.

     

    Kind Regards,

    AJM

    Monday, November 8, 2010 3:46 PM
  • Hi.

    I think I solved this yesterday. We got 1 printserver, with an alias, which we had this problem to connect to. I noticed that there is a difference between x86 and 64bits system entries in the registry...

    When you are having a 64bit system, you must use REG_QWORD instead of REG_DWORD, REG_DWORD is only to be used in x86 system! See below.

    Windows 2008 server R2 64-bit 

    HKLM\SYSTEM\CurrentControlSet\Control\Print = ”DnsOnWire” = REG_QWORD Decimal = 1

    (reg add hklm\system\currentcontrolset\control\print /v DnsOnWire /t REG_QWORD /d 1)

     

    HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters = DisableStrictNameChecking = REG_QWORD Decimal = 1

    (reg add hklm\system\currentcontrolset\services\lanmanserver\parameters /v DisableStrictNameChecking /t REG_QWORD /d 1)

     

    HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters\  REG_SZ = OptionalNames = “aliasname” (C-name record in DNS)

    (reg add hklm\system\currentcontrolset\services\lanmanserver\parameters /v OptionalNames /t REG_SZ)

     

     

     

     

    Windows 2008 server x86 

    HKLM\SYSTEM\CurrentControlSet\Control\Print = "DnsOnWire" = REG_DWORD Decimal = 1

    (reg add hklm\system\currentcontrolset\control\print /v DnsOnWire /t REG_DWORD /d 1)

     

    HKLM\SYSTEM\CurrentControlSet\services\Lanmanserver\Parameters = DisableStrictNameChecking = REG_DWORD Decimal = 1

    (reg add hklm\system\currentcontrolset\services\lanmanserver\parameters /v DisableStrictNameChecking /t REG_DWORD /d 1)

     

    HKLM\SYSTEM\CurrentControlSet\services\LanManServer\Parameters\  REG_SZ = OptionalNames = “aliasname” (C-name record in DNS)

    (reg add hklm\system\currentcontrolset\services\lanmanserver\parameters /v OptionalNames /t REG_SZ)

     

    Don't forget to reboot your system after these changes!

    Best Regards, Mats

     


    • Edited by Mats Karlsson Friday, April 29, 2011 6:20 AM
    • Proposed as answer by BaupatCH Monday, April 22, 2013 8:06 AM
    Wednesday, November 10, 2010 7:16 AM
  • Mats,

    Thanks for that 64-bit information. For the aliasname setting, does the CNAME have to be in quotes? Also, do you know if you can add multiple optional names to this vaule? For example: "aliasname1","aliasname2"

     

    JP

    Tuesday, November 23, 2010 4:23 PM
  • QuickTek,

    No qutoes for the aliasname, and yes, you can use multiple of optional names.

    Use a comma for separation !

     

    Best Regards, Mats

    Friday, December 10, 2010 9:01 AM
  • Fixing error x00000709 when connecting to your aliased printserver

    I know this is an older post but i ran into this issue and my searching kept bringing me here!

    answer is in Mats post (2 up) but only needed to ad this key

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]
    "OptionalNames"="printserver2"

    (note its a string value, also you set it to = your CNAME/Alias in my case printserver2)

    this was on 2008 R2 Std x64, sp1

    more info here:

    http://www.techrepublic.com/blog/datacenter/adding-multiple-netbios-names-for-windows-servers/2593

     


    Thursday, September 1, 2011 8:14 PM
  • To follow-up what 'miffed user' said-

    Same here.  But I am also doing MS NLB cluster in  VMWare.  It took several tries, after making those registry changes Mats posted, and some reboots, before it worked.  Not sure why.

    Wednesday, March 7, 2012 7:46 PM
  • work fine your solution thanks a lot!
    Tuesday, May 22, 2012 7:03 PM
  • Anybody knows what DNSONWIRE=1  actually change in the server's behaviour? And is the scope exclusively limited to the SMB shares? (=no other side effects?) Thanks.
    Tuesday, October 16, 2012 2:40 PM
  • The change is scoped to the print spooler service.  File shares do not matter in this case.

    The print spooler retains internal structures on the machine name and IPs.  The print spooler is aware of shares available so \\localmachine\printer it knows about and will respond to the client requests.  When a client calls openprinter with \\notthemachinename\printer, the spooler will fail these calls.  When the client calls openprinter with \\CNAMEmachine\printer, the machine information is stored in the DNS record.  If the spooler service does not go out to DNS to get this info, it will fail this call. 


    Alan Morris Windows Printing Team

    Tuesday, October 16, 2012 4:45 PM
    Answerer
  • Well. I know it's an old thread, but I'm trying make it work for me now.

    My system is Windows 2008 R2 Enterprise Edition.

    Resolution given earlier by You, Mats, also work for me (no matter if I add DWORD or QWORD values) but I have problem with multiple aliases.

    I can add printer shared by real server name and first alias but I can't do it for the second and third alias. If I change aliases position in the "OptionalNames" value in the registry I can add printer by the alias which is the first alias after change but the former first alias - which worked then fine - doesn't work.

    I've tried to separate aliases with spaces and semicolons but it didn't make any difference.

    An error is "System Windows can't make connection with the printer. Check printer name i try again. If its network printer make sure its turned on and its adress is correct" (its my translation from Polish so in original English it can be some differencies but I hope I preserve the proper meaning).

    Anyone has any idea why?

    Krzysztof



    • Edited by KrzychG Friday, December 14, 2012 11:52 AM Errors correction.
    Friday, December 14, 2012 11:16 AM
  • Here is what I found works:

    1) Add A record or CNAME to DNS

    2) Add the following to the registry:

    Windows Registry Editor Version 5.00
    ;Print Spooler Driver Exception
    [ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print]
    "ThrowDriverException"=dword:00000001

    ;Disabled Strict Name Checking for Win2k8R2
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]
    "DisableStrictNameChecking"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Lsa]
    "DisableLoopbackCheck"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print]
    "DnsOnWire"=dword:00000001

    -------------------------------
    3) open admin console and enter:
    NETDOM COMPUTERNAME [fqdn of server you are on] /add:[fqdn of dns entry (from step 1) to accept]

    "NETDOM COMPUTERNAME" should be typed exactly like it is.

    Source:
    - Windows Printer/Fax Technet
    - http://www.marc-lognoul.me/itblog-en/post/2010/09/08/Multiple-Names-for-a-File-and-Print-Server-Running-Windows-Server-2008-R2.aspx


    • Edited by PSU_WST Monday, December 17, 2012 5:32 PM
    • Proposed as answer by Fred___ Wednesday, March 12, 2014 12:46 PM
    • Unproposed as answer by Fred___ Wednesday, March 12, 2014 12:48 PM
    Monday, December 17, 2012 5:31 PM
  • Another solution is to modify the file %windir%\system32\drivers\etc\hosts by adding alias wished.

    And useless to modify the base of register. I have just applied it to a server Windows 2012 R2

    Wednesday, March 12, 2014 12:53 PM