Thank you for using the Support Forum. I am sorry that you did not find a resolution. I suggest that you contact your Xerox Representative and see if there is a machine that can and will meet your needs. Again I am sorry for your frustration and that there was not an acceptable resolution.
Well this is a fine how-do-you-do!
From the 3rd level engineering team (SPAR)
CQ# Xerox00187319 has been Declined
Log Number: 19031325
Problem Summary: WC 3325 fails to scan to server using NTLMv2 authentication
Product ID: WC 3315/25 (Rhone)
The device does not support NTLMv2 authentication. This request would need to be done as an Feature Enhancement Request (FER) since the machine is working to specification. If you would like to see this feature added in future products, please contact your Xerox customer representative to enter an Feature Enhancement Request (FER) on your behalf.
Technical SPAR Coordinator
Looks like we'll be sending back these two Phaser 3325 units for a full refund and buying a different brand altogether.
Just a quick update for anybody else who has this issue.
We submitted network packet captures to the Xerox Engineering team, one set from a Phaser 3300 that sneds SMB scans fine and the second set from the 3325 that does not.
Here's what they found (email from tech support):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[We] did a scan from our WC3325 to a 2003 x32 server running as a Domain Controller. It failed the initial connection using NTLMv2, but then switched to NTLMv1 (as it should) and connected fine. Looking at the trace that was submitted, the customer’s WC3325 does the same, however it fails on both NTLM and NTLMv2.
. . . . . . . . .
Since the server is set to NTLMv2 only and the printer is failing the login attempts, there appears to be an issue with the implementation of NTLMv2 on the WC3325. I have already submitted this matter to the engineering to see if they can develop a patch for the printer to address this matter. The SPAR# for this matter in Engineering is Xerox00187319. You should be receiving an email from the SPAR Administrator shortly.
. . . . . . . . . .
I wanted to inform you that SPAR/XSEED for Xerox00187319 for your WC3325 has been submitted to 3rd level engineering per your request for NTLMv2 Authentication Failure.
Going forward, our Escalation Administrator will be your point of contact for this escalation. If the escalation administrator needs my assistance, they will work with my manager to request my help.
We will provide an update for the escalation (above) every (2) weeks via e-mail.
- - - - - - - - - - - - - eom - - - - - - - - - - - - -
FYI in our domain environment we set the authentication method to NTLMv2 ONLY via network-wide group policy.
Seems there will be a firmware fix coming from engineering soon.
So if you are having this issue of SMB failing to send because of authentication issues, Please Stand By!
Thank you for using the Support Forum. It looks like it is time to contact your local support centre for further assistance.
Thanks for the suggestions MikeE
id try to use the ip address not the name first.
Not the problem. Obviously the printer is hitting the server because the server is logging the event.
then leave out the domain\ just use the username no domain
As you can see I am using just the username on both the 3300 & 3325. One works, the other doesn't. And furthermore the from will not save if I try to use invalid characters giving the error "This field does not allow <,",>,\"
the other way is "username"@"domain.local"
Just tried that syntax. No change. Also tried the form "email@example.com" and that did not work either.
Any other ideas or suggestions?
I replaced a Phaser 3300 MFP with a Workcentre 3325. The old unit could SMB scan to our Server 2003 "SCANS" shared folder using Active Directory user credentials. When I set up the new Workcentre 3325's SMB scan to the same folder I keep getting a Login Failed error when testing.
I have tried a regular access user who has group permissions to the share the same as the older unit, explicitly gave that user Full Control on the share, tried using a network admin account, tried using a local admin account, tried using our Kerberos for validation and ALL of these fail the same way. Many posts here recommend using the form "DOMAIN-NAME\username" with the domain name in CAPS but on the Workcentre 3325 if you try to use the "\" character is will not allow it and gives an error message. The users & sysadmin manuals do not show any specific syntax that needs to be followed when populating the SMB form.
Here are the Security Events on the server and the setup screens from the two Xerox machines.