I received a super prompt reply. Unfortunately it was basically "you're out of luck, use SMBv1 or get a new copier." Oh well.
Thanks again, Joe! At least we tried and got an official answer.
My name is [redacted] I am a member of the Xerox 2nd level escalation team and received ownership of this log from Joe. After reviewing the log details I see that the issue is with SMB Workflow Scanning no longer working. It states that the WannaCry patch has been applied to the server, and SMBv1 was disabled based on recommendation by Microsoft. As you are aware disabling SMBv1 was a workaround solution until a patch was created for this virus, the patch does not force SMBv1 to be disabled. I do understand why you decided to disable it though.
Unfortunately, direct from Engineering “The WC75xx only supports SMB version 1. This is a legacy product there are no plans to change this. We would not accept any spar for this capability.”
As noted above this device will not be receiving any additional updates to its firmware to have SMBv2 capability.
The recommended options going forward would be as follows:
If you have any questions please let me know
FYI for the thread, Joe let me know that this issue has been given to the team that decides if it should be fixed with a SPAR.
I will post updates on anything I hear to this thread in case anyone with the same issue is watching it.
Thank you Joe for escalating this!
Thanks Joe! I PM'd you the info.
Very much appreciate you taking this on!
I have your traces, and since I'm a bit interested in the issue, and I can weasel my way into it. Send me a PM with your real name, phone number and email address, along with a copy of your config sheet from the printer.
I will have it sparred with you as the contact (Assuming it is a USA based machine) If Canada I might, if neither forget I mentioned it.
Thanks Joe. I will call in, but if you could show this post to the 75xx guys also I'd appreciate it!
Applying the patch does not disable SMB1, so wouldn't break Workflow Scanning. While the patch protects against WannaCry, SMB1 is a very old (30 years) and insecure protocol, and Microsoft recommends disabling it completely. Here's a blog from the SMB owner at Microsoft explaining why:
Disabling SMB1 for testing in a lab environment is easy. Just import this registry setting and then restart the Server service and SMB1 will be off. Delete the key or change it to 1 and restart the service to re-enable.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters] "SMB1"=dword:00000000
From my Wireshark captures, it's clear that the 75xx is only advertising SMB1 support. If the code is there for SMB2, it isn't fully implemented. So when SMB1 is disabled on the server, Workflow Scanning can't talk to the server. Or, in a more strict sense, the server sees the copier only supports SMB1 and refuses to talk to it.
Thanks again! Fingers crossed for a SPAR update soon.
I would call.
I don't actually support the 75XX product, but I am in the room where they are supported, I've heard issues with 2012.
That being said, I did altboot (completely wipe) one, and we built a Server 2012 VM, patched it fully including the MS17.010 patch and scanned without issue from the 75XX with no issue at all. We did not disable SMB1 and we did not do a wireshark trace to verify what it did. So if you disable SMB1 and not just apply the patch that fixes the hole in SMB1, your results could easily be different.
Our file repository was set for port 445. Just to be sure, I created a new repository and switched the template to use it.
I'll PM you a copy of a successful scan (with SMB 1 enabled), a failed scan (with SMB 1 disabled), and a screen capture of the repository configuration.
From your comments about lots of reports coming in, is it safe to say that engineering is going to be writing and releasing a fix at some point? Or should I call support to add one more ticket to get things moving in that direction?
Thank you again!
That looks like the scan template uses port 139 and not 445. Switch it to 445 and scan again
PM me the wireshark trace and I can look into it, but you can just type SMB2 in the filter
It does appear that patch from MS is breaking a lot of FujiXerox scan setups. Widespread reports on the whole lineup are coming.
C60 family, 560 family, 75XX and 71XX so far all with the same error since Wanacrypt patch released.
I don't have time to dedicate to the issue to thoroughly test it, but so far it isn't looking great, possibly some with newer firmware will work assuming they are using port 445 and do support SMB2 (I'm all but certain the 75XX does in latest releases)
But I simply don't have the time to build a test bed and hook up a switch to do the traces and inspect them after verifying if they work or don't.
What I state here is just my experiences, not anything official from Xerox....
As others have been posting recently, we also disabled SMBv1 after the WannaCry epidemic and found it broke Workflow Scanning.
We have WorkCentre 7530 machines. I've updated them to the latest SPAR release I can find, which is 061.121.227.03404
With this version, scanning still does not work. I obtained a packet capture with Wireshark and when the copier goes to connect to the Windows 2012 R2 file server, it transmits a list of SMB dialects that tops out at SMB version 1.
Is there any way to confirm that this build supports SMB v2?
Here is the list of dialects being transmitted by our copiers:
I believe no such document exists.
I *know* the 75XX and 930X can and do use SMB2 assuming they are on the latest spar firmwares, unlikely they do with the general releases. The 930X would need to be on the latest Connectkey version, not the non-connectkey.
7545 firmware is here
Can't link to the 930X as I don't know what you are running now
8900 I have no idea, bif it is on an 072 fimrware (Connectkey), it should, latest version is here
7120 firmware is here, I have used it on a default install of Server 2008 with no modifications server side, so SMB2 should be fine, I believe 3 it doesn't do though.