Our ColorQube 8700s are configured with the primary Touch UI login method set to “Smart Cards.” We recently experienced a network outage/configuration issue, and were unable to log into the Xerox Touch UI.
After reviewing the configuration, we determined that the Alternate authentication method was set to “User Name/Password – Validate on the Network.” We immediately attempted to change the alternate authentication method to “User Name/Password – Validate on the Device” so that we could login at the Touch UI in a future network outage, but were not presented with a "Validate on the Device" option—-“Disabled” was the only other option. It seems that the ONLY alternate authentication method possible, regardless of primary validation, is “Validate on the Network”. How would we authenticate to the Touch UI in the event of a network issue so that we could manage/administer the device???
Solved! Go to Solution.
If you have not already resolved this issue, we suggest you search our online knowledgebase for this product: ColorQube 8700.
Alternatively, you can visit our Contact Us page for other support options.
Thanks for the reply CherylO-Xerox,
I have searched the online knowledgebase to no avail. Also, I contacted support, and informed them of a limitation within the configuration, and the only answer I received was that a Xerox service representative would have to be dispatched to my location to reset the printers if the network were inaccessible. After requesting a tier II/III representative, and "accidentally" hung up on while being transferred.
Bottom line is that if I am unable to authenticate to the network for any reason (could be moving from one segment/VLAN to another), I am unable to authenticate to the Touch UI to change settings, etc. when the primary Touch UI authentication is anything other than "Authenticate to Device."
Any help you or Xerox can provide is appreciated. As I see it, it's not a configuration issue, but a limitation in the Touch UI authentication providers.
Hi jr, you are correct, it is a limitation and if you had the issue escalated, as long as you were provided a log number, you will be called back by a second level representative directly using the contact information on the escalation.
At this point the issue you are having is intentional, in an added security environment people typically don't want their users to be able to call Xerox, obtain the default username and password for the local admin account (or just Google it) and bypass all security and accounting restrictions on the device.
You do in your case have the option to do whatever you need to as the local admin through CWIS, and if the network is down you can just connect via crossover cable from a laptop if needed in the case of no network at all.
You could do a "Feature Enhancement Request" through 2nd level to have the feature added, but that would not be a guaranteed fix, Engineering would at that point decide if it was a feature to implement, and the timing of adding it.
This definately would be a Feature Enhancement Request, as the option to locally authenticate to the device does not exist in configurations of network-based primary authentication. I think we may be giving Xerox a little too much credit by thinking this were intentional for the reasons you cite (default username/pw)-- in a secure environment, this is the first thing you change for any hardware.
Either way, the x-over cable is really the only option (aside from waiting with bated breath for a FER), as the Web interface allows authentication to the device independent of the Touch UI authentication mechanism.