Prev: RemoteApp - An authentication error has occurred (Code: 0x80090303)
Next: terminal server client - XP MCE
From: Jacques on 23 Mar 2010 14:25
Greetings all,
We have a TS that, at one point, would allow remote printing through the
terminal session, from any machine.
At some point, it stopped allowing it, as if it were disabled in the TS
Configuration - which it is not disabled.
We have disabled, then re-enabled in the past, without it being an
issue. This was due to some printing problem
with a certain application, that was crashing on printing, when using remote
printing.

Now, the server acts as if remote printing is disabled, and will not
turn back on. The event log on the server,
shows error 55 when someone logs on with Printing checked in the Remote
Desktop Connection program.
It will list each printer from the client as a seperate event, stating that
it does not allow Windows NT kernel drivers
in each event (per printer that the client has).

I would say its a driver issue, but computers that worked before no
longer work.

Any ideas?

From: Divya Bhagavan[MSFT] on 23 Mar 2010 15:30
Hi Jacques,

-Is the spooler service running on both the client and the server? Read this
excerpt from TS blog.
Ensure that the spooler service is running on both the RDP Client & Server.
Windows Server 2008 added the ability for an Admin to configure spooler
security and Windows 7/Windows Server 2008 R2 adds the UI for this.
Therefore, it would be possible to alter the RDP server's spooler security
descriptor which might prevent RDP client printers from being redirected on
the session. The spooler security descriptor must contain the "AU"
(Authenticated User) ACL (Access Control List) which allows any
authenticated user to open the spooler service for reading operations.
Therefore, if that ACL is missing from the spooler security descriptor, it
must be added like the example below using the command prompt (elevated).
> sc sdshow spooler
D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)
> sc sdset spooler D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSD
RCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)
[SC] SetServiceObjectSecurity SUCCESS

-Also ensure that if you are connecting through TS Gateway, the policy that
disables printer redirection is turned off.

-Ensure GP setting too.
The policy location is "Computer Configuration -> Administrative
templates -Windows Components -> Remote Desktop Services > Remote Desktop
Session Host -> Printer Redirection". The setting "Use Remote Desktop Easy
Print printer driver first" must be set to "Enabled" for Easy Print
redirection, and it has to be "Disabled" for Legacy Print. For "Not
configured", Easy Print is chosen by default.
-Also make sure that the Default printer is same in both client and the
server


Thanks
Divya

"Jacques" <somewhere(a)overthere.here> wrote in message
news:eR6sGZryKHA.4752(a)TK2MSFTNGP04.phx.gbl...
> Greetings all,
> We have a TS that, at one point, would allow remote printing through
> the terminal session, from any machine.
> At some point, it stopped allowing it, as if it were disabled in the TS
> Configuration - which it is not disabled.
> We have disabled, then re-enabled in the past, without it being an
> issue. This was due to some printing problem
> with a certain application, that was crashing on printing, when using
> remote printing.
>
> Now, the server acts as if remote printing is disabled, and will not
> turn back on. The event log on the server,
> shows error 55 when someone logs on with Printing checked in the Remote
> Desktop Connection program.
> It will list each printer from the client as a seperate event, stating
> that it does not allow Windows NT kernel drivers
> in each event (per printer that the client has).
>
> I would say its a driver issue, but computers that worked before no
> longer work.
>
> Any ideas?

From: Jacques on 5 Apr 2010 11:37
My apologies for not getting back sooner.
The issue here is that it no longer works for people with local or domain
admin rights either.
You just can't print remotely at all, whereas before, without having to set
anything, you could almost print to anything, from anywhere.

How do I access the spooler security on W2K8x64 that's not R2?

As far as group policy, I'm unclear where I should be making the change as I
don't see the below on either the local security policy of the TS itself, or
the GP of the AD DC.

As far as the default, no one printing from home, or offsite would have the
same printer, so I'm not sure what to set the default printer to.



"Divya Bhagavan[MSFT]" <divyab(a)redmond.corp.microsoft.com> wrote in message
news:1731A117-D173-4A50-BED9-E5F1314D5C57(a)microsoft.com...
> Hi Jacques,
>
> -Is the spooler service running on both the client and the server? Read
> this excerpt from TS blog.
> Ensure that the spooler service is running on both the RDP Client &
> Server.
> Windows Server 2008 added the ability for an Admin to configure spooler
> security and Windows 7/Windows Server 2008 R2 adds the UI for this.
> Therefore, it would be possible to alter the RDP server's spooler security
> descriptor which might prevent RDP client printers from being redirected
> on the session. The spooler security descriptor must contain the "AU"
> (Authenticated User) ACL (Access Control List) which allows any
> authenticated user to open the spooler service for reading operations.
> Therefore, if that ACL is missing from the spooler security descriptor, it
> must be added like the example below using the command prompt (elevated).
>> sc sdshow spooler
> D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)
>> sc sdset spooler D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSD
> RCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)
> [SC] SetServiceObjectSecurity SUCCESS
>
> -Also ensure that if you are connecting through TS Gateway, the policy
> that disables printer redirection is turned off.
>
> -Ensure GP setting too.
> The policy location is "Computer Configuration -> Administrative
> templates -Windows Components -> Remote Desktop Services > Remote Desktop
> Session Host -> Printer Redirection". The setting "Use Remote Desktop Easy
> Print printer driver first" must be set to "Enabled" for Easy Print
> redirection, and it has to be "Disabled" for Legacy Print. For "Not
> configured", Easy Print is chosen by default.
> -Also make sure that the Default printer is same in both client and the
> server
>
>
> Thanks
> Divya
>
> "Jacques" <somewhere(a)overthere.here> wrote in message
> news:eR6sGZryKHA.4752(a)TK2MSFTNGP04.phx.gbl...
>> Greetings all,
>> We have a TS that, at one point, would allow remote printing through
>> the terminal session, from any machine.
>> At some point, it stopped allowing it, as if it were disabled in the TS
>> Configuration - which it is not disabled.
>> We have disabled, then re-enabled in the past, without it being an
>> issue. This was due to some printing problem
>> with a certain application, that was crashing on printing, when using
>> remote printing.
>>
>> Now, the server acts as if remote printing is disabled, and will not
>> turn back on. The event log on the server,
>> shows error 55 when someone logs on with Printing checked in the Remote
>> Desktop Connection program.
>> It will list each printer from the client as a seperate event, stating
>> that it does not allow Windows NT kernel drivers
>> in each event (per printer that the client has).
>>
>> I would say its a driver issue, but computers that worked before no
>> longer work.
>>
>> Any ideas?
>

From: Jacques on 5 Apr 2010 11:53
I just learned that we don't even have the same dialog boxes are some people
are describing on the net.
No W2K8 server we have has an option for Default to main client printer on
any tab within TS Configuration.\
....and what some techs are saying should be in Client Settings, are under
our Log on Settings tab.
Now that I appear confused, any help would be appreciated.

"Jacques" <somewhere(a)overthere.here> wrote in message
news:uMKzaXN1KHA.3652(a)TK2MSFTNGP04.phx.gbl...
> My apologies for not getting back sooner.
> The issue here is that it no longer works for people with local or domain
> admin rights either.
> You just can't print remotely at all, whereas before, without having to
> set anything, you could almost print to anything, from anywhere.
>
> How do I access the spooler security on W2K8x64 that's not R2?
>
> As far as group policy, I'm unclear where I should be making the change as
> I don't see the below on either the local security policy of the TS
> itself, or the GP of the AD DC.
>
> As far as the default, no one printing from home, or offsite would have
> the same printer, so I'm not sure what to set the default printer to.
>
>
>
> "Divya Bhagavan[MSFT]" <divyab(a)redmond.corp.microsoft.com> wrote in
> message news:1731A117-D173-4A50-BED9-E5F1314D5C57(a)microsoft.com...
>> Hi Jacques,
>>
>> -Is the spooler service running on both the client and the server? Read
>> this excerpt from TS blog.
>> Ensure that the spooler service is running on both the RDP Client &
>> Server.
>> Windows Server 2008 added the ability for an Admin to configure spooler
>> security and Windows 7/Windows Server 2008 R2 adds the UI for this.
>> Therefore, it would be possible to alter the RDP server's spooler
>> security descriptor which might prevent RDP client printers from being
>> redirected on the session. The spooler security descriptor must contain
>> the "AU" (Authenticated User) ACL (Access Control List) which allows any
>> authenticated user to open the spooler service for reading operations.
>> Therefore, if that ACL is missing from the spooler security descriptor,
>> it must be added like the example below using the command prompt
>> (elevated).
>>> sc sdshow spooler
>> D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)
>>> sc sdset spooler D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSD
>> RCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)
>> [SC] SetServiceObjectSecurity SUCCESS
>>
>> -Also ensure that if you are connecting through TS Gateway, the policy
>> that disables printer redirection is turned off.
>>
>> -Ensure GP setting too.
>> The policy location is "Computer Configuration -> Administrative
>> templates -Windows Components -> Remote Desktop Services > Remote Desktop
>> Session Host -> Printer Redirection". The setting "Use Remote Desktop
>> Easy Print printer driver first" must be set to "Enabled" for Easy Print
>> redirection, and it has to be "Disabled" for Legacy Print. For "Not
>> configured", Easy Print is chosen by default.
>> -Also make sure that the Default printer is same in both client and the
>> server
>>
>>
>> Thanks
>> Divya
>>
>> "Jacques" <somewhere(a)overthere.here> wrote in message
>> news:eR6sGZryKHA.4752(a)TK2MSFTNGP04.phx.gbl...
>>> Greetings all,
>>> We have a TS that, at one point, would allow remote printing through
>>> the terminal session, from any machine.
>>> At some point, it stopped allowing it, as if it were disabled in the TS
>>> Configuration - which it is not disabled.
>>> We have disabled, then re-enabled in the past, without it being an
>>> issue. This was due to some printing problem
>>> with a certain application, that was crashing on printing, when using
>>> remote printing.
>>>
>>> Now, the server acts as if remote printing is disabled, and will not
>>> turn back on. The event log on the server,
>>> shows error 55 when someone logs on with Printing checked in the Remote
>>> Desktop Connection program.
>>> It will list each printer from the client as a seperate event, stating
>>> that it does not allow Windows NT kernel drivers
>>> in each event (per printer that the client has).
>>>
>>> I would say its a driver issue, but computers that worked before no
>>> longer work.
>>>
>>> Any ideas?
>>
>

From: Jacques on 5 Apr 2010 12:07
None of my group policies has the Remote Desktop Services folder in them.
It matches up to the Windows Components, but there isn't anything Remote...
at all.



> -Also ensure that if you are connecting through TS Gateway, the policy
> that disables printer redirection is turned off.
>
> -Ensure GP setting too.
> The policy location is "Computer Configuration -> Administrative
> templates -Windows Components -> Remote Desktop Services > Remote Desktop
> Session Host -> Printer Redirection". The setting "Use Remote Desktop Easy
> Print printer driver first" must be set to "Enabled" for Easy Print
> redirection, and it has to be "Disabled" for Legacy Print. For "Not
> configured", Easy Print is chosen by default.
> -Also make sure that the Default printer is same in both client and the
> server
>

 | 
Pages: 1
Prev: RemoteApp - An authentication error has occurred (Code: 0x80090303)
Next: terminal server client - XP MCE