Windows NT Further Guidance on Remote office Printing

  • Thread starter Thread starter rjcmi
  • Start date Start date
R

rjcmi

I am still in the need for some assistance. I'd like to thank those
who replied to my previous entry. Here is what I'm trying to do, what
I've done so far, and some things that people have suggested.

I am an Americorp Volunteer working on a technology infrastructure
update for an Independent Living Center. This is my first experience
using Server 2003 and Terminal Server. I have implemented the
Terminal
Server and all appears to be working as planned with the exception of
the following.

We have 4 Satellite offices each one has their own Network Printer.
(Same Brand, Brother 2070n) These printers are assigned a static IP
address and are plugged directly into a router. Each client then
prints to that IP address. The problem I'm having is getting the
satellite offices to print directly to the printers in their own
offices while using TS. Currently they print out in the main office.

I have looked at the group and found the following MS Support Article
locacted here: http://support.microsoft.com/?kbid=302361 (Printers
That Use Ports
That Do Not Begin With COM, LPT, or USB Are Not Redirected in a
Remote
Desktop or Terminal Services Session) I have followed the directions
in the article.

I have also attempted to change the printer over to an LPT port.

I still can not get the local Network printer to show on the
Individual Clients in the Satellite Offices. They are using Windows
XP with all service packs installed.

In addition I was told the following:

The Brother 2070n driver is *not* a native driver on a Windows 2003
server. Whatever you do, don't install it on the TS, since most 3rd
party printer drivers are not TS-compatible, and some are known to
crash your printer spooler or the whole server. In stead, map the
printer to a native driver by creating a custom ntprintsubs.inf
file, as described in KB article 239088.
http://support.microsoft.com/?kbid=239088

Check with Brother which one of the native drivers on Windows 2003
is most compatible with the 2070n printer.

I did verify prior to installing the Office Printer that the driver
was not TS compatible. I called Brother and discovered I needed to
use an HP driver.

I scanned the Event log and found no errors of 1111, 1105 or 1106. I
also used the scanning tool downloaded from Microsoft and it also
found no events of those number.

I'm not sure if I'm missing a concept or I've configured it
incorrectly, so I should explain what I've done so far to make sure
I've done it correctly. Currently I do not have the Print Server
Role
installed. I just added the local printer on the main office network
though Control Panel Add Printer.

Do I need to install another driver for the satellite offices
redirection? I'm a bit confused. I was under the impression that on
the remote clients the attached printer had it's driver located on
the
client not the server. If that assumption is incorrect, do I need to
reconfigure how I've set up printing.

If creating a VPN is truly the easy solution I will look deeper into
what I need to do so.

Today I attempted to add the printers manually and that did not work.
I also tried to change the port to an lpt port and that also failed.
Any additional assistance would be appreciated. I don't have a great
deal of experience with Server 2003, but I have been able to
understand/troubleshoot all roll-out problems except this one. It has
now become extremely time sensitive as everyone is moving over to the
Terminal Server in the next week.
 
did you do the remapping in teh .inf file for the printer to the driver
you want to use? is the driver installed? you must get CaSe exactly if
you use the file.

Jeff Pitsch
Microsoft MVP - Terminal Server
Citrix Technology Professional
Provision Networks VIP

Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com

rjcmi wrote:
> I am still in the need for some assistance. I'd like to thank those
> who replied to my previous entry. Here is what I'm trying to do, what
> I've done so far, and some things that people have suggested.
>
> I am an Americorp Volunteer working on a technology infrastructure
> update for an Independent Living Center. This is my first experience
> using Server 2003 and Terminal Server. I have implemented the
> Terminal
> Server and all appears to be working as planned with the exception of
> the following.
>
> We have 4 Satellite offices each one has their own Network Printer.
> (Same Brand, Brother 2070n) These printers are assigned a static IP
> address and are plugged directly into a router. Each client then
> prints to that IP address. The problem I'm having is getting the
> satellite offices to print directly to the printers in their own
> offices while using TS. Currently they print out in the main office.
>
> I have looked at the group and found the following MS Support Article
> locacted here: http://support.microsoft.com/?kbid=302361 (Printers
> That Use Ports
> That Do Not Begin With COM, LPT, or USB Are Not Redirected in a
> Remote
> Desktop or Terminal Services Session) I have followed the directions
> in the article.
>
> I have also attempted to change the printer over to an LPT port.
>
> I still can not get the local Network printer to show on the
> Individual Clients in the Satellite Offices. They are using Windows
> XP with all service packs installed.
>
> In addition I was told the following:
>
> The Brother 2070n driver is *not* a native driver on a Windows 2003
> server. Whatever you do, don't install it on the TS, since most 3rd
> party printer drivers are not TS-compatible, and some are known to
> crash your printer spooler or the whole server. In stead, map the
> printer to a native driver by creating a custom ntprintsubs.inf
> file, as described in KB article 239088.
> http://support.microsoft.com/?kbid=239088
>
> Check with Brother which one of the native drivers on Windows 2003
> is most compatible with the 2070n printer.
>
> I did verify prior to installing the Office Printer that the driver
> was not TS compatible. I called Brother and discovered I needed to
> use an HP driver.
>
> I scanned the Event log and found no errors of 1111, 1105 or 1106. I
> also used the scanning tool downloaded from Microsoft and it also
> found no events of those number.
>
> I'm not sure if I'm missing a concept or I've configured it
> incorrectly, so I should explain what I've done so far to make sure
> I've done it correctly. Currently I do not have the Print Server
> Role
> installed. I just added the local printer on the main office network
> though Control Panel Add Printer.
>
> Do I need to install another driver for the satellite offices
> redirection? I'm a bit confused. I was under the impression that on
> the remote clients the attached printer had it's driver located on
> the
> client not the server. If that assumption is incorrect, do I need to
> reconfigure how I've set up printing.
>
> If creating a VPN is truly the easy solution I will look deeper into
> what I need to do so.
>
> Today I attempted to add the printers manually and that did not work.
> I also tried to change the port to an lpt port and that also failed.
> Any additional assistance would be appreciated. I don't have a great
> deal of experience with Server 2003, but I have been able to
> understand/troubleshoot all roll-out problems except this one. It has
> now become extremely time sensitive as everyone is moving over to the
> Terminal Server in the next week.
>
 
rjcmi wrote:
> I am still in the need for some assistance. I'd like to thank those
> who replied to my previous entry. Here is what I'm trying to do, what
> I've done so far, and some things that people have suggested.
>
> I am an Americorp Volunteer working on a technology infrastructure
> update for an Independent Living Center. This is my first experience
> using Server 2003 and Terminal Server. I have implemented the
> Terminal
> Server and all appears to be working as planned with the exception of
> the following.
>
> We have 4 Satellite offices each one has their own Network Printer.
> (Same Brand, Brother 2070n) These printers are assigned a static IP
> address and are plugged directly into a router. Each client then
> prints to that IP address. The problem I'm having is getting the
> satellite offices to print directly to the printers in their own
> offices while using TS. Currently they print out in the main office.
>
> I have looked at the group and found the following MS Support Article
> locacted here: http://support.microsoft.com/?kbid=302361 (Printers
> That Use Ports
> That Do Not Begin With COM, LPT, or USB Are Not Redirected in a
> Remote
> Desktop or Terminal Services Session) I have followed the directions
> in the article.
>
> I have also attempted to change the printer over to an LPT port.
>
> I still can not get the local Network printer to show on the
> Individual Clients in the Satellite Offices. They are using Windows
> XP with all service packs installed.
>
> In addition I was told the following:
>
> The Brother 2070n driver is *not* a native driver on a Windows 2003
> server. Whatever you do, don't install it on the TS, since most 3rd
> party printer drivers are not TS-compatible, and some are known to
> crash your printer spooler or the whole server. In stead, map the
> printer to a native driver by creating a custom ntprintsubs.inf
> file, as described in KB article 239088.
> http://support.microsoft.com/?kbid=239088
>
> Check with Brother which one of the native drivers on Windows 2003
> is most compatible with the 2070n printer.
>
> I did verify prior to installing the Office Printer that the driver
> was not TS compatible. I called Brother and discovered I needed to
> use an HP driver.
>
> I scanned the Event log and found no errors of 1111, 1105 or 1106. I
> also used the scanning tool downloaded from Microsoft and it also
> found no events of those number.
>
> I'm not sure if I'm missing a concept or I've configured it
> incorrectly, so I should explain what I've done so far to make sure
> I've done it correctly. Currently I do not have the Print Server
> Role
> installed. I just added the local printer on the main office network
> though Control Panel Add Printer.
>
> Do I need to install another driver for the satellite offices
> redirection? I'm a bit confused. I was under the impression that on
> the remote clients the attached printer had it's driver located on
> the
> client not the server. If that assumption is incorrect, do I need to
> reconfigure how I've set up printing.
>
> If creating a VPN is truly the easy solution I will look deeper into
> what I need to do so.
>
> Today I attempted to add the printers manually and that did not work.
> I also tried to change the port to an lpt port and that also failed.
> Any additional assistance would be appreciated. I don't have a great
> deal of experience with Server 2003, but I have been able to
> understand/troubleshoot all roll-out problems except this one. It has
> now become extremely time sensitive as everyone is moving over to the
> Terminal Server in the next week.
>
wow!

my advise.....get NETWORK printers only. VPN between all offices
(ipsec). Try to get HP printers - they are really good. Other good
ones are lexmark, canon, xerox. Try to stick with laserjet printers,
try to avoid inkjet printers (total cost of printing with inkjets is
higher). Standardize on one printer model for all offices (makes
getting supplies and spare parts very easy).


for your situation, an ipsec vpn between all locations would help a lot.
All you need to do then is add the brother network printers to terminal
server and configure the remote desktop clients to NOT show local pc
printer on terminal server session.

good luck,

Oskar
 
I apologize if I seem a bit lacking in experience, but I have no real
concept on how to set up either way that has been suggested. Looking
at the suggested Microsoft Article it states to map that .inf file if
certain event log errors happen. They are not. Looking at the
article since I don't get the 1111 error I can't tell what the printer
name is to create a custom .inf file.

With the VPN I'm not sure how to approach that either. I have no
additional hardware available nor the funds to get any. All the
satellite offices are also on dynamic IP addresses so that would also
affect creating a tunnel I believe.

I appreciate all the help people are giving me. I'm just hoping
someone can explain my next step in a bit more detail.
 
rjcmi wrote:
> I apologize if I seem a bit lacking in experience, but I have no real
> concept on how to set up either way that has been suggested. Looking
> at the suggested Microsoft Article it states to map that .inf file if
> certain event log errors happen. They are not. Looking at the
> article since I don't get the 1111 error I can't tell what the printer
> name is to create a custom .inf file.
>
> With the VPN I'm not sure how to approach that either. I have no
> additional hardware available nor the funds to get any. All the
> satellite offices are also on dynamic IP addresses so that would also
> affect creating a tunnel I believe.
>
> I appreciate all the help people are giving me. I'm just hoping
> someone can explain my next step in a bit more detail.
>

most decent routers today can use dynamic dns for ipsec tunnel.

how to the satellite sites work? do they have broadband or do they use
dialup? you might be better of using the web terminal server setup.

your experience should show you what I meant about using HP printers,
they are an industry standard and JUST work!

I know HP has universal print drivers, I'm not sure about brother.

I'm sorry I can't help anymore, what you're experiencing does get tricky.


Oskar
 
On Jul 4, 2:06 am, news <u...@example.net> wrote:
> rjcmi wrote:
> > I apologize if I seem a bit lacking in experience, but I have no real
> > concept on how to set up either way that has been suggested. Looking
> > at the suggested Microsoft Article it states to map that .inf file if
> > certain event log errors happen. They are not. Looking at the
> > article since I don't get the 1111 error I can't tell what the printer
> > name is to create a custom .inf file.
>
> > With the VPN I'm not sure how to approach that either. I have no
> > additional hardware available nor the funds to get any. All the
> > satellite offices are also on dynamic IP addresses so that would also
> > affect creating a tunnel I believe.
>
> > I appreciate all the help people are giving me. I'm just hoping
> > someone can explain my next step in a bit more detail.
>
> most decent routers today can use dynamic dns for ipsec tunnel.
>
> how to the satellite sites work? do they have broadband or do they use
> dialup? you might be better of using the web terminal server setup.
>
> your experience should show you what I meant about using HP printers,
> they are an industry standard and JUST work!
>
> I know HP has universal print drivers, I'm not sure about brother.
>
> I'm sorry I can't help anymore, what you're experiencing does get tricky.
>
> Oskar


Thanks for the Help Oskar.

All the satellite offices have 1.5 dsl and only about 3-4 users each.
Only one or two of the users will ever be on-line at the same time.

I contacted Brother, it does use a HP Universal drive which is
certified for TS. Locally at the main office it's working perfect.

If I understand correctly, I should be able to create the VPN inside
the router (if supported, I have to check on that) and with dynamic
dns just install the satellite offices printers on the main server,
then make it the default printer for the various users? The printers
are all on static ip's locally. I assume I would then need to forward
a certain port to that printer's IP address. I think I can create the
VPN, it's just getting the information forwarded to the printers

If you can help me with those questions, I would be very grateful.
 

>
> how to the satellite sites work? do they have broadband or do they use
> dialup? you might be better of using the web terminal server setup.

One quick question, If I did go with web terminal server, would that
solve this problem? Would, for example, a word document created on
terminal server then print on the local printer because the user is
working through their local browser? If so, that may be a viable
option to configure.

Thanks again for the help.
 
In article <#s4Kt#dvHHA.4872@TK2MSFTNGP05.phx.gbl>, user@example.net
says...
> my advise.....get NETWORK printers only. VPN between all offices
> (ipsec). Try to get HP printers - they are really good. Other good
> ones are lexmark, canon, xerox. Try to stick with laserjet printers,
> try to avoid inkjet printers (total cost of printing with inkjets is
> higher). Standardize on one printer model for all offices (makes
> getting supplies and spare parts very easy).

We have a lot of clients that became our clients because they could not
get Remote Desktop to map printers to their terminal server/local users.
In the case of each client they had a branch office running on a cheap
residential DSL connection, non-TS compliant printers, and paid large
monthly service fees to the support group that made the mess.

We switched them over to Business Class internet service, installed
cheap SOHO IPSec VPN devices, built dedicated VPN tunnels between the
main office and each remote office, then put all the printers on
JetDirect or other Print servers, installed the printers by IP on the
terminal server and bam, all printers working, no problems, done - we
get a call about once a month instead of the daily calls about T/S
issues. All connections, R/D still use the public DNS name (IP), but the
printers are connected via the VPN Tunnels.

For workers at home, we even setup a cheap IPSec VPN device that they
just power cycle (since it's on a DHCP IP from the ISP) and the device
will connect to the main office for 24 hours before it sometimes
disconnects (hence the power cycle) and they have their own dedicated
VPN from their homes (Managers and remote workers only).

And I agree 100% about HP, they do a lot to provide a list of approved
T/S compliant printers, most of the other vendors provide crappy
printers and crappy drivers. And don't even consider a Lexmark or
Kyocera.


--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
 
On Jul 4, 10:01 am, Leythos <v...@nowhere.lan> wrote:
> In article <#s4Kt#dvHHA.4...@TK2MSFTNGP05.phx.gbl>, u...@example.net
> says...
>
> > my advise.....get NETWORK printers only. VPN between all offices
> > (ipsec). Try to get HP printers - they are really good. Other good
> > ones are lexmark, canon, xerox. Try to stick with laserjet printers,
> > try to avoid inkjet printers (total cost of printing with inkjets is
> > higher). Standardize on one printer model for all offices (makes
> > getting supplies and spare parts very easy).
>
> We have a lot of clients that became our clients because they could not
> get Remote Desktop to map printers to their terminal server/local users.
> In the case of each client they had a branch office running on a cheap
> residential DSL connection, non-TS compliant printers, and paid large
> monthly service fees to the support group that made the mess.
>
> We switched them over to Business Class internet service, installed
> cheap SOHO IPSec VPN devices, built dedicated VPN tunnels between the
> main office and each remote office, then put all the printers on
> JetDirect or other Print servers, installed the printers by IP on the
> terminal server and bam, all printers working, no problems, done - we
> get a call about once a month instead of the daily calls about T/S
> issues. All connections, R/D still use the public DNS name (IP), but the
> printers are connected via the VPN Tunnels.
>
> For workers at home, we even setup a cheap IPSec VPN device that they
> just power cycle (since it's on a DHCP IP from the ISP) and the device
> will connect to the main office for 24 hours before it sometimes
> disconnects (hence the power cycle) and they have their own dedicated
> VPN from their homes (Managers and remote workers only).
>
> And I agree 100% about HP, they do a lot to provide a list of approved
> T/S compliant printers, most of the other vendors provide crappy
> printers and crappy drivers. And don't even consider a Lexmark or
> Kyocera.
>
> --
>
> Leythos
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999f...@rrohio.com (remove 999 for proper email address)


Thanks for the help Leythos.

On your configuration, did you just get vpn enabled routers to create
the tunnell, or did you actually dedicate a PC to be a VPN client/
Print Server at the remote locations? What I'm trying to avoid is a
PC that is sitting there simply to act as a print server. IF I can't
get around that, I'll deal with it as best I can. Management at the
location has stated they did not want a computer to sit there on for
just printing. However, if it's necessary then I'll have to explain
that and get the policy changed.

It has also been suggested to me that I attempt to port forward 9100
to the individual printers, but I'm not quite sure how that would
work.

Thanks again for all the help.
 
rjcmi wrote:
>> how to the satellite sites work? do they have broadband or do they use
>> dialup? you might be better of using the web terminal server setup.
>
> One quick question, If I did go with web terminal server, would that
> solve this problem? Would, for example, a word document created on
> terminal server then print on the local printer because the user is
> working through their local browser? If so, that may be a viable
> option to configure.
>
> Thanks again for the help.
>
>
yes, this is how printing would work on web term server. (uses local
printing).

With vpn printing, you don't need to open/modify any ports on firewall,
ipsec vpn takes care of everything.

when u add printers to term server, you label them clearly
(nyc_invoice_printer, miami_ticket_printer, chicago_report_printer).
This way, people see exactly where they are printing to. Easy for users
and easy for you to maintain.


Hope this helps,

Oskar
 
On Jul 4, 4:04 pm, news <u...@example.net> wrote:
> rjcmi wrote:
> >> how to the satellite sites work? do they have broadband or do they use
> >> dialup? you might be better of using the web terminal server setup.
>
> > One quick question, If I did go with web terminal server, would that
> > solve this problem? Would, for example, a word document created on
> > terminal server then print on the local printer because the user is
> > working through their local browser? If so, that may be a viable
> > option to configure.
>
> > Thanks again for the help.
>
> yes, this is how printing would work on web term server. (uses local
> printing).
>
> With vpn printing, you don't need to open/modify any ports on firewall,
> ipsec vpn takes care of everything.
>
> when u add printers to term server, you label them clearly
> (nyc_invoice_printer, miami_ticket_printer, chicago_report_printer).
> This way, people see exactly where they are printing to. Easy for users
> and easy for you to maintain.
>
> Hope this helps,
>
> Oskar


Is there a licensing issue with connection through either remote
desktop or the web browser? Can I use both or would additional
licenses be necessary?
 
From how I read the original post, you have not installed the proper
drive on the terminal server correct? You have tried to install another
driver to replace it. The .inf file that you brought up will tell
windows to use that driver instead of what the client has.

I admit I may be reading your post completely wrong though....

Jeff Pitsch
Microsoft MVP - Terminal Server
Citrix Technology Professional
Provision Networks VIP

Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com

rjcmi wrote:
> I apologize if I seem a bit lacking in experience, but I have no real
> concept on how to set up either way that has been suggested. Looking
> at the suggested Microsoft Article it states to map that .inf file if
> certain event log errors happen. They are not. Looking at the
> article since I don't get the 1111 error I can't tell what the printer
> name is to create a custom .inf file.
>
> With the VPN I'm not sure how to approach that either. I have no
> additional hardware available nor the funds to get any. All the
> satellite offices are also on dynamic IP addresses so that would also
> affect creating a tunnel I believe.
>
> I appreciate all the help people are giving me. I'm just hoping
> someone can explain my next step in a bit more detail.
>
 
On Jul 4, 5:27 pm, Jeff Pitsch <J...@Jeffpitschconsulting.com> wrote:
> From how I read the original post, you have not installed the proper
> drive on the terminal server correct? You have tried to install another
> driver to replace it. The .inf file that you brought up will tell
> windows to use that driver instead of what the client has.
>
> I admit I may be reading your post completely wrong though....
>
> Jeff Pitsch
> Microsoft MVP - Terminal Server
> Citrix Technology Professional
> Provision Networks VIP
>
> Forums not enough?
> Get support from the experts at your businesshttp://jeffpitschconsulting.com
>
> rjcmi wrote:
> > I apologize if I seem a bit lacking in experience, but I have no real
> > concept on how to set up either way that has been suggested. Looking
> > at the suggested Microsoft Article it states to map that .inf file if
> > certain event log errors happen. They are not. Looking at the
> > article since I don't get the 1111 error I can't tell what the printer
> > name is to create a custom .inf file.
>
> > With the VPN I'm not sure how to approach that either. I have no
> > additional hardware available nor the funds to get any. All the
> > satellite offices are also on dynamic IP addresses so that would also
> > affect creating a tunnel I believe.
>
> > I appreciate all the help people are giving me. I'm just hoping
> > someone can explain my next step in a bit more detail.


Jeff, thanks again for the help.

I don't beleive this is a driver issue. At the main office I was able
to install the networked printer (Brother 2070n) using an HP LaserJet
Driver as instructed by Brother. This printer works perfect. My
difficulty lies with getting the remote office users to print on the
network printers located in their individual offices. Their Terminal
Server Sessions do not bring that local printer in, nor have I been
able to install it manually.

If you have any other idea's I'd appriciate it.
 
In article <1183564032.279912.310340@g37g2000prf.googlegroups.com>,
rodneycraig@gmail.com says...
> Thanks for the help Leythos.
>
> On your configuration, did you just get vpn enabled routers to create
> the tunnell, or did you actually dedicate a PC to be a VPN client/
> Print Server at the remote locations? What I'm trying to avoid is a
> PC that is sitting there simply to act as a print server. IF I can't
> get around that, I'll deal with it as best I can. Management at the
> location has stated they did not want a computer to sit there on for
> just printing. However, if it's necessary then I'll have to explain
> that and get the policy changed.
>
> It has also been suggested to me that I attempt to port forward 9100
> to the individual printers, but I'm not quite sure how that would
> work.

The remote offices are directly connected via VPN Appliance - some are
cheap ones, some are very nice firewalls that work as VPN Appliances.

The printers are connected to the Main Office terminal server via their
IP at the remote office, through the VPN, so that the remote office must
use the terminal server to print to them (you could also setup the IP
based printers on their local computers) - we normally just ship them
Neoware Thin Terminals.

The printers MUST have fixed IP addresses, do not try and forward an
untrusted connection to your printers through a router/NAT - only do
this through a VPN tunnel.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
 
Back
Top