question

ManuelHumbertoGaldamezBarrientos-9129 avatar image
19 Votes"
ManuelHumbertoGaldamezBarrientos-9129 asked DarrenWhitehead-4058 edited

Print server and Print Nightmare update

Hi All,

I'm having issues with some Print Servers after running Windows Updates and installed

2021-08 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5005030)

After the update installation I'm getting the error "Connect to printer Windows cannot connect to the printer. Operation failed with error 0x0000011b" and the printer fails to install.

Is there any workaround to keep Print Severs up and running?

I cannot permanently remove the August update, because the Print Nightmare update will come again in Sept Cummulative Update.

I also tried to revert the configurations using:
“Allow Print Spooler to accept client connections” policy
HKEY_LOCAL_MACHINE \Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint.

Nothing worked. I will appreciate any advice.

Thanks,

Manuel

windows-server-print
· 56
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

This just hit us this morning too. 9/15/2021. No one can print to the network printers.
I removed KB5005613 from our server and rebooted the server and that fixed it. Had to do that at all 8 of our branch offices too.
Microsoft updates seem to be more like hackers. Not professional.

9 Votes 9 ·

We had same problem, just affecting to Windows 7 computers. After uninstalling 15/09/2021 updates
(KB5005613, KB5005627 y KB5005563) and a long reboot, computers were able to print again.

6 Votes 6 ·

We did the same thing, on our PRINTER Server, and it works.

2 Votes 2 ·
Show more comments
Baronduke-9697 avatar image Baronduke-9697 JavierPoloCozar-7884 ·

thank you for help . in my case it was necessary to restart the second server which was on 2016. Windows should not launch a security update for our security.

2 Votes 2 ·
steviefaux avatar image steviefaux JavierPoloCozar-7884 ·

Just removed those 3 on our server and now all working.

0 Votes 0 ·

Some of the KBs you removed are cumulative. Printing may have been restored but so was the PrintNightmare problem and other vulnerabilities.

1 Vote 1 ·

Good point, however availability is part of the security triangle. Hopefully M$ will issue a new KB that patches the vulnerability as well as lets users print.

1 Vote 1 ·
38330931 avatar image 38330931 MikePrice-2508 ·

Same issue. Removed that update, and all devices were able to print after the server was rebooted.

0 Votes 0 ·

Currently experiencing this same issue 09/22/2021. Where a Windows Server 2012 R2 Standard can't add/connect to shared printers. "Connect to Printer Windows cannot connect to the printer. Operation failed with error 0x0000011b"

I don't have any of these KB updates mentioned installed, so basically, I can’t use the uninstallation method which seems to be working for everyone. How do I go about fixing this issue if I don’t have these KB installed already?

NB: There are pending updates which include KB5005613

0 Votes 0 ·

I don't have any of these updates installed on my Server 2019 either tried all suggestions so far nothing

0 Votes 0 ·
Show more comments

My 2k8R2 RDS servers could not connect to my 2k12 Std Print server. I removed KB5005623 from my 2k12 printer server and things came back on line.

2021-09 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5005623)

Installation date: ‎2021-‎09-‎26 13:46

Installation status: Succeeded

Update type: Important

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

More information:
https://support.microsoft.com/help/5005623

Help and Support:
https://support.microsoft.com/help/5005623

0 Votes 0 ·

I've got a good one Microsoft may not actually be devising a fix for this but...
Got the above error with a twist. We don't use PointandPrint... All our (I say "all" when things are running smoothly) printers are published using GPO's to targeted computers, not users. Every computer is named in such a way we can identify groups of computers based on location, department and OS. When a new computer is joined to the domain, the computer is added to several groups. One of the groups they are added to are used for multiple policies. The policies are designed to publish as few as one to as many as a dozen printers to that computer. So there's no user interaction when installing a printer. RestrictDriverInstallationToAdministrators - 0 is being used on a case by case basis for people who absolutely must print to keep our business running. Corporate is going to be some pissed with the AD guy because he can't get printers to deploy any more. Not a fun place to be. Never have I seen something like this before. Oh, there's been inconveniences but never a total blockage. I spun up a new 2019 server and started building V4 ONLY queues with still no joy. This is the crap suicides are made of.

5 Votes 5 ·

Today, 16 September 2021, I got the same problem, cannot print to printer on the server. Fortunately, I read this article and then I can assume what was happen to me, is caused by BAD Windows update. Then, I check Updates history, and find one update installed on 15 September 2021 (Security updates KB5005565). So, I uninstall it, and reboot. And, YES, the printer works normally, ... God Bless Us.. Alhamdulillah, Amiin

4 Votes 4 ·

I Can CONFIRM we had the same Problem and nothing would work , even our Tec couldn't figure it out so i got on this Forum and YES The Above answer Solved our Prob , Deleted the Security updates KB5005565 and restarted and bingo , Printer can connect again..

Thanks

2 Votes 2 ·

Uninstalling KB5005565 may work but this is a cumulative update. i may be wrong but you still have the PrinterNightmare issue. Just trading off risk/problem.

1 Vote 1 ·

What do you think is better, to have the inability to print within your organization, or continue to have PrintNightmare vulnerability? It's not a trade-off at all. Businesses need to print to continue their operations. Obviously Microsoft needs to fix the problem properly. You need to uninstall September 2021 cumulative update on all print servers to get them working again.

3 Votes 3 ·

It is also hepled me too! Thnaks!

0 Votes 0 ·

The correct way to fix this may lie in following this flowchart to ensure that remote exploitation of PrintNightmare is not possible while allowing Point and Print
I will update this later with any progress I find in this. If you can, please do not set RestrictDriverInstallationToAdministrators to 0 as this will make you vulnerable.

-thank you

133726-383432-printnightmare-flowchart-v9.png


3 Votes 3 ·

One more note, I would say you should add the RPC changes to this as well.

https://support.microsoft.com/en-us/topic/managing-deployment-of-printer-rpc-binding-changes-for-cve-2021-1678-kb4599464-12a69652-30b9-3d61-d9f7-7201623a8b25

And

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1678

This is what I primarily mention above and what seems to have triggered an influx of complaints.

1 Vote 1 ·

Awesome, I am building up a guide for my org and will use this.

From what I see most people are getting servers updated then reporting the clients can't print. So they uninstall the servers updates and volia. I'm not fully sure of the clients being unable to print if the server is updated already as well. But the aforementioned issue appears to be the main culprit. This Sept update made an enforcement change on the Jan updates for the Auth protocol of the Print Spooler to the Server/Client relationship. So the value is being set from the default of 0 as non enforcement to 1 with the Sept updates. I haven't run into this problem directly but was following this thread due to the Admin install prompt issue which is unrelated to the Sept updates issue. The unfortunate situation here is Microsoft has poorly communicated the Print Nightmare fixes. But they have slowly updated their primary Point and Point document to detail the needed changes. They have yet to deal with the V3 GPO issue, although mentioned now doing a manual compare of the users driver files. Alas. I set the Auth protocol to 0 through GPO and updated my server. Then installed the latest updates on a client and server. No issues printing. I tested on a non updated client and no issues printing as well. This is due to me changing the enforcement level for the Auth change. I suspect when I change the Auth level back to 1 as Enforced per Microsoft then those client machines won't print because they are not up to date.

Soooooo confusing. Your flow chart is very helpful!

0 Votes 0 ·

Credit goes to Will Dormann twitter @wdormann for this flow chart, I'm just sharing it here.

1 Vote 1 ·

IIf you really want really answers for this issue:
https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

Read also
https://support.microsoft.com/en-us/topic/managing-deployment-of-printer-rpc-binding-ch[…]e-2021-1678-kb4599464-12a69652-30b9-3d61-d9f7-7201623a8b25

After the later link enforcement with septermber updates all MAC-, Linux- and windows-clients printing ability was disabled.
When client tries to communicate unsufficient authentication method the server responsed access denied with unproper error message.
There might be a firewall configurations to prevent proper communications in environments where only 445/TCP is enabled, some organizations doesn't like to approve unintended high ports communications with TCP nor UDP.
MS has now triggered something that no-one was prepared to deal with and haven't shared enought documentation how to properly configure these services to communicate how they want them to communicate

.When only 445/TCP open, it is not enough ?
Should we open the high ports, is there any answer? which TCP or UDP to establish the correct communication?
IIn documentations of printing services there is ability to configure your print server to communicate only with 445/TCP, but this breaks now with the newest security update...
So you should enable high ports 49152-49158 tcp ???
Do we need to enable those documented udp ports also with 445 only enabled servers? that have the registry tweak to support non udp communications?

2 Votes 2 ·

I especially like the part about "If you find issues during testing, you must contact the vendor for the affected client or server software for an update or workaround before early 2022."

yeah just push these issues out to the manufacturers, that sounds like a good idea....

I have had issues here with Brother printers, however they are not as severe. Some application calls seem to work while others fail. Our issues appear to be related to our Azure Active Directory in some way, but I haven't gathered any evidence for this yet. I believe it is a permissions issue, as I've experienced no problems with administrator accounts.

1 Vote 1 ·
Show more comments
RickoT-NOAA avatar image
0 Votes"
RickoT-NOAA answered

yeah, it seems to be having limited success in real-world application, as usual everything works great in test!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JovanM-5008 avatar image
0 Votes"
JovanM-5008 answered

I have a printer connected to one computer and other users accessing it, the shared printer. I had same error on installing it: 0x0000011b. Printer connected to win10 computer and accessed from win7 computer. I tried to add RestrictDriverInstallationToAdministrators=0 key to registry on Win7 and win10 computers but it did not work.

I ended up uninstalling update KB5005565 ( includes KB5005033 and it includes KB5005030). I was able to install printer on Win7 computer after that

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MathiasLindqvist-8008 avatar image
0 Votes"
MathiasLindqvist-8008 answered AllinaceZ-6457 commented

Having this issue as well. Deployed all these reg keys via gpo but im still not able to deploy the printers via GPO. Tried both per user and per machine. Can't add printer via \\SERVER\printer either, gives me error 0x0000011b.

Only way thats working is to add the printer with IP on the client but i dont want it that way.

What can I do??

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

i faced same issue and after Uninstalling the windows update KB5005613 everything working well.

1 Vote 1 ·

Can confirm. Uninstalling KB5005613 fixed the issue for me as well.

1 Vote 1 ·

Uninstall update KB5005565 resolve problem

1 Vote 1 ·
AllinaceZ-6457 avatar image
0 Votes"
AllinaceZ-6457 answered AllinaceZ-6457 commented

today i have the same situation with shared printers after update KB5005565

no access to shared printers

error 0x0000011b

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Uninstall update KB5005565 resolve problem

1 Vote 1 ·

Same here. Exact same.

0 Votes 0 ·
AmgadToma-6914 avatar image AmgadToma-6914 MathiasLindqvist-8008 ·

i faced same issue and after Uninstalling the windows update KB5005613 everything working well.

1 Vote 1 ·
EnjuAnasenko-7087 avatar image
1 Vote"
EnjuAnasenko-7087 answered AllinaceZ-6457 commented

Same problem here with a printer shared on local network. Tried everything here I think and it still doesnt work.
PC1 has the printer connected to it and sharing.
PC2 after I tried removing the borked one can no longer install it with error 0x11b.
PC2 can see the other machine just fine and browse the shared files as well.
Both have admin accounts and the update KB5005565, what the hell?
UPDATE1: Even after adding it manually with local port and assigning driver it still doesnt work.
UPDATE2: Soo yeah uninstalling update KB5005565 on our 70~ or so machines worked like a champ. Thanks Microsoft.
Have to deal with the consequences still today as well zzzzz

· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

This just hit us this morning too. 9/15/2021. No one can print to the network printers.
I removed KB5005613 from our server and rebooted the server and that fixed it. Had to do that at all 8 of our branch offices too.
Microsoft updates seem to be more like hackers. Not professional.

2 Votes 2 ·

Can confirm. Uninstalling KB5005613 fixed the issue for me as well.

0 Votes 0 ·

i faced same issue and after Uninstalling the windows update KB5005613 everything working well.

1 Vote 1 ·

where did you find this update? I can't see it in the uninstall update list.

0 Votes 0 ·

You need to uninstall it on the print server, not on the client

1 Vote 1 ·

Uninstall update KB5005565 resolve problem

0 Votes 0 ·
ViniciusDellAglio-5279 avatar image
0 Votes"
ViniciusDellAglio-5279 answered MarlboroMan-9640 published

Hi all,

After patch tuesday yesterday nobody can print in the company, everybody gets a mix of access denied / administrator restricted the printer / 0x0000011b

Updates installed:
KB5005573
KB5005698

Any ideas are very welcome!

Thanks in advance

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi All,
on Server 2016 i have to remove the KB500573 to get all computers printing.

Best Jan

2 Votes 2 ·

Yes I had this issue this morning after last nights update. Uninstalling this on our 2016 Server, printing resumed working. The update is no good.

Thanks!

Uninstalling the Cumulative Update for 09-2021 KB5005573 for Server 2016 as a print server restored printing. This was the only update I needed to uninstall.

0 Votes 0 ·

I have same updates - I uninstalled KB5005573 and computer is busy restarting as I type this - currently sitting on "Working on Updates" 100% complete - Taking a long time - but while waiting for update removal to complete it did resolve my printing issue.

1 Vote 1 ·
GW-0455 avatar image
0 Votes"
GW-0455 answered KaniSP-1325 commented

Happened to us too today after 2021-09 Security Monthly Quality Rollup on our 2012 R2 servers.
It seems if we have KB5005613 installed on the server, and KB5005565 installed on the client (Win10 64-bit), we have no printing issues.
If we don't patch up the client, then the only way to make it work is to reinstall use IP or roll back the KB5005613 on the server.
Wondering if they have to be 'paired'? Anyone else tried this?

Thanks!

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Good update and Helpful. If we get some update from Microsoft team it would be great

1 Vote 1 ·
MarkK-7817 avatar image
0 Votes"
MarkK-7817 answered

After seeing all of the posting from today about the September patches, we tested our environment.

Print Server is 2012R2 and workstations are Win10 1909 or 20H2. On our 2012R2 we are installing the Security Only patches, not the rollups. In our lab, tested as is which is the RestrictDriverInstallationToAdministrators - 0 set, and we could load drivers and print. Loaded just on the server KB5005627, and we were still able to load drivers and print.

Maybe something in the additional items in the Rollup over the Security Only.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KGibs42-7244 avatar image
0 Votes"
KGibs42-7244 answered

I had this same issue on one of our few Windows 10 Pro 1903 machines left, once upgrading to version 21H1 the issue is resolved.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DougMcElroy-4366 avatar image
0 Votes"
DougMcElroy-4366 answered DougMcElroy-4366 commented

All these answers are well and good for IT pros and developers, but what about a bootstrap yokel running three computers sharing three printers of different kinds, and suddenly one of them just quits responding on the network? The 0x0000011b reference is a huge help when I am being told to go fiddling around in my registries... Maybe I should just pour a Coke onto my cpu and see if that works?

· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Doug, thus 0x0000011b may be related to the just deployed patch Tuesday updates. I would uninstall KB5005613 in all devices.

0 Votes 0 ·

So KB500565 is the last update installed (yesterday). No sign of KB5005613.

0 Votes 0 ·
MarkK-7817 avatar image MarkK-7817 DougMcElroy-4366 ·

KB5005565 and KB5005613 are both 2021-09 updates, just for different versions of Windows.

KB5005565 for Windows 2004 and beyond
KB5005613 for Windows 8.1 and Server 2012 R2.

You can see those difference in the Microsoft Update Catalog
www.catalog.update.microsoft.com

0 Votes 0 ·
Show more comments

Uninstall update KB5005565 resolve problem

0 Votes 0 ·
Show more comments

Trust me, we feel your pain too. You have a handful of people and computer that don't print, we have a handful of locations with multiple people and computers that won't print. Large or small, both case, they are all asking us what is the problem.

The Coke on the CPU might make the problem a little worse, though at times it might feel like possibly not by much.

Use the Mexican Coke with real sugar. The stuff with artificial sweetener might give you artificial results.

0 Votes 0 ·