Scan to folder across subnets/VLAN’s no longer works

We have a Sharp copier scanner set up on address 172.20.20.200 and a Windows 2008 file server with network shares IP – 172.20.10.82. Up until a week ago we could scan from the copier directly to a folder on the Windows server, no trouble. It has been set up this way for years. This week, scanning to the folder on the server no longer works. Everyone else on network via Windows (7) can access the shares from any subnet (VLAN) – those all still work (mapped drives). Another scanner on a different subnet, IP 172.20.70.200 cannot scan to the Windows server as well and it used to work fine also. The error on the copiers are

Cannot connect to server

. Turning the firewall off on the server makes no difference.

Pinging the server from the scanner works perfectly when the scanning to server does not. A traceroute from the server to scanner:

Tracing route to 172.20.20.200 over a maximum of 30 hops
  1    <1 ms    <1 ms    <1 ms  172.20.10.1
  2    <1 ms    <1 ms    <1 ms  172.20.20.200
Trace complete.

If I change the address of the scanner, and the VLAN port the scanner is on to be on the same subnet (10), say make IP 172.20.10.233, scanning works! I did a packet capture of both instances (172.20.20.200 and 172.20.10.233) and the only difference is that when the scanner is on a different subnet it does a NBSTAT but does not get a reply:

1759    43.589860    172.20.20.200    flsr1.ournet.local NBNS    92    Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>

as opposed to when it is on the same subnet as the windows server and does get a reply back:

6619    75.384317    172.20.10.233    flsr1.ournet.local NBNS    92    Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
6620    75.384554    flsr1.ournet.local    172.20.10.233 NBNS    217    Name query response NBSTAT

The configs on our switches (Cisco 2960's & 3750) have not changed. What else should I be looking for?

RESOLUTION:

A Windows update ( https://support.microsoft.com/en-us/kb/3161949 ) removed SMB over NetBIOS functionality. From the security update notes:

After you install this security update, the following changes are applied:
NETBIOS communication outside of the local subnet is hardened. Therefore, by default, some features that depend on NETBIOS (such as SMB over NETBIOS) will not work outside the local subnet.

Removing this update restored scanning to server.

Best Answer

The proper resolution to the problem is listed in the article quoted:

To change this new default behavior, create the following registry entry: SUBKEY: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters Value Name: AllowNBToInternet Type: Dword Value: 1 Default value of the flag: 0

RESOLUTION:

Best Answer

Related Solutions

Windows – Is NetBIOS really gone on Windows

Unable to connect to second name of Windows 2008 Server R2 machine from XP

Related Topic