We have a MFC – Kyocera Bizbub C284.
On a 2012 server, we have a share called scan, and a local account called scanner.
No matter what combination of username I try, (scanner, \scanner, SERVER\scanner) I'm unable to scan to SMB as it fails with an authentication error, and yes, I have the correct password 🙂
When I use my domain account (DOMAIN\userid), I can scan to the same share without issue.
I have manually mapped the share using the local account, and verified the scanner account has read/write/delete access to the share.
We also have a 2008 server, using a local account SCAN to SMB from the same MFC works.
I've done a bit of research and it appears might be related to be the hardening of the WS2012 environment, however don't understand why a domain account works and a local account doesn't. I'd expect it to work or fail on both accounts, not be mutually exclusive.
Best Answer
When you use a domain account you authenticate with Kerberos. With a local account it uses NTLM v1 or v2.
The copier is probably using NTLM v1 which is disabled on server 2012. Look in the copier's network / SMB settings and see if you can change authentication to NTLM v2. See if this helps: http://manuals.konicaminolta.eu/bizhub-C554-C454-C364-C284-C224/EN/contents/id08-0082.html
Otherwise, you can temporarily enable the insecure NTLM on the server through local security policy.
The policy is here:
Computer Configuration\Windows\Settings\Security Settings\Local Policies\Security Options\Network security: LAN Manager authentication level- Set to use NTLM v1.The opposite of here: http://m.windowsitpro.com/security/configuring-servers-use-ntlmv2