Skip navigation
All Places > Knowledge Base & Downloads > Blog > 2013 > December

When trying to install a package, the install fails with the error message "The printer driver is unknown".

The driver is included in the client installation package, and has installed successfully (no errors).
You can also create a printer manually with that print driver without any trouble.
This can happen if the driver's name string contains leading or trailing spaces in the .INF file.

Check your printer driver's .INF file to see if it contains leading or trailing spaces inside quotes.

If this is the case, you should be able to work around the problem by removing these spaces in every occurrence throughout the file.
Once this is done, reinstall the driver on the server and make sure your printers and queues are set to use the new driver.  It may be easier to remove the queues, printers, and the driver completely and re-create them to avoid mistakes.

NOTE: You'll need to rebuild the package.

A few different issues have recently been identified with Secure Release Here in the current 8.1 Print Server.


  • Jobs on one Print Server may not successfully delete from a station or terminal associated with another Print Server. Instead you receive this message:
    The print job is already being printed or deleted by the Print Server. Please refresh the view.
  • A color job on one Print Server may show with only the mono cost on a station or terminal associated with another Print Server.
  • A station or terminal on one Print Server that does not service any compatible queues may show jobs waiting in compatible queues from another Print Server. These jobs will not successfully release, however.


These problems have been fixed in the Print Server revision 60, available at Uniprint 8.1 Service Packs and Hot Fixes

What do I need to know about upgrading MSDE 2000 with Uniprint installed?


Before upgrading your MSDE installation, you should stop all Pharos services.

SQL Server 2000

On the Installation Selection page of the setup wizard, you should select the Upgrade option. If necessary, select the appropriate instance to upgrade. Typical MSDE installations will only have the default instance.

SQL Server Express

You must uncheck the "Hide advanced configuration options" checkbox on the Registration Information page of the installation wizard. Once you reach the Instance Name page, select the Default Instance radio button, and then check the box for your MSDE engine on the next page (in most cases, there will only be one checkbox). Continue through the wizard as per your requirements.

SQL Server 2005

Microsoft does not offer a direct upgrade path from MSDE 2000 to Server 2005. To move to 2005, you will need to first upgrade MSDE to either SQL Server 2000 or SQL Server Express as above.

Addional Information

Microsoft TechNet: Upgrading MSDE 2000 to SQL Server 2005 Express

When you print to a queue using an area charging job cost method, you may find the charge does not match expectations.

For example, an 8 inch long job on a 20 inch wide plotter will charge for 20 inches.

This is a limitation in the current area costing. As there is no way to determine which dimension of the job is the width versus the length, the system charges for the longest measurement.

A JobCost script can be used to alter this behavior, and an example is attached below. For sites that do not already use a costing script, this should be all that is required.

Note that the script requires some additional database setup - please read the documentation at the top of the script carefully.

Due to architectural changes in the job costing system, this workaround requires Uniprint 7.2.

I need to disable the SignUp Client on some of my workstations for maintenance, and don't want to uninstall.  How can I do this?


The process is different depending on the client operating system.

  • Windows XP clients:

    Change the following registry value to "MSGina.dll" instead of "NTGina.dll" and reboot.

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL

    Change the value back to "NTGina.dll" to restore the client.

  • Vista and Windows 7 clients:

    Run this command as Administrator:

    regsvr32 "%PROGRAMFILES%\Pharos\Bin\SUCredentialProvider.dll" /u

    To re-enable the client, run:

    regsvr32 "%PROGRAMFILES%\Pharos\Bin\SUCredentialProvider.dll"

When the user tries to export a report in RTF format, they receive an error "Unable to export the report.  Failed to export the report".


Two Crystal Reports DLL files need to be registered using REGSVR32.


They are EXPMOD.DLL and CRTSLV.DLL, and are usually found in:

%PROGRAMFILES%\Seagate Software\Shared



The Pharos Omega PS150 can be configured with an optional magnetic swipe card reader. In some environments users have reported transient failures in card reader operation. This has been traced to RF interference between the card reader and other RF noise generating components in the environment (such as the PS150 SmartPAD and the MFP itself). It has been determined that grounding the Card Swipe Mounting Bracket used to attach the card swipe reader to the SmartPAD can significantly reduce this interference and resolve the problem. This document outlines the process of retrofitting an existing Omega PS150 with card reader to apply the grounding strap.

To obtain grounding straps please email


Step 1: Remove one mounting bracket screw


Power off the Omega PS150 and unmount the Smart PAD. Turn the SmartPAD over to access the back. Remove the screw in the lower left that is used to mount the mounting bracket to the smart hub.


Step 2: Strip black coating from a screw hole on mounting bracket


Using a file or rotary tool expose the metal surface under the black finish coating around the opened hole. This ensures that the grounding strap makes electrical connection with the underlying metal. The black finish coat is an insulator.


Step 3: Attach flat connector of grounding strap


Using the screw removed in step 1, attach the flat connector of the grounding strap through the mounting bracket into the SmartHUB.


Step 4: Wind grounding strap wire on monitor cable


Wind the grounding strap wire loosely around the monitor cable.


Step 5: Connect bent connector of grounding strap to cable

Using the supplied screw, attach the bent connector of the grounding strap to the small screw hole in the monitor cable connector. You must disconnect the connector in order to access the screw hole. Once the grounding strap has been connected, reattach the monitor cable connector.

The problem occurs when a Pharos Station has an ITC magstrip reader (ITC1015) attached to debit funds from ITC cards.

Users can log on to the Pharos Station, see their jobs and see their correct unit balance. When a user clicks their job, it page counts correctly and displays the correct number of units to be debited.

The card is debited and the card goes out and comes back into the reader (for write verification).

At this point there is a pause, then the Pharos Station shows an error (Cannot write balance) that the card could not be debited and the job is NOT released. However the card is debited.
The ITC reader needs to be configured for use with a Pharos Station, rather than the ITC system.

Modifying the DIP switch settings inside the ITC card reader:

Dip Switch number 8 on Bank 3 needs to be in the OFF position for use with Uniprint.

Make this change and the ITC reader will work correctly with the Pharos Station.

The pagecounter returns "Custom" as the paper size for any paper sizes it does not recognize.'

If jobs are being reported as “Custom” when they should in fact be one of the standard paper sizes, you may need to create and configure the following registry key on your Print Servers:

HKEY_LOCAL_MACHINE\SOFTWARE\Pharos\Page Counter\Paper List

This string value can be set to a comma-delimited list of media sizes (e.g. “A3,A4,A5”) - only sizes in the list will be recognized. The order of the list is not important.

The reported size will be the smallest size on the list that is at least large enough to hold the page. If no size on the list is large enough, the media size will be reported as “Custom”.

1.  Obtain a copy of DebugView from this location:

2.  Run DbgView.exe on the Popup Client machine. Check the Capture menu, and be sure that "Capture Win32" and "Capture Events" are both enabled.

3.  Select "Log to File" from the File menu and provide a suitable filename.

The various Popup Client components will log to both the file and the DebugView window until DebugView is closed.

When adding a printer to a new Pharos Print Server, the Pharos Administrator might display the error message:

"Error adding printers in Administrator: Unable to load the list of print drivers. The RPC server is unavailable."

No network issues are apparent.
This occurs when the Printers folder is not visible on the network, because no printer has yet been shared on the system.

To resolve the issue, create a dummy printer on the new server and share it. The dummy printer can be deleted immediately, as long as the server is not rebooted before a real shared printer object (such as a Pharos Spool Queue) is added.

When you run the PharosLicenseUpgrader, you receive the following message:

The registry file name in [directory] doesn't look right.
Pharos License Upgrader cannot proceed.


This happens because the License Upgrader expects a site code of six letters followed by two digits. This error is shown when the upgrader finds a registry file that doesn't match this pattern. You might see this error in two cases:

1.  You have other registry files in either the same folder as PharosLicenseUpgrader.exe, or in your Pharos\Bin directory. In this case, it is recommended you move the upgrader executable and the correct license file to a new folder.

2.  You have a five letter site code. In this case, you can work around the issue by adding an extra letter to the registry filename.

For example: SCODE99.REG could be renamed to STCODE99.REG or SCODEX99.REG.

The filename must be exactly six letters, and two numbers.

Adding an additional letter to the registry file name will not affect your actual site code, and will not cause any trouble with license renewals in the future.

What impact do these orphaned spool files have, and how should I deal with them?


Sometimes the Windows Print Spooler service fails to delete a spool file when a job is removed, because some other process is still using the file.  The matching .SHD file is deleted, and the job is not displayed in the print queue, but the .SPL file still exists.


This has the potential to cause a problem when a new job is submitted via the Pharos LPD Server with the same ID.  The new job is created for the user, but the user receives the old job data instead.


This issue was addressed in Uniprint 8.1.  For older systems, a batch file can be scheduled to run periodically to detect and remove these orphaned jobs.  An example batch file is attached.

Clients can connect to Uniprint 8.1 services using the virtual server name or IP.


Clustered services that initiate outward connections will use the IP address of the active node as their source address, and not the virtual IP assigned to the cluster group.  Any firewalls that need to be configured (e.g. client firewalls allowing Cost Acceptance messages) will need to allow traffic from any of the individual nodes.


This is a known limitation of the current design, and is being reviewed for possible inclusion in a future release.

After an upgrade of the Popup Server, the Popup Client is upgraded but no longer works. A "connection timed out" error is displayed. Normal troubleshooting reveals no network connectivity problems.


The upgrade of the Popup Server may have failed. Check in the Windows Registry [HKEY_LOCAL_MACHINE\SOFTWARE\Pharos\..] for the Popup Server Installed Components key and verify that it is the correct build. Also, verify the version of the Popupsrv.exe file directly.

If not correct the upgrade failed and will need to be run again.

The 6.1 License Server fails to start after installation on a 2003 SP1 machine.

Logging returns only the message "caught a general exception" with no additional information.

The Data Execution Protection (DEP) feature in Windows 2003 SP1 is aborting the License Server process. This is covered in the Windows 2003 TechNote, but unfortunately not the one on the 6.1 documentation CD.

The LServer.exe must be configured as an exception to DEP (see the attached Windows 2003 TechNote for details).

After changing the Regional Settings for Currency, clients still receive Informed Print messages with the original format. How can I change Informed Print messages to use a different currency format?


The Pharos services by default run as LocalSystem. This account uses the Default User profile, so changes made while logged in as another user will not affect the services. The Default User profile can be adjusted by following these steps in the Regional and Language Options control panel applet, after you have made the required changes:


  • For Windows 2003 Server:
    1. Select the Adminstrative tab.
    2. Enable the 'Apply all settings...' checkbox and click OK.
    3. Restart the Pharos Print Server service.
  • For Windows 2008 Server:
    1. Select the Administrative tab.
    2. Click 'Copy to Reserved Accounts'.
    3. Enable the checkbox for System Accounts and click OK.
    4. Restart the Pharos Print Server service.

The EDI URL changed in Uniprint 8.1.  Previously it was in this form:



The new form is:



Additionally, the pedi.wsdl file no longer exists.  The WSDL description of the service can be viewed through this URL:



If your IMFP software does not allow you to specify an EDI URL, you may need to contact Pharos Support to obtain a newer version of the software.

When clients attempt to log on using the NT logon plug-in, they may be refused with a message saying the domain controller is unavailable. This may also be accompanied by unusual Kerberos errors in the event log, including a mention of KDC_ERR_BADOPTION.This can occur due to the emulation of NT4-style domains in a Windows 2000 or later Active Directory domain if the delegated NT4 authentication system is unavailable or cannot contact the AD domain controllers.

A good workaround is to switch to the Pharos Active Directory LDAP plug-in and bypass the NT4 system. Contact Pharos Support to obtain this plug-in.

When I try to view the recent activity for a user in Pharos Remote, I get a 500 error with the message "Object reference not set to an instance of an object".  How do I fix this?


When applying Pharos 8.0 Hot Fix 4, the transaction_list_detail1.sql file may not have been applied, or may have accidentally been applied to the wrong database.

Run the SQL query again and ensure that you are running it against the Pharos database.

After the Print Server has been running for a while, some new jobs do not appear in the list on Pharos PC Stations or other Print Release devices.

Once the server is restarted, the jobs appear as normal. How can we fix this?


Pharos Systems have identified a problem with job arrival that occurs under the following conditions:

  • Jobs are regularly released with Pharos Remote.
  • The 'charge user' box is explicitly unchecked.


When the Job ID for one of these uncharged jobs is "recycled" by the printing subsystem, the Print Server will incorrectly ignore this new job. A fix for this problem has been released and can be downloaded from the 8.1 hotfix page.  The hot fix is now the recommended way to solve this issue.


The following workaround is left for reference.

A workaround is to always leave the "charge user" box checked when releasing jobs with Pharos Remote. However, this can cause problems if the user a) does not exist in the Pharos database, or b) you do not want the user's account to be debited. To get around this issue, a billing script can be applied to the Pharos Remote bank to bypass regular billing. An example script is attached.

Note: This script will bypass ALL billing done through Pharos Remote. Customers who use a mixture of charging and not charging when printing jobs with Pharos Remote should contact Pharos Support for advice.

It is highly recommended that you plan for the new Print Server to have the same hostname as the old one. Changing the name of the print server requires changes to installed popup clients and packages, and may affect other printing clients too. On systems older than 8.0, you may also need to re-use the IP address for the new server.


A tool is available from Microsoft, called the Print Migrator. Version 3.1 can be found here:
Microsoft Print Migrator 3.1


This tool will save details of all printer objects on the old server, such as drivers and print processors, to a file that can be restored on the new server.


To replace your server with a new one, follow these steps:

  1. Stop the Pharos Print Server service on your current Print Server.
  2. Use the Print Migrator tool to backup your printer configuration.
  3. Either shut down the system, or change the hostname and IP address.
  4. Alter the replacement server so it has the old hostname and IP address.
  5. Use the Print Migrator tool to restore the printer objects.
  6. Install the Print Server role from the Pharos product CD.


Once complete, the new Print Server should resume operation, and your clients should be able to print without modifications.

It is highly recommended that you plan for the new SignUp Server to have the same hostname as the old one. Changing the name of the SignUp server may require changes to every affected SignUp client. On systems older than 8.0, you may also need to re-use the IP address for the new server.


To replace your server with a new one, follow these steps:

  1. Stop the Pharos SignUp Server service on your current SignUp Server.
  2. Either shut down the system, or change the hostname and IP address.
  3. Alter the replacement server so it has the old hostname and IP address.
  4. Install the SignUp Server role from the Pharos product CD.


Once complete, the new SignUp Server should resume operation, and your clients should be able to login or create reservations immediately.

Pharos Remote is a web application, and as a result it does not use the server's Regional Settings to determine currency format.


To change the currency symbol, you need to edit the culture settings in IIS Manager:

  1. Open the properties for the Pharos website
  2. Select the ASP.NET tab
  3. Edit Global Configuration
  4. Select the Application tab
  5. change the Culture and UI Culture settings to the desired value


For example, select en-GB for both settings to display currency values in pounds.


To adjust the number of decimal places displayed:

  1. Edit Inetpub\wwwroot\Pharos\BusinessAreas\Accounts\Dialogs\ViewAccountTransactions.aspx
  2. Search for this line:
  3. Change the digit 2 to the required number of decimal places and save the file

There are many, many possible causes and variations, but from the IIS perspective, the top-level, logical categories are fixed. This information can help dramatically narrow down the scope of any investigation, but unfortunately, few people know to take advantage of this information. This is what I am going to address with this entry - how to use and diagnose the 401.x error codes on IIS.

Step 1: Determine the SubStatus Code

When you get a 401 response in the browser from IIS and you want to troubleshoot it, the first thing you should do is determine what "type" (i.e. HTTP substatus) of 401 it is.

Starting with IIS 6.0, the IIS web log files located at:


record both the HTTP status and substatus code, which when combined with the Win32 error code can aid to troubleshoot many 401 errors. The W3C log entries look like the following, with the HTTP status, substatus, and Win32 error codes highlighted.

#Software: Microsoft Internet Information Services 6.0#Version: 1.0#Date: 2005-05-21 05:39:27#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status 2005-05-21 05:39:27 GET /VirtualServer/VSWebApp.exe view=1 1024 WEBBROWSER\User Mozilla/4.0+(User-Agent) 200 0 02005-05-21 05:39:27 GET /VirtualServer/scripts/VSScripts.js - 1024 - Mozilla/4.0+(User-Agent) 401 2 52005-05-21 05:39:27 GET /VirtualServer/scripts/VSScripts.js - 1024 - Mozilla/4.0+(User-Agent) 401 1 21480742542005-05-21 05:39:27 GET /VirtualServer/scripts/VSScripts.js - 1024 WEBBROWSER\User Mozilla/4.0+(User-Agent) 304 0 0

You can also get the substatus code from the HTML response itself, but web browsers like Internet Explorer have options like "Show Friendly HTTP Errors" which obscure the detailed error response by making them "simple" and "user friendly", so if you want the real error response, you need to turn off that option.

Unfortunately, prior to IIS 6.0, the IIS web log files are useless in distinguishing 401 substatus because it does not even record it. Your only option is to figure this out from the HTML response itself, assuming the 401.x Custom Error pages for that URL's scope are configured to send different HTML pages for each type of error.

Step 2: Determine Course of Action

Once you have determined the HTTP substatus code, you can start narrowing down the types of failures and causes. The following are the fixed categories that IIS reports. I will give detailed explanation of what each means as well as some common causes/solutions (obviously not exhaustive).

401.1 Denied by Invalid User Credentials

This error indicates that IIS failed to obtain an NT user token with which to execute the request.

In a nutshell, IIS expects to have a NT user token at the end of Authentication (even anonymous authentication - see this URL for details), and if this does not happen, you get 401.1.

Some common causes include:

  • The client gave the wrong username/password (including none at all). This could be from incorrect cached auto-login attempt by the browser, or from a user login dialog from the browser.
  • Invalid Kerberos configuration - on IIS6, if you have a customized Application Pool Identity AND Integrated Authentication is used AND the web server is in a domain, you will mysteriously get 401.1 unless you configure SETSPN *or* change Integrated Authentication to favor NTLM. See the following URLs on Application Pool Identity , Integrated Authentication in IIS , and Constrained Delegation configuration as well as this URL on additional Kerberos-related troubleshooting for more information
  • You enabled Anonymous authentication, yet you still get 401.1 for all requests. One common cause is if the configured anonymous user credentials stored in the IIS metabase configuration file is DIFFERENT than the user principle's credentials in reality (i.e. mismatched password). In all cases, the preferred solution is to manually synchronize the username/password of the anonymous user principle in IIS with that of the real user principle. I have seen many amazing variations of this cause, including:
    • For testing purposes, the user types in his/her OWN username/password as anonymous user credentials at some point in the past and forgets about it. Later, when password policy forces them to change their password, the anonymous user credentials stored in IIS configuration is now mismatched with reality. On subsequent anonymous requests, IIS fails to login and obtain a NT user token for anonymous authentication and fails with 401.1, and it looks like IIS is just plain buggy and could not even support anonymous authentication.
    • I have also seen the reverse happen - user configures IIS to use their username/password as anonymous user, and when they changed their password, web server traffic quickly causes IIS to incorrectly login with wrong user credentials too many times, causing their user account to be locked out. These users now complain that their user account is mysteriously getting locked out as soon as it is unlocked, even before they log in anywhere.
    • On upgrading from IIS 5 to IIS 6, IIS Sub Authentication (i.e. the "allow IIS to control anonymous user's password" feature) is enabled by default for compatibility. This allows IIS to log in the anonymous user principle without actually keeping the user credentials in sync, and anonymous authentication looks good while in IIS 5 Compatibility Mode. However, as soon as you switch into IIS 6 Worker Process Isolation Mode, Sub Authentication is disabled because it requires a privileged process identity like Local System (which is a known and quite unnecessary security risk for the lowly purpose of password sync). This means that IIS 6 now tries to log in the anonymous user credentials stored in the metabase, which has probably NEVER been kept in sync with reality through the upgrade... and you now get 401.1 for every single anonymous request. To a casual user, it looks like switching into IIS 6's native mode simply breaks anonymous authentication and the rest of the website.
  • The server has been reconfigured to deny necessary login privileges for the authenticating user or its containing group (either anonymous or through some authentication protocol). This can be done through automated re-application of Group Policy for domain members, DCPROMO to/from Domain Controller, or static application of security templates. What ends up happening is that the server-side reconfiguration may remove Local/Remote Login rights for that user, impose new restrictions (like Login hours, Logon type), etc... preventing IIS from successfully logging in the user to execute requests and resulting in 401.1.
  • Your event log could be full for some reason - see KB 832981 .

401.2 Denied by Server Configuration

This error indicates that the web server is configured to require certain authentication protocols for communication, but the browser failed to use any of those authentication protocols. The corrective action should be to either configure to require an authentication protocol acceptable to the client, or use a client that satisfies the server authentication protocol requirements.

  • A common cause of this issue happens with the older Netscape/Mozilla browser clients and an IIS web server configured to require Integrated Authentication. These browser clients did not understand Integrated Authentication, so when IIS required Integrated Authentication and the browsers repeatedly ignored those responses, IIS will return 401.2 indicating that the browser failed to use an authentication protocol required by the server. Newer Mozilla browsers like FireFox do not have this deficiency.
  • Another possible cause is when using Integrated Authentication over the Internet. Integrated Authentication (NTLM) is a connection-based authentication protocol, meaning that an authenticated connection between a client and server is the only proof of authenticity. This works fine in Intranet scenarios, but for Internet scenarios a lot of network devices in between the client and server can either not support or mishandle NTLM (such as Proxy Server connection pooling/multiplexing), causing unexpected 401.2.

    Here is how it happens: since NTLM is connection-based authentication, once a client successfully authenticates using NTLM, it often re-uses its end of the connection and simply sends anonymous requests over it. Now, assume an intervening proxy server pools connections between client and server, is unaware of NTLM, and independently decides to send the client's request over *another* connection in its pool (instead of the already authenticated one) to the server. This causes the client's anonymous request to be sent to the server over a new, unauthenticated connection, and the server dutifully rejects it with a 401.2 since the server requires Integrated authentication. The 401.2 rejection is totally unexpected by the client since it thought it was re-using an authenticated connection and did not initiate any re-authentication. Yup, fun... ;-)

    Common variations of an "intervening proxy server" include:

    • "Web Accelerators", such as the Google Web Accelerator. These programs basically act like a local "caching proxy" such that requests for content has a higher chance of coming from your local hard drive than over the network, thus "speeding up" apparent web access.

    • Web Anonymizers - these programs basically disguise your own IP and other request characteristics with their proxy's IP and characteristics, and this is shared amongst all their users, thus providing anonymity through numbers.

    • Sniffer tools like Fiddler for IE - these programs act like "Web Accelerators" except instead of caching request/responses, it chooses to selectively capture and display those request/responses for user analysis.

    • Web Access Proxies for some broadband providers or preset Company proxies - these are the traditional obvious proxies.

401.3 Denied by Resource ACL

This error indicates that the web server was able to authentication and obtain SOME NT user token to process the HTTP request (you still have to determine WHICH user's token...), but that NT user token lacks the FileSystem ACLs to access the requested resource. This is the typical "access denied" due to missing file ACLs that people assume, and yes, you will likely need to adjust ACLs to resolve this issue.

However, realize that all of the OTHER 401.x errors have nothing to do with ACLs, so I recommend AGAINST tweaking resource ACLs to "Everyone: Full Control" to remove ACL issues from the picture. You should be able to determine the exact user that fails to have ACLs to the resource, and just adjust ACLs for that user on the necessary resources and resolve the issue

Common causes include:

  • Wrong/Missing ACLs on the file for the authenticated user. You need to change the ACLs or change the user to an identity that has correct ACLs on the file.
  • You are not authenticating with the authentication protocol you think, and thus the user principle may be unexpected. Reconfigure the authentication protocols as-appropriate so that you end up running as user identity you expect on the server.
  • If your content is on a UNC share, you may have mismatched NTFS ACLs vs. UNC Share ACLs.

A useful tool to pragmatically determine access-denied to file resources is File Monitor .

401.4 Denied by Custom ISAPI Filter

This error indicates that some ISAPI Filter running on that request sent back a structured 401 response of some sort.

The reasons why the ISAPI Filter is returning such 401 responses are completely arbitrary and uncontrollable by IIS. You will need to determine WHICH ISAPI Filter is returning this response and obtain support for this ISAPI Filter to resolve the issue.

401.5 Denied by Custom ISAPI/CGI Web Application

This error indicates that some ISAPI Extension or CGI Web Application sent back a structured 401 response of some sort.

The reasons why the CGI/ISAPI are returning such 401 responses are completely arbitrary and uncontrollable by IIS. You will need to determine WHICH CGI/ISAPI is returning the response and obtain support for it.

In the case of requests that execute .DLL or .EXE requests, the CGI/ISAPI binary is clear. In the case of requests with Extensions that have Application Mapping (i.e. the .asp extension is mapped to the ASP ISAPI DLL Script Engine), you need to look up the extension and its associated Application Mapping in the URL's scope to determine the Script Engine to obtain support.


401.1 through 401.3 errors are associated with IIS request processing and allow the logical interpretations and assumptions that I listed above.

Meanwhile, the 401.4 and 401.5 errors are the most arbitrary to diagnose since custom ISAPI DLLs and CGI EXE can cause IIS to behave in non-obvious manners. Thus, much of the logical assumptions about 401.x do not apply.

I hope that this information has been useful in deciphering theh 401.x errors from IIS. If you have additional questions, feel free to post a comment or post a private question via the "contact" link.

Recently, we have also released a tool, AuthDiag, to help troubleshoot IIS access denied issues. You can download it from this location . In particular, it has a feature to hook in to various failure points in IIS and directly troubleshoot what is failing on a given request - you need to see and try it out!


Uniprint Solution Suite - Version 6.0 and higher (except version 8.0 see below)


Version Number

  1. Open Pharos Administrator
  2. Select "Help" from the Menu bar
  3. Choose "About Pharos Administrator"
  4. The installed Product and Version numbers are displayed


Customer Code

  1. Open Pharos Administrator
  2. Select "Help" from the Menu bar
  3. Choose "Site License" to view the Site Code




Uniprint Solution Suite - Version 8.0, 5.X and prior


Version Number

  1. Open SQL Query Analyzer
  2. Select the Pharos Database
  3. Run the following query: select * from system


Look for columns in the SQL table called "version_major, version_minor and build_number" in the displayed results of the query. These three columns combined are the Pharos Version

Example: version_major of 5 ; version_minor of 2 ; build_number of 1950 is Pharos version 5.2.1950


Site Code

  1. Open SQL Query Analyzer
  2. Select the Pharos Database
  3. Run the following query: select * from system


Look for columns in the SQL table called "License_quick_key". This is the Pharos Site Code




Version Number

  1. Launch Blueprint Administrator (Start > All Programs > Pharos Blueprint Enterprise > Blueprint Administrator)
  2. Click the "Help" menu and choose "About"
  3. Record the "Version" displayed



Site Code

  1. Launch Blueprint Administrator (Start > All Programs > Pharos Blueprint Enterprise > Blueprint Administrator)
  2. Expand the "Dashboard" group and choose the "License" item
  3. Record the value for Customers > Code displayed