Skip navigation
All Places > Knowledge Base & Downloads > Blog > 2018 > June
2018

Preton Saver is a companion product to Pharos Blueprint Enterprise that further optimizes printing costs by reducing the amount of ink or toner applied to the page (see Toner Savings for more information). As part of its operation it injects a monitoring function into launched applications to see if they do any printing; if the application prints then it is added to a list so that toner savings outside of those available to the toner policy may or may not be applied. One of the potential byproducts of injecting into an application, however, is instability within the application to the point where some function may no longer work or, in the worst case, the application crashes. In many cases, the applications that become unstable don't even print. This document discusses how to manage a non-printing application to protect it from injection.

The Basics

As mentioned in the introduction, nearly all applications on a workstation are injected for monitoring by the local Preton Saver client. The three possible states of an application within Preton Saver are:

  • Monitor. The application is injected and monitored for print, but special toner savings are not applied. However, if the logged-in user has an applicable toner savings policy, those savings are applied.
  • Save. The application is injected for print, and special toner savings are applied. For example: a general toner savings policy is applied for 35% savings, but if the application is Mozilla Firefox, savings of 50% are applied. Conversely, an application savings policy may specify lower savings; for example Adobe Photoshop CS may only be set for 10% savings.
  • Protect. The application is not injected by Preton Saver, and no toner savings are applied for print jobs that come from that application.

The following set of steps will result in a protected application because it is known that the application has no way to print a job.

Creating The Application Within Preton Saver

In general, the only time an application "bubbles up" through Preton Saver for management is if that application is actually involved in printing a job. The steps below create an entry within Preton Saver when no print jobs exist for the application.

  1. Install and launch Preton Control. It is recommended that this be installed on the server hosting Preton Coordinator.
  2. Once connected to the Preton Coordinator instance, click the Applications group.
  3. Select any one of the applications in the list.
  4. In the "Applications Settings" panel on the right, click the "Add Filter" button. It will be near the middle of the page in the "Document Association" group.
  5. In the "Filter Text" field, type the friendly name of the application. To create a filter for the RealVNC Viewer, type RealVNC Viewer.

    NOTE:
    Do not use a Regular Expression; keep that option unchecked.
  6. Under "Application Association" choose to associate a new application and type the application name shown in Windows Explorer without the "exe" extension.
  7. Click the "OK" button when done.
  8. Click the "Apply" button in the top toolbar.
  9. Locate the new application in the list (the text color will be black) and select it.
  10. In the "Application Settings" page, click the "Application setting" option and change it from "Monitor" to "Protect."
  11. Apply the change by clicking the "Apply" button in the top toolbar. The application name will change to an orange fill.

 

At this point, either exit the Preton Control application or add any other applications that you wish to protect.

Managing the Change at the Client

In most environments, the Preton Saver client installed on the Windows workstation/laptop is configured to contact the Preton Coordinator software infrequently for policy updates. To force a policy update, follow this process:

  1. Exit the application that needs protection if it is running.
  2. Browse to C:\Program Files\Preton\PretonSaver.
  3. Launch PretonTraceView.exe (it does not require launching as an administrator).
  4. Locate the "Update Policy" button in the upper-right corner of the window and click it.
  5. Exit Preton Trace View.

Affected Environments

  • Pharos Blueprint Enterprise 5.0 (any service pack level)
  • Pharos Blueprint Enterprise 5.1 (any service pack level)
  • Pharos Blueprint Enterprise 5.2 R1 (any service pack level)
  • Pharos Blueprint Enterprise 5.2 R2 (any service pack level)
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016

 

Problem Statement

When installing Blueprint 5.x the initial Tracker and EDI web service tests fail with the message "The underlying connection was closed: an unexpected error occurred on a receive." There may also be a message about "unexpected error occurred on a send."

 

TesterError.png

 

Cause

This error happens because SSL is enabled for the Tracker web service (where it is optional) and the EDI web service (where it is enabled by default and required). However, the server has not been enabled to support any cipher (TLS 1.0, 1.1, or 1.2; 1.2 is only compatible with Blueprint Enterprise 5.2 R1 Service Pack 3 or Blueprint Enterprise 5.2 R2). This is normally due to a Group Policy Object (GPO) setting or the default operating system image in the organization has disabled/removed the SChannel protocols in Windows Registry.

 

Resolution

The necessary ciphers can be enabled using Windows Registry.

  1. Launch RegEdit.
  2. Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols. Within there, look for TLS 1.0 and TLS 1.1.
    TLS_Registry.png
  3. Expand each to expose the Client and Server subkeys. If these keys are not there, use the attached file "CreateTLS1.1.txt" as a basis for an import into the Microsoft Windows Registry.
  4. When selected, the key will have a value, "Enabled". Change it to a Hexadecimal value of 1. Ensure that each subkey's "Enabled" value is set to 1 for TLS 1.0 and 1.1. If necessary, only TLS 1.1 needs to be enabled.
  5. When completed, restart the server.

 

From this point, the SSL-enabled web services will pass their tests.

 

Reference

The following Microsoft article discusses cipher support in the various Windows operating systems and the Windows Registry settings that support them. TLS-SSL Settings | Microsoft Docs

Additionally, Pharos Blueprint Enterprise (and other Pharos Systems applications) are .NET version-dependent. This means that a specific .NET version support of an SChannel cipher must also be considered. Below follows a table listing the cipher support by operating system version. When the value is ON, this implies the default configuration unless affected by Group Policy.

 

Windows versionSSL2 ClientSSL2 ServerSSL3 ClientSSL3 ServerTLS 1.0 ClientTLS 1.0 ServerTLS 1.1 ClientTLS 1.1 ServerTLS 1.2 ClientTLS 1.2 Server
Windows Vista SP2 and Windows Server 2008 SP2OffOnOnOnOnOnN/AN/AN/AN/A
Windows 7 SP1 and Windows Server 2008 R2 SP1OffOnOnOnOnOnOffOffOffOff
Windows Server 2012OffOffOnOnOnOnOnOnOnOn
Windows 8.1 and Windows Server 2012 R2 OffOffOnOnOnOnOnOnOnOn
Windows 10OffOffOnOnOnOnOnOnOnOn
Windows 10 (1511)OffOffOnOnOnOnOnOnOnOn
Windows 10 (1607) and Windows Server 2016N/AN/AOffOffOnOnOnOnOnOn

Source: https://support.microsoft.com/en-us/help/3154519/support-for-tls-system-default-versions-included-in-the-net-framework. Note that systems utilizing .NET 3.5/2.0 will require the addition and enablement of the "SystemDefaultTlsVersions" Registry key after Service Pack 2 for this version of .NET has been applied.