Skip navigation
All Places > Knowledge Base & Downloads > Blog > 2019 > July
2019

Problem

When attempting to use an ID card to log into a Sentry Print-controlled Ricoh "IM" device (like an IM C3500 or IM C6000), the login attempt fails; the action times out. However, using user/password authentication works just fine.

 

Cause

Invalid Device Settings

If the terminal for the device was present on the Analyst server prior to securing the device, there is a possibility that there is a difference between what is expected for the device and what is actually present. At launch, the device-side software requests its configuration information. The server-side software catches this invalid data and quashes the request. Because the configuration is not downloaded, the device software cannot launch, causing the visual symptom described above.

 

Resolution

This usually happens because an existing Terminal is present for the device in Blueprint prior to attempting to secure the device. As part of the securing process, Sentry Print will create a terminal record that is appropriately configured (use the Secure Release Server default settings to set the Print Group and authentication script for the terminals) for the device.

 

Resolution: If a terminal was already present when the device was secured:

  1. Unsecure the device.
  2. Launch the Blueprint Administrator application on the Analyst and delete the terminal record.
  3. Within the Analyst's Blueprint Administrator, clear replicated data on the device's parent server.
  4. Launch the Blueprint Administrator application on the device's parent server.
  5. Clear replicated data on the parent server.
  6. Resecure the device.

Problem

When securing a device for Sentry Print in Blueprint, the "Status" in Pharos Print Center says "Secured" but the device, on reboot, only has a white screen with an animated "spinner" as if it is still loading.

 

Causes of the Problem

This problem has several potential causes. Each is described below.

Connectivity to the Server - Name Resolution

When securing the device, the server designated in the dialog box is sent to the device as the host name. If the DNS settings on the device cannot resolve the host name, the Pharos software installed on the printer will not load, causing the visual symptom described above.


Connectivity to the Server - Port Access

The device will attempt to reach its parent server on TCP 4321. If that port is being blocked (firewall software, switch, router, etc.), then the connection cannot complete and the Pharos software installed on the printer will not load, causing the visual symptom described above.

Invalid Device Settings

If the terminal for the device was present on the Analyst server prior to securing the device, there is a possibility that there is a difference between what is expected for the device and what is actually present. At launch, the device-side software requests its configuration information. The server-side software catches this invalid data and quashes the request. Because the configuration is not downloaded, the device software cannot launch, causing the visual symptom described above.

 

Resolution

Name Resolution Issues

Use nslookup to determine if the issue is due to failure in name resolution. If used as-is, nslookup will use the host's primary DNS server to resolve the server name. However, the command can accept another DNS server as well, making it a very flexible troubleshooting tool. In the example that follows, "bp-collector02.pharos.com" is the device's parent server and "192.168.18.35" is the DNS server defined on the device. So to check name resolution, the command to run is:

 

nslookup bp-collector02.pharos.com 192.168.18.35

 

If the response includes a "can't find <servername>" statement, then the DNS server does not contain a record for resolution.

 

Resolution: Either add the necessary record to the DNS server or reconfigure the device for a DNS server that can resolve the name.

 

TCP Port Access Issues

To determine if it is a port access issue, locate a workstation on the same subnet as the device. Engage a command prompt (it does not need to be administrative) and use telnet to reach the server over TCP 4321. In the example, the server name is bp-collector02.pharos.com. Note: you may need to install the telnet client; use "Add Windows Features" to do this.

 

telnet bp-collector02.pharos.com 4321

 

If successful, the command prompt window will change to simply be a screen with a flashing cursor. Otherwise, it cannot make a connection.

 

Resolution: Evaluate the network device path between the device and the server to determine where the 4321 TCP port is not allowed, and then open/white list it.

 

Invalid Device Settings

This usually happens because an existing Terminal is present for the device in Blueprint prior to attempting to secure the device. As part of the securing process, Sentry Print will create a terminal record that is appropriately configured (use the Secure Release Server default settings to set the Print Group and authentication script for the terminals) for the device.

 

Resolution: If a terminal was already present when the device was secured:

  1. Unsecure the device.
  2. Launch the Blueprint Administrator application on the Analyst and delete the terminal record.
  3. Within the Analyst's Blueprint Administrator, clear replicated data on the device's parent server.
  4. Resecure the device.

ENVIRONMENT

  • Pharos Blueprint Enterprise 5.3.x
  • Pharos iMFP for Konica-Minolta v1.5.x
  • Pharos iMFP for Konica-Minolta v2.x

 

SYMPTOMS

  • The service will not start.
  • Cannot secure a device.
  • ERROR: "Unable to register Secure Print because the browser certificate is not available."
  • ERROR: "User [Domain]\[User] requires full R/W permisson to use the Management console. User can't write."
  • ERROR: "UnknownMessage" on device display.

 

CAUSE

Pharos Blueprint Enterprise 5.3.x includes the MFP Site Service as part of its installation. This service creates endpoints that can listen in the range 0.0.0.0:50003 and another 0.0.0.0:50006, which are also potential endpoints used by the service running as part of the Pharos iMFP for Konica-Minolta server installation. Because there is a potential for port contention, the solution behavior is unpredictable and will cause operational problems.

 

RESOLUTION

Part I. Determine the conflicting port(s).

  1. If the  iMFP for Konica-Minolta service is running, stop it.
  2. Close the Konica-Minolta management console.
  3. Using Windows Task Manager, identify the Process ID (PID) of the “Mps.Client.Mfp.Service.exe” process (the Details tab will display this by default).
  4. Using Command Prompt running as an administrator, run the following set of commands: netstat -ano > netstat.txt notepad netstat.txt
  5. Look for the “Listening” ports associated with the PID of Mps.Client.Mfp.Service.exe. These will be found under the “Local Address” header in the netstat.txt file, expressed as 0.0.0.0:<portnumber>. Write them down.

Part II. Reconfiguring the KM Service.

Pharos iMFP for Konica-Minolta v1.5.x

  1. After installation, launch the Management Console for KM iMFP.
  2. There will be a prompt to configure the application. Continue.
  3. Using the ports from Netstat, look for the match within the Application Settings > Service Settings screen. It will likely be the Listening Port (v1.5.6 and lower) or Listening Port (Auth) (v1.5.7), as that uses TCP 50004 by default. Change it and continue to configure application settings.

 

Pharos iMFP for Konica-Minolta v2.x

  1. After installation, launch Notepad as an administrator and open [Drive]:\Program Files (x86)\PharosSystems\Pharos iMFP for Konica Minolta V2\App_Data\km\Konica-Minolta.config.
  2. Locate the lines for port configuration and identify the conflicting port assignment(s). If TCP 50006 is the conflicting port, for example, change the following line: <add key="pullPrintListeningPort" value="50006" /> to use a different port.
  3. Save the change(s).
  4. Restart the Konica-Minolta iMFP v2 service.

 

NOTE: If the server is running Windows Firewall or some other port blocking application, an exception will have to be made to allow communication against the changed port(s). Similarly, TCP port configuration may be required on switches and/or routers to enable communications between the server and the device.