Category Archives: Howto Tutorials (EN)

Knowledge Network for Tutorials, Howto’s, Workaround, DevOps Code for Professionals.

Windows cannot connect to the printer

Do you Trust this Printer? Windows cannot connect to the printer. Operation 0x00000006 failed

If you try adding a network printer, the error message appears “Windows cannot connect to the printer”, then may this post can help to solve this issue.

Windows cannot connect to the printer

PrintNightmare Printer Issues due to August cumulative update

Windows updates released August 10, 2021 and later will, by default, require administrative privilege to install drivers. Underlying a serious vulnerability in the Windows print spooler (CVE-2021-1678), Microsoft released a patch that was distributed through the August cumulative update. This leads to problems with printing for many users.

With the August Update, the vulnerability has been closed by requiring the installation of printer drivers via administrative rights by default. If there is a newer driver on the server than on the client, the client will attempt to update it by prompting you to enter an admin password.

In fact, the only solution is to reset the behavior back to the state it was before the August update.

Registry Changes default behavior

Microsoft provide an new registry key for this, this is the Key RestrictDriverInstallationToAdministrators with a value of 0 to allow users to install printer drivers. The key does not exist by default. Run by group policy or from script to open a command prompt as administrator and pasting as follows.

REG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint" /v RestrictDriverInstallationToAdministrators /t REG_DWORD /d 0 /f

  This measure removes protection against exploits of CVE-2021-1678. Microsoft therefore recommends this step only temporarily to avoid work interruptions.

  A reboot is not required when creating or changing this registry value.

Change behavior of Point and Print Restrictions to trusted servers via group policy

Specify trusted servers with the group policy Point-and-Print-Restrictions under Computer Configuration => Policies => Administrative Templates => Printer.

GPO Point and Print Restrictions

Restore path to printer driver in registry

Using Windows Printer Shares on a Server, it can happen when adding a network printer, it fails by the client, the reason is that the installation wizard no longer find the printer driver in the local driver store. The wizard looks for the directory path to the printer driver in the registry Key InfPath.

Restore path to printer driver in Registry Key InfPath
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\

Now that the path to the printer driver is no longer valid, the path must be searched in the registry of the server, here in this example it is the printer Sharp MX-C401 PCL6, which saves the path to the printer driver with the INF file in the Key InfPath, the path is here as follows:

C:\Windows\System32\DriverStore\FileRepository\sn0emdeu.inf_amd64_284362ba62125445\

The path is inserted in the Key InfPath as a value, which is probably empty, where the change requires admin rights, regedit.exe run as an administrator, or temporarily grant the user admin rights.

  If there is another printer on the client with the same driver, this value can be copied by InfPath, and the printer with an invalid value, or where the value is empty, can be pasted by double-clicking InfPath.

Installing printers manually

Now open the administrative share print$ to the print server on the client, where the printer drivers of the server are located.

Share print on server02

For example, \\SERVER02\print$

Under the print$ share are the printer drivers of the installed printers on the print server. In our example at \\SERVER02\print$\x64\PCC are printer drivers for the Windows 64 bit system architecture.

Search here for the appropriate CAB archive file that has the same driver, i.e. file name, as the file in the RegistryKey InfPath,here is sn0emdeu.inf.

CAB Archive File

Unzip the compressed CAB archive file matching the printer from the print$ share with 7-Zip and copy the files to the path taken from InfPath.

DriverStore FileRepository

Connecting and adding network printers is now possible as usual.

  Another simple solution is to add a new printer installed via printer, where by selecting LPT1 as the port, even if LPT1 does not exist, it is re-entered correctly when the path is installed in the InfPath registry key, so that the printer connection to network printers works again, the previously installed printer on LPT1 can be deleted with Device Removal.

  Note. Windows Update KB5005652, released on August 10, 2021, requires administrator privileges by default to install drivers. This change has been made the default behavior to minimize risk on all Windows devices.

How to use FortiClient VPN Post Login Script

Run FortiClient SSL VPN Scripts from CLI

How to use the FortiClient SSL VPN from the Windows command line, and apply from batch scripts. The FortiClient, available for FortiGate for all known operating systems, download from the Fortinet Support section. In addition to the FortiClient 6.4.2.1580 for Windows used here also the FortiClientTools 6.0.9.0277.

FortiClient VPN Windows  Installation
FortiClient VPN

After the FortiClient is installed, we leave the VPN configuration left blank. Now the FortiClientTools are unpacked into a directory, of interest is the folder contents of SSLVPNcmdline, here the file FortiSSLVPNclient.exe is to be found, along with the Microsoft Visual C++ Redistributable mfc140.dll, msvcp140.dll, vcruntime140.dll runtime components.

Contents of SSLVPNcmdline FortiClientTools_6.0.9.0277.zip.

Running FortiSSLVPNclient.exe opens the GUI.

FortiClient SSLVPN Tool Installation auf Windows
FortiClient SSLVPN

We decide not to use the VPN connection profile stored in Settings, instead to connect from CLI with append parameters.

FortiSSLVPNclient connect -h 226.62.42.81:10443 -u homer:password123 -i -q -m

It is now a good way to start the VPN connection with login and network drive mapping from the script, the following batch file should enable this.

@echo off
START "" /I FortiSSLVPNclient connect -h 226.62.42.81:10443 -u homer:password123 -i -q -m
timeout 10
net use * /delete /yes
net use R: \\10.10.10.10\data /user:homer password123 /persistent:no
REM further instructions!

With option connect -h will connect to the VPN gateway, belong the IP address and the port number separated by a colon. The user -u who should log in to the gateway and the password after the colon. With the timeout wait 10 seconds to VPN connection to be established before execute network drive mapping. The value may be reduced or it must be increased.

In the taskbar, the Icon FortiSSLVPNclient, over which the context menu opens with a right-click.

The VPN connection can be disconnected with the following script.

@echo off
START "" /I FortiSSLVPNclient disconnect

FortiSSLVPNclient Command Line Usage
Usage: FortiSSLVPNclient.exe [options] [args]

FortiSSLVPNClient Tool Help Site

Source link: Fortinet Knowledge Base