1
  • Customer has three Toshiba copiers using the “Save as File” solution where it saves scans to a local drive and shared folder (“file_share”) on the Toshiba.
  • UNC = \Toshiba IP\file_share

Testing from the server (Windows 2022 Std x64) on their network:

  • If I’m signed into Windows with typical Windows user account I cannot access the UNC’s using File Explorer (Network Error code: 0x80004005). Reproduced with existing local administrator, new local administrator, and new local standard user.
  • I can ping the IP addresses of the Toshiba copiers.
  • Using our Remote Monigoring & Management solution (ScreenConnect) I can open “backstage” to the server, which connects as “nt authority\system”.
  • From backstage I can use File Explorer to browse to both UNC’s successfully.
  • This is a Workgroup server. Not joined to any domain.
  • I have restarted the server.

With this only being a problem when a Windows user account signs in, I don’t believe any of the following could be the cause of this issue.

  • Permissions on the Toshiba.
  • Toshiba network connectivity.
  • Company network.
  • Any sort of encryption (e.g. TLS)
  • Server network drivers or network protocol options.
  • SMB settings.
  • Windows updates.

Seems like the issue must be something affecting a normal Windows user, but not nt authority\system, but I’ve not been able to identify any software (like antivirus) that would only affect a standard user signing into Windows.

Other info

  • Issue came to light because new workstation for user can’t access the UNC’s on the Toshiba’s, but her previous computer could.
  • There are multiple other users that can access the UNC’s.
  • Previous computer has already been disposed of. :frowning:
  • At the moment this new computer is not running, so I can’t verify whether the “backstage” can access the UNC’s.
  • However, I checked on a few other workstations. I can access the UNC’s for “backstage” on any workstation I tried.
  • The server (only one) and the workstations are not joined to a domain.
  • Users sign into workstations with Azure user accounts (AzureAD\username).
  • We sign into the server with local user accounts.
2 Spice ups
2

Additional bit of information.
The only two computers on their network that cannot access to the UNC’s:

  • The only Windows 11 workstation
  • Their server, running Windows 2022.
    When connected to the RMM Backstage on both of those machines, we can access the UNC’s.
3

Is SMBv1 required by the copiers? Could be worth turning it on for the win11 machine and testing.

4

Do you think the SMB use/access is different from when using a Windows user account versus nt authority\system ?

Looks like tech already enabled SMBv1 on the workstation. It’s still enabled and still can’t access the Toshiba UNC’s

Note: With the reg change below I was able to access the UNC’s from the server, even though SMBv1 is disabled.

5

Update:
Access to the UNC’s now works from the server after I added this registry entry.

image
image728×250 13.2 KB

I added the same registry entry to the users workstation and we are still having issues.

  • Every time we try to access the UNC’s for the Toshiba’s Windows 11 prompts for a username and password.
  • Whether we enter credentials or cancel, it still fails to access the UNC’s.
  • The server (Win 2022) nor the other workstation prompt for credentials when accessing the UNC’s.
1 Spice up
6

Silly question, but did you give the workstation a reboot once changes were made?

7

No I didn’t restart the workstation since the reg change.
The server didn’t need a restart after the change so figured the workstation wouldn’t either.
Just to make sure, I’ll have the customer restart today when it’s convenient for her and I’ll update forum.

1 Spice up
8

Restarting workstation made no change.
Windows 11 workstation still prompts for credentials after restart and fails to access UNC’s whether she enters her Windows credentials or cancels out.
Toshiba is set to allow access with device credentials, but all other workstations (Win10) and now the Win2022 server can access the Toshiba UNC’s with no credentials.

9

Honestly, I would look at what version of code is running on the Toshibas. In my experience, they can even be slightly different between models - even though the interface looks similar.
I can tell you what I have worked with a number of these copiers and even slight variations of this code can seem to affect how it deals with scanned documents. If they are not all on exactly the same release, I would start to look into getting them all updated to the latest first so that you have more of an apples/apples comparison.
Second, you said it works for some users. On those users, check in the Windows Credential Manager, and see what is saved as the username/password for those copiers. Even if they look similar, it is possible they are different to access one versus another. I also imagine that their username could be case sensitive.
I have ours writing to a file share - when they are configured, they work great. But, setting them up can be tricky depending on the firmware. The newer firmware seems to be much better and way less buggy.

10

SBUX2K
Other computers, and now the Windows Server 2022, can access the Toshiba shares with no credentials. Nothing in Credential Manager related to the Toshiba or IP, and in the case of the server. Zero in Credential Manager except for virtualapp and SSO_POP_Device.

EDIT: With the folder access working for everyone else, I’m not ready to make any changes to the Toshiba’s unless the copier vendor recommends it. I don’t want to risk breaking this solution for others.

1 Spice up
11

Gotcha. Well, when you say it works on the server, is the server a part of a domain? Or, also on a workgroup?

12

No local domain. Details in original post.

1 Spice up
13

Update.
We haven’t found a way to get Windows 11 to work with the Toshiba file shares, so we are converting the customer to scan to email.

Thank you for everyone’s input on this.
Have a great day.

14

Setup push scanning, create a user and password that cannot be changed on each workstation. Btw what is the model and version of firmware? You can no longer access the share (win11) because of that admin permission microsoft pushed out about 1 year ago. Model is important. I can send you the Toshiba software restrictions, just hit me up.
I have setup 1000s of templates using push method, storing on hdd/ssd on copier is last resort for me. I’m not dissing you, just saying I don’t have this issue.

15

Hello.
Go to printer admin page - network - smb and choose guest logon disabled. Up on the page click save.
Fill with whatever user / pass you want. (EG guest / guest)
Next go to a new explorer and access printer’s IP and the auth window should come up.
Fill in guest / guest and tick Remember me. Shares should open.
Now go back to printer’s administration and put guest logon on disabled. Username and password should remain there.
Open printer’s IP in a new explorer. This time there should be no credentials asked for.
This worked for me on multiple similar toshibas and multiple 24H2 W11s so it should work for you too.

1 Spice up
16

Here is the Toshiba bulletin on this matter with using Scan to File storing on the Toshiba eStudio copier and then accessing from Windows 11 24H2 client. It is a windows security issue.