Thanks, Ken! From: [email protected] [mailto:[email protected]] On Behalf Of Ken Schaefer Sent: Thursday, January 08, 2015 6:46 PM To: [email protected] Subject: [NTSysADM] RE: Windows Scan Management
Seems to be confirmed here in the comments: http://blogs.technet.com/b/askperf/archive/2009/10/11/windows-7-windows-server-2008-r2-distributed-scan-management.aspx As to the certificate issue, there are 2 kinds of certificates that can be in use with Distributed Scan Management - machine certificates and user certificates. Generally, machine certificates are used for the Distributed Scan Mgmt server to communicate with a WSD device that is using https. The user certificate is used when a user needs to connect to a device to view or manage it, or to connect to another Scan Server. The user certificate is not turned off when DSM is installed even if you say "no" to using a certificate. To take the user certificate out of the picture to make sure it is not causing problems, I recommend running the Scan Server Configuration Wizard and choosing to turn it off there. The wizard can be launched from the Print and Document Services node in the Server Manager console. Look under Advanced Tools on the details pane. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Ken Schaefer Sent: Friday, 9 January 2015 10:37 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: Windows Scan Management According to http://technet.microsoft.com/en-us/library/dd871137.aspx if the Scan Server is running in “authenticated mode” you need to use a client cert to authenticate to the scan server for managing it. My guess if you need to issue a client-authentication cert to your user account. Cheers Ken From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Mayo, Bill Sent: Friday, 9 January 2015 1:00 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] Windows Scan Management Anybody have any experience with using Windows Distributed Scan Management? We installed the role(s) on a new 2012 R2 Server and are trying to test it. Setting up the Scan Server went fine, but when trying to setup a Scan Process, we are getting an error about the client certificate. The message is: "Windows cannot connect to the specified scan server. This can happen if the server name is incorrect, if the Distributed Scan Server service on the server is stopped, or if the scan server rejects the certificate used to connect to the server. Check the certificate and ensure that the Distributed Scan Server service is Started." There is a button in the MMC to select the client certificate, but it just says there are none available. I can’t find any documentation on what it wants here. The only thing I have found at all on the internet is this post in the TechNet Forums, where several people have the exact same problem, but no solutions (https://social.technet.microsoft.com/Forums/en-US/b93de1d0-2dc5-4edb-8659-fe0816bbd8b6/scan-managment-certificate-requirements?forum=winserverprint). There is a server certificate for the Scan Server and that seems fine, but it seems that it also wants the client to have some kind of certificate. It doesn’t matter if I do this from Scan Management on the same server or from a desktop, I get the same client certificate problem. Any help would be greatly appreciated. Bill Mayo
