P
Patrick Philippot
Hi,
The HP LanScan software that allows you to scan remotely from a LAN
workstation fails with a "scanner not found" message after you install
Windows XP Service Pack 2 on the host machine (the one connected to the
scanner).
I contacted the HP support and they told me that it was a firewall
problem (although I had mentioned that the Windows XP Firewall was
disabled on my LAN). This is absolutely wrong. I monitored the
communication between the client system and the host and could determine
that LanScan uses DCOM / RPC to communicate on the LAN. Windows XP SP2
puts severe limitations on these protocols by default. In order to get
HP LanScan working again, you have to release these restrictions.
Here's what you can do to fix this (worked for me):
Foreword:
-----------
- Note that these steps disable some DCOM / RPC restrictions globally. I
repeat, these steps will release some security settings enforced by
Windows XP SP2. If you are unsure, please refrain from proceeding any
further and ask your admin or wait until HP provide an update or
instructions for fixing the problem. If you are not familiar with the
registry editor and /or with the system administration console, please
ask for assistance in your neighborhood.
- A better approach would be to release these restrictions only for the
COM components used by LanScan. However, until HP wake up, I don't know
exactly which components are involved. So I'm using global settings that
may also help a few other DCOM applications to work correctly after
installation of the XP SP2. You need to be a system admin to follow
these steps.
- If you want detailed explanations about the DCOM / RPC restrictions in
XP SP2, please read this document:
http://www.microsoft.com/downloads/...CF-2DEE-4772-ADD9-AD0EAF89C4A7&displaylang=en
- These steps do not include any discussion about the Windows Firewall
because we didn't activate it on our systems. If the Windows XP Firewall
is enabled on your systems, you might have to take additional steps also
explained in the document above ("Windows Firewall" section).
Here we go... All changes apply to the "host" machine only (the one
connected to the scanner).
1. On the XP SP2 Host, click on Start | Run and enter "dcomcnfg". This
opens the Component Services console.
2. Expand Component Services | Computers and right-click My Computer.
Select Properties | Com Security.
3. For both "Access permissions" and "Launch and Activation
permissions", click the "Edit limits" and "Edit default" buttons and
give full permissions to all users who have to access HP LanScan and
more generally DCOM components (this will vary with your configuration
and your LAN - if you don't know, ask your Admin). If all domain users
need access to the scanner, give permissions to "Authenticated Users".
Note that SYSTEM may not have remote access permission by default. Give
it this permission.
4. Click OK and close the console.
5. Now click on Start | Run and enter "gpedit.msc". This opens the Group
Policy console.
6. Go to Computer Configuration | Windows Settings | Security Settings |
Local Policies | Security Options.
7. In the right pane, double-click "DCOM: Machine access
restrictions..." . Check "Enable policy", click "Edit security" and give
full permissions to the same users as above.
8. Do the same for "DCOM: Machine launch restrictions...".
9. Close the console.
10. If you log on to a domain, you may have to repeat the same steps for
the "Default Domain Policy" (see Start | Programs | Administrative
tools).
11. Open the registry editor, go to
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc, create a
DWORD value named RestrictRemoteClients and leave the default value
unchanged (0).
12. Reboot your system. You don't need to do anything on the client
systems, whether or not they are running XP SP2.
NB: Not all these steps may be absolutely necessary. But I had no time
left to test all the possible combinations.
Hope this helps.
The HP LanScan software that allows you to scan remotely from a LAN
workstation fails with a "scanner not found" message after you install
Windows XP Service Pack 2 on the host machine (the one connected to the
scanner).
I contacted the HP support and they told me that it was a firewall
problem (although I had mentioned that the Windows XP Firewall was
disabled on my LAN). This is absolutely wrong. I monitored the
communication between the client system and the host and could determine
that LanScan uses DCOM / RPC to communicate on the LAN. Windows XP SP2
puts severe limitations on these protocols by default. In order to get
HP LanScan working again, you have to release these restrictions.
Here's what you can do to fix this (worked for me):
Foreword:
-----------
- Note that these steps disable some DCOM / RPC restrictions globally. I
repeat, these steps will release some security settings enforced by
Windows XP SP2. If you are unsure, please refrain from proceeding any
further and ask your admin or wait until HP provide an update or
instructions for fixing the problem. If you are not familiar with the
registry editor and /or with the system administration console, please
ask for assistance in your neighborhood.
- A better approach would be to release these restrictions only for the
COM components used by LanScan. However, until HP wake up, I don't know
exactly which components are involved. So I'm using global settings that
may also help a few other DCOM applications to work correctly after
installation of the XP SP2. You need to be a system admin to follow
these steps.
- If you want detailed explanations about the DCOM / RPC restrictions in
XP SP2, please read this document:
http://www.microsoft.com/downloads/...CF-2DEE-4772-ADD9-AD0EAF89C4A7&displaylang=en
- These steps do not include any discussion about the Windows Firewall
because we didn't activate it on our systems. If the Windows XP Firewall
is enabled on your systems, you might have to take additional steps also
explained in the document above ("Windows Firewall" section).
Here we go... All changes apply to the "host" machine only (the one
connected to the scanner).
1. On the XP SP2 Host, click on Start | Run and enter "dcomcnfg". This
opens the Component Services console.
2. Expand Component Services | Computers and right-click My Computer.
Select Properties | Com Security.
3. For both "Access permissions" and "Launch and Activation
permissions", click the "Edit limits" and "Edit default" buttons and
give full permissions to all users who have to access HP LanScan and
more generally DCOM components (this will vary with your configuration
and your LAN - if you don't know, ask your Admin). If all domain users
need access to the scanner, give permissions to "Authenticated Users".
Note that SYSTEM may not have remote access permission by default. Give
it this permission.
4. Click OK and close the console.
5. Now click on Start | Run and enter "gpedit.msc". This opens the Group
Policy console.
6. Go to Computer Configuration | Windows Settings | Security Settings |
Local Policies | Security Options.
7. In the right pane, double-click "DCOM: Machine access
restrictions..." . Check "Enable policy", click "Edit security" and give
full permissions to the same users as above.
8. Do the same for "DCOM: Machine launch restrictions...".
9. Close the console.
10. If you log on to a domain, you may have to repeat the same steps for
the "Default Domain Policy" (see Start | Programs | Administrative
tools).
11. Open the registry editor, go to
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc, create a
DWORD value named RestrictRemoteClients and leave the default value
unchanged (0).
12. Reboot your system. You don't need to do anything on the client
systems, whether or not they are running XP SP2.
NB: Not all these steps may be absolutely necessary. But I had no time
left to test all the possible combinations.
Hope this helps.