Regedit Error Writing The Value's New Contents
- Home
- Windows
- Windows Server
Hello Spiceworks,
On 10/12/21 I installed the latest Windows 2012 server updates including KB5006714 on our print server. The next day we found that no Windows 7 computers could print, nor could we add a network printer (yes, we still have some Win7). Error: Windows cannot connect to the printer 0x0000011b
I since uninstalled KB5006714 and printing was restored. I know the patch has something to do with PrintNightmare, so I would like to reinstall, but I am not sure how to fix the problem if I do. Any suggestions or insight?
Thanks!
The help desk software for IT. Free.
Track users' IT needs, easily, and with only the features you need.
20 Replies
Not sure about Windows 7, as we are on 10 now. I had to reinstall drivers for printers shared from Server2012 with Administrator permissions on workstations.
Frol wrote:
Not sure about Windows 7, as we are on 10 now. I had to reinstall drivers for printers shared from Server2012 with Administrator permissions on workstations.
Same here.
same problem here but curiously it only affects some users not others.
There is a related post for the client version of this patch on Bleeping Computer
The bleeping computer article is a bit of a side issue as this is a server patch and that is a client patch but best not to ignore you might have both problems if you are on current builds of Win 10 (we don't WSUS is blocking updates to later builds of Win 10 so we are not getting that patch yet)
Weird things noticed immediately after a failed install of this patch.
This patch will not install on our print server 2012 R2 even though I have
- disabled AV
- sfc /ScanNow
- Dism /Online /Cleanup-Image /RestoreHealth
- downloaded patch from Update Catalogue and run as Administrator
First call was Access Denied showing on a Client PC.
Client had notification about Work or School Account needing fixing.
Settings > Accounts > Access Work or School > Fix Account
This brought up the Windows Authentication pop up window and signing in fixed the account.
Reboot brought shares back on line and this user can still print today.
Initially thought nothing of it figuring the patch had tightened security and the users domain account was out of sync.
This morning people who had not patched their PC's last night could not print, patching their pc's didn't fix it nor did the Work or School Account being up to date fix it.
If the work or school account is not on the PC access is denied.
If the work or school account is added or brought up to date the queue is there and says x number of documents in the queue but... users who can't print cannot see the documents in that queue.
Users who are not affected (it's about 50/50) can see the documents in the queue.
This looks very suspiciously like some sort of authentication issue on the print server queues caused by the update.
To add to the confusion we are running Papercut with its virtual queues pointing to Microsoft print queues and then to physical devices running the paper cut app for authentication.
This just fixed it for us
- Right-click Start, click Run, type cmd in the Run box, and then press Ctrl+Shift+Enter.
- At the Administrator command prompt, type regedit and then press Enter.
- Locate the following registry subkey:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print
- Right-click Print, choose New, and then click DWORD VALUE (32-bit) Value.
- Type RpcAuthnLevelPrivacyEnabled and then press Enter.
- Right-click RpcAuthnLevelPrivacyEnabled and then click Modify.
- In the Value data box, type 0 and then click Ok.
- In Services restart the windows print spooler
This is the reverse of the instructions contained in https://support.microsoft.com/en-gb/topic/managing-deployment-of-printer-rpc-binding-changes-for-cve...
which is referenced in https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-instal...
This is what they have to say about the registry key and the default behaviour of the patches as they have evolved.
Note This update introduces support for the RpcAuthnLevelPrivacyEnabled registry value to increase the authorization level for printer IRemoteWinspool.
Registry subkey
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print
Value
RpcAuthnLevelPrivacyEnabled
Data type
REG_DWORD
Data
1: Enables Enforcement mode. Before you enable Enforcement mode for server-side, make sure all client devices have installed the Windows update released on January 12, 2021 or a later Windows update. This fix increases the authorization level for printer IRemoteWinspool RPC interface and adds a new policy and registry value on the server-side to enforce the client to use the new authorization level if Enforcement mode is applied. If the client device does not have the January 12, 2021 security update or a later Windows update applied, the printing experience will be broken when the client connects to the server through the IRemoteWinspool interface.
0: Not recommended. Disables the increase authentication level for printer IRemoteWinspool, and your devices are not protected.
Default
Default behavior after installing updates when registry key is not set:
January 12, 2021 or later updates have the default behavior of 0 (zero) when not set.
September 14, 2021 or later updates have the default behavior of 1 (one) when not set.
Is a Restart required?
Yes, a device restart or a restart of the spooler service is required.
Word of warning: this puts you back in PrintNightmare territory but what are you going to do until Microsoft 'FINALLY' gives us a patch that works stop printing ?
Wow, thanks for the input everyone! As a side note, we did have some Windows 10 PCs that did NOT have a problem. Unfortunately, since 1/2 our staff could not print, I uninstalled the update before I had a chance to go around and doing a more thorough check on the clients. It is starting to look like we need to be exposed to PrintNightmare until I can get everyone on Windows 10. I just really with I had some kind of Windows 7 work-around. If I figure something out, I will post back...
Try the registry key fix on your server to see if that sorts out the windows 7 clients if it breaks again when the next windows update is released. It would be wonderful if Microsoft could tell the rest of the world what the difference between two supposedly identical builds of Windows 10 on two identical machines is because that is what we had here. one could print the other couldn't. RPC Authentication is clearly the problem.
We had a problem over here with KB Updates KB5006067 and KB update KB-5006714, causing issues for MAC and Windows Printings at our School, We uninstalled it because the last KB Update in September caused the same issue, That fixed it for us but means we are outdated since August. I definitely will have to look into your fix Nick, but if people are having problems uninstalling those KB worked and fixed the issues.
I didn't have the luxury of uninstalling the update this time because the damn thing failed to install but still did the damage. Nothing to uninstall with if the install failed hence the need to find a fix. The registry change effectively disables the enforcement of authentication via RPC which the patches enable.
With Windows 7 in the mix, keep the security update installed and add the registry key. The Windows 10 systems works because the server and the client support the same protocol method.
You would need to pay MS for extended Windows 7 support to get this update for Win 7.
If there are any Macs in the environment, I do not expect Apple to be reverse engineering the protocol method soon but I do expect this sometime in the future. For mixed environments Microsoft has been telling folks to add the key and set to 0.
JT980 the new protocol is designed to prevent Windows from connecting to Linux systems pretending to be a Windows print server with hijacked print drivers that can take ownership of the computer.
The code was released in January with the default set to 0 when the registry does not exist. In September the new spooler defaults to 1 when the registry key does not exist.
The code existed PRIOR to the public release of the spool exploit so not directly related to the issue that arose in July.
The exposure at this point is that your Windows print server can now, well it could have done this before the protocol change too, connect to shared printer from a Linux system.
Are there any Linux systems on your network which might be causing you concern?
Hi alanmorris.
No client based Linux systems. We have several appliances and some may run the Linux OS, I will have to check.
We are in the process of rolling out Windows 10. We have about 320 PCs and we are about 1/2 way done. So, we will have Win7 for a few more months... Ugh!
Thanks!
Hopefully this change will prioritize the need to take the Windows 7 systems out of service.
I reinstalled KB5006714 via Windows Updates on 2012 R2 print server. Tested from my Win7 PC and printing was broken. Could not print and could not add printer. Applied Nick Da Geek's registry fix, above, to the print server and restart the Print Spooler service. Printing appeared to work (not in office to check printer today). The work-around appears to be working. I will know for sure come Monday morning...
Thanks!
Same issue here this morning. Numerous users unable to printer (Win10), restart services, server and workstations, nothing. View printer ports...missing, same as KB5005565 and KB5005566. Located KB5006714 on print server, installed this morning and researched that it contained printer updates. Uninstalled, printing restored. Wish MS would get their crap together on testing this stuff. I've wasted far too many hours on stupid printing issues lately.
Ran into this issue this morning. Importing the reg file onto our print server and restarting the print spooler resolved the issue for us:
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print]
"RpcAuthnLevelPrivacyEnabled"=dword:00000000
Well... No phone calls this morning, so I believe the registry 'work-around' worked for us too!
It's not really a work around, it's a configuration from the default behavior.
This is the new world of Windows Point and Print.
Administrator access to install print drivers and no connections if the client system is not Windows or in your case, Windows 7 which will not use the same protocol methods.
The solution of course will be a new print system.
The registry fix worked for our environment - Windows Server 2012 R2.
Hey Nick, thanks for the registry fix. Dumb question, is that performed on the print server or on the client workstation?
Thanks!
Hi Shane this was on the Server
Regedit Error Writing The Value's New Contents
Source: https://community.spiceworks.com/topic/2335288-can-t-print-after-october-updates-kb5006714-from-windows-7
Posted by: christensensayinten61.blogspot.com
0 Response to "Regedit Error Writing The Value's New Contents"
Post a Comment