Sep 15 2021 10:29 AM
Anyone else having user print issues after installing this update on a Windows Server 2016 Standard? We can send jobs to the spooler just fine from the server itself, but a user submitted job is just simply terminated. Problem started happening after installation. We've removed the update on 1 server to test, and it appears that jobs are now printing again properly. Problem is, it's been installed many servers. We will likely uninstall update to remedy issue, but that's not a real solution.
Thanks,
Michael
Sep 16 2021 06:33 AM - edited Sep 16 2021 06:43 AM
Last night was our patch date here, and we're walking into a mountain of "can't print" tickets this morning across our 1,200 something printer shares.
Print servers (2012 R2) can reach our printers, print server can successfully send test jobs. But clients can't print, similar to OP's reported behavior. No output, no error.
Also, to quote one report:
We're about to try ruling out patch removal from both a print server and client.
Sep 16 2021 12:09 PM
We have the same problem. Uninstalling KB5005573 seems to fix the printing issue for windows 10 users, however having less luck w/windows 7 users- keeps asking to reinstall drivers, does so (takes forever to install drivers), then fails to print. rinse and repeat...
I'm actively looking for solution, and will post what I find to all forums I visit, please reciprocate in kind?
Thx,
RS
Sep 16 2021 12:15 PM
Sep 16 2021 02:44 PM
Here are the KB's to watch out for: (that I've found so far)
2016 - KB5005573 2019 - KB5005568 2012 - KB5005613
RS
Sep 16 2021 03:58 PM
Sep 20 2021 12:05 PM
@GeekNaHalf patching caused quite the commotion for me this morning. I ended up rolling back KB5005573 and restarted the print servers. It would appear that this has been long in the process according to this link: https://support.microsoft.com/en-us/topic/managing-deployment-of-printer-rpc-binding-changes-for-cve...
Unfortunately with everyone and anyone making noise about the issue... I did not feel I had enough time to research the root cause. That article would have been nice to be made aware of prior to patching this last weekend.
I am currently in the testing phase on that article to see if it works or not. I suspect it will work, but I'm not sure why Microsoft doesn't just address the problem rather than disable a feature that everyone seems to use.
Sep 20 2021 03:15 PM
Sep 21 2021 11:54 AM
Sep 21 2021 06:17 PM
Oct 13 2021 08:47 PM
Oct 14 2021 02:10 PM
Oct 25 2021 04:15 AM
Here is what worked for me & other partners in my field.
The spoofing vulnerability CVE-2021-1678 has been known for quite some time (in January 2021 Microsoft published something about it, see also my blog post Details of Windows NTLM vulnerability CVE-2021-1678 published). As I now read out from Benjamin Delpy above tweet, this also affects printer RPC binding and authentication for the remote Winspool interface.
Microsoft has started to address this vulnerability via security updates in January 2021 and September 2021. To do so, a new registry entry was set that administrators could use to increase or decrease the RPC authentication level.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print
When the DWORD value RpcAuthnLevelPrivacyEnabled=1 is set, Windows encrypts RPC communication with network printers or print servers. However, this security measure was rolled out in two stages via security update: :
The details can be found in the Microsoft support article Managing deployment of Printer RPC binding changes for CVE-2021-1678 (KB4599464). This could explain the connection problems of clients with the Windows printer spooler in various scenarios. It is reported that printing is no longer possible after installing the September 2021 update.
Instead of uninstalling the security update from September 14, 2021, users have come up with the idea of disabling the enforcement mode on the server.
If I interpret the above tweet correctly, disabling the relevant settings under:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\
on the server to allow printing again. There is the DWORD value:
RpcAuthnLevelPrivacyEnabled=0
and then restart the print spooler (see this reddit.com thread and in Bleeping Computer's forum). Maybe it will help someone.
Oct 26 2021 02:27 AM
Oct 29 2021 08:04 AM
Oct 29 2021 08:23 AM
Oct 29 2021 08:25 AM