As you probably know, there is no real high availability scenario for the print server in Windows Server 2012R2 environment. Many times we need that in case of a single server failure, users can do their job also when situations like this happens.
In these cases, it is possible to reduce the down time of a server deploying the second print server and use DNS CNAME to publish print servers. Anyway, there are negative parts in this solution:
- DNS needs to be refreshed, so users can point to another server (consider to have short TTL on DNS record)
- there is no supported way to publish that printers in AD. Publishing printers in AD is done thru computer name (A record) and printer shared name. As we need to publish printer thru CNAME record, this is not possible. There is a workaround with ADSIEDIT and changing published name, but this is not suggested. (I will cover this in a separate post)
Whatever, you can deploy printers with GPO preferences and this is not a so difficult process. You have just to be careful that every user has mapped the right printer (this can be done with GPO preferences filtering).
To create the discussed situation, first you must to have two print servers (in our case we will name them PS1.domain.com and PS2.domain.com). On the first server, you have to install and configure all printers that you need and you can share them, but not publish them in AD. Of course it will work also publishing them in AD, but if a user will choose a printer from AD, the failover will not work for him.
After doing this, you have to create a name and a CNAME record for our print server (I will name it PrintSvr) that point on the first print server. In our example:
CNAME | PrintSvr | PS1.domain.com | TTL = 5 min |
Keep TTL time small, because this time is critical when failover occours! Changing TTL it is not necesary if you plan to use Round robin.
With this, we can resolve our PS1 server with the name PrintSvr and you will be able to browse printers with CNAME, but if you try to install them, you will receive an error 0x00000709.
This is because we need some additional registry changes on the print server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters | ||
DisableStrictNameChecking | QWORD | 1 |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters | ||
OptionalNames | MultiString | CNAME |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0 | ||
BackConnectionHostNames | MultiString | CNAME |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print | ||
DnsOnWire | QWORD | 1 |
The first and the last registry have to be DWORD type if you have Server older than 2012R2
This are all the changes that you need to do. As we changed the registry, do not forget to reboot the server. When everything is completed, you can export the print server configuration from Print Management console to file. This we be useful on the second server.
On the second server, you have just to install the print server role and add the same registry values. After doing this, you can import all printers in the same way as you exported them on the first server. This will import all your printers with exactly the same names and with the same share names. So, there will not be any problem when you will switch the server. Restart the server.
Now you are ready to test the environment. Change the DNS CNAME record in the way that will point to the second server and test if printers still work (of course you can wait that TTL expire or you can flush cache of DNS servers and client where you are testing).
Good work!.
Hi Elvis,
Thanks for the post. There are tonnes out there which require the use of hosts files coupled with DnsOnWire and they seem to work. But I don’t like having a hosts file on a server.
I did all entries above and omitted the following:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
It’s working for me. Is this required?
What would the impact be if I didn’t insert this entry?
I’m using server 2012R2 Standard x64 with CName.
Spent hours searching the internet until I chanced upon this site.
Kudos bro. You’re the first without a hosts file.
Awesome!
Regards,
Ezra.
Hi,
Well, that key is required for authentication on shared folder with CNAME. It is just in case if you are unable to install printer driver true CNAME mapping. If you are able to do that without this key, you can leave it as is.
Hi Elvis,
Thank you for the explanation. You’re really awesome! 🙂
Hi
My name is Raghavendra
we have issue with migrating print server from windows 2008 r2 to windows 2012 r2 printer servers are in two different Domain controller .
I have used above your CNAME setting in our WIndows 2012 R2 server .
but we getting issue with 0x00000709 .
also we tried with delete and add again , then we are getting “windows could not connect to the printer check the printer name and try again …”
Hi,
I don’t understand well about domain controllers. Print servers are in different domains or in same domain on different servers?
we have two different domain , old one and new one
example : windows 2008 r2 is in xxx.domain and windows 2012 r2 printer servers is in yyyy.domain
You cannot move between two different domains with cname.
You need to remap printers manually or with PowerShell.
if have two way Trust Relationships between two domain , then also it will not work ?
remapping is the solution
Hi,
I have a problem with OptionalNames, when i add the same registry values on second server (and same alias name) he does not answer.
Put the same alias name on both servers must work ?
Thx for your reply
Yes. If you use round robin in DNS.
Elvis, I put in all the registry entries you specified. I still can’t add back my cname record for my print server. I had to add them as a records and then put them in a host file to allow us to add a new printer to a work station. I can unc to the alias and list the printers but then I get error: Operation could not be complete (error 0x00000709). Double check the printer name and make sure that the printer is connected to the network. Any thoughts on how to correct this?
This could be a problem with permissions in regitry. Please check this link and let me know.
https://h30434.www3.hp.com/t5/Inkjet-Printing/HP1510-0x00000709-can-t-set-as-default-printer/td-p/3856606
Elvis,
Perhaps you have some additional insight. I’ve followed you instructions carefully. All registry changes and the CNAME entry. We have one slight difference in our situation. our main DNS Zone is like “main.local”. the server’s real name is like Serverdc1.main.local. For reasons that are not germane to challenge we created a new zone called services.main.local, and a CNAME record “print” pointing to Serverdc1.main.local. I’ve added the SPN print.services.main.local. Now I can browse the server using the new FQDN, I see all file and printer shares. I can open file shares with this new FQDN. I cannot connect to any of these printers. Just standard message regarding printer name, is it on?, check address.. etc. etc. This server is also a domain controller. 2012 R2.
Your thoughts would be greatly appreciated. Updates (2919355), and one Hotfix for the spooler (479720) have been installed.
Kevin
Hi Kevin,
As I understand, your print server CNAME is in different DNS zone as server A record. In theory, it should work also in this situation. It is positive, that you can browse shares and I hope that you are able also to put some files in that shares. Anyway, is not a best way to use DC as print server with CNAME. I would prefer to use dedicated server or server with secondary server.
If you wrote all registry settings as is described in article (of course CAME means that you write your value for CNAME) it should to work.
You can also go true two Microsoft posts where is explained how to do this:
https://support.microsoft.com/en-us/help/979602/error-message-when-you-try-to-connect-to-a-printer-by-using-an-alias-c
https://blogs.technet.microsoft.com/askperf/2013/04/23/unable-to-connect-to-a-printer-using-a-cname-record/
Be careful as in registry you cannot use DWORD values, but QWORD! This is because in Server 2012R2 the print server service change to 64 bit application!
Please let me know if will work.
Elvis
Have also tried on non domain controller. Same problem. For clarification should the cNAME entries be just the alias host name “print”, or the new alias FQDN “print.services.main.local”. Thanks.
Here’s a followup on this. I discovered that one of my earlier attempts at this on another domain controller was working. I could add and print to the alias as intended. I reviewed settings on that server, copied them to the server that was not working, and rebooted. Everything is now functional. I can add AND print via the alias. You’ll probably find this very weird but here’s what works:
For reference the goal is to use the Windows Server 2012 R2 domain controller corpdc1.main.local as a print server referenced as print.services.main.local.
Here’s what’s working in our environment:
\services\lanmanserver\parameters OptionalNames Multi-String PRINT
{not sure if all caps is important}
\services\lanmanserver\parameters DisableStrictNameChecking {I deleted this entry}
for some reason it appears to not be needed.
\control\Lsa\MSV1_0 BackConnectionHostNames {did not use it, deleted}
\Control\Print DnsOnWire REG-DWORD 1.
Yes, I’m using a DWORD not a QWORD. some blogs indicate this is an issue of the DNS server not the Spooler architecture. Hey, whatever works right?
I also check Principle Name with the command “setspn -L corpdc1 ” to make sure that only the server’s netbios name and the intended alias existing.
For anyone else out there that might benefit from this we’re using the services.main.local sub-zone as non-AD integrated. This lets us control independently which host the end users are pointed at with the single FQDN. By keeping all the printer shares identical we can manipulate which print server is in use by either changing the appropriate CNAME record or altering which DNS server the client computer is pointed at.
Thank you very much for you help Elvis!!
Kevin
When you add cNAME, you must add FQDN – entire domain name like “print,services.mail.local”.
Confirming that:
A) This works on Server 2016
B) DWORD works just fine even on 64 bit servers
C) Your “CNAME” needs to be FQDN i.e. companyprinter.mycompany.com
Thanks!
I’m able to add the printer with the alias but printing doesn’t work. No error when I send the print job to printer but nothing happens. Also on the web page, I don’t have the connect option. Any advice? Thanks.
If I understand, you are able to map the printer, but when you print to that printer it doesn’t work.
Are you able to print something (test page or few words from notepad) directly from print server? Could be a driver.
And another follow-up: I just did this with server 2019. All I needed in the end (after hours of testing and suffering 😉 ) was “DnsOnWire” in the registry of the printserver and for every alias the command “netdom computername /add:” in my case “netdom computername ds-file-2022 /add:ds-print.domain.local” (and after that “ipconfig /registerdns”). Thanks for your hints, they helped a lot on the way.