locked
Live One Care Firewall and Brother MFC Wireless Scanning RRS feed

  • General discussion

  • Any MFC printer/scanner gets this error ... my specific model is Brother MFC-9840CDW, I happen to be running Vista Ultimate 64-bit ... but this error occurs on all flavors vista when used with Live OneCare.

    Error:
    "Failed to connect to the device.  -If the device is OFF, turn ON the device. -Check the I/F cable connection between the device and your computer.  -If the device is working on the other job, wait until the job is completed. [TW006]"



    I see that there exists three unresolved discussions regarding this problem in this forum, so I figure I'll open a new thread and stay on top of this thread until the issue is closed.

    So far, I know when I disable the firewall, scanning works fine from the Brother MFC multifunction printer on my computer.

    I've followed Brother's instruction to enable three UDP Ports - specifically:
       Port 137: UDP Inbound and Outbound to the local subnet - file and print sharing Netbios name lookup
       Port 54925: UDP Inbound and Outbound to the local subnet - Scanner
       Port 54926: UDP Inbound and Outbound to the local subnet - Fax

    I've opened a case with Brother and Brother insists these Vista firewall actions are enough for the networked MFC line of devices to work fine for computers without live onecare, so they won't provide further support and insist support should come from Microsoft Live OneCare - in the meantime Brother suggests only a workaround of turning off the firewall everytime one wants to use the scan/fax functions, or uninstall Microsoft Live OneCare until OneCare resolves issue.

    So... on my own to further diagnose the problem, I've added every Brother .exe program found in the Brother file folders within the program files directory to the Firewall's 'allow' Programs.  This still has not allowed communication with the printer.

    Next I've open a support case with Live OneCare (benefits of a paid-in-full subscription ;-) ).  If MS Support has a solution I'll post it here for all to enjoy.  Otherwise I'll perform a next step of opening the firewall and running some network scan utilities to see what activity is occuring between the printer and the computer to figure out what else needs to be opened on the firewall and perhaps get crazy monitoring processes if patience permits.  Any advice to further actions I can take are appreciated ...  Anybody resolve this issue already - saving me much time :-D ?

    So that's it for a descriptive explanation of the problem ... More to come on a solution, hang on.

     

      
    Thursday, July 16, 2009 7:33 PM

All replies

  • Somewhere on your printer there should be a setup button and in scrolling through setup you should find a screen where you can enter your network key. Entering your network key should allow wireless access without the need to open any additional ports or protocols.


    Jim - MVP Windows Live - Forum Moderator - Live One Care - Live Mesh - Microsoft Security Essentials
    Thursday, July 16, 2009 8:49 PM
    Moderator
  • I should clarify, this case is not related to the printing capability of the Brother MFC devices.  Network printing wireless or through cat-5/6 cable works fine with Live OneCare, and yes - in order to setup wireless the wireless key was entered into the printer using the Brother provided setup software tools.  As it stands, the printer status monitor (provided by Brother) lists the printer as 'ready', and does produce printouts / communication with the networked computers.

    The current problem is specifically related to enabling the 'scan' and the 'fax' functionality of the multi-function printers.  These extra functions are getting blocked by the firewall ... again once the firewall is disabled, these network functions do operate from the computer both wirelessly and through cat5/cat6 cable.

    The issue continues to remain unresolved - I'm waiting for Microsoft support.


    Friday, July 17, 2009 3:51 AM
  • I'm sorry I misunderstood the issue. Support is definitely the way to go.
    Jim - MVP Windows Live - Forum Moderator - Live One Care - Live Mesh - Microsoft Security Essentials
    Friday, July 17, 2009 5:14 AM
    Moderator
  • Ok ... have not had any luck with MS support.
    MS Live OneCare official policy is they don't support network printers.
    They did try to help - here's what they did:
    First, confirmed that printer works fine as a scanner when all ports are allowed in the firewall:
       Configure Firewall/Advanced Settings/Ports and Protocols/Add...
       Rule named "all ports", TCP/UDP, Port Range 1 to 65535, For 'Both [local ports] Connections' ... and scope='Local network (subnet)'

    (important only allow this in the local subnet because it effectively disables the firewall for local network traffic)
    (caveat empor: this means a malicious or compromised local machine could be used to launch unfettered attack to a machine containing the rule described here)

    In my case this was so.  (Rule enabled, scanning works vs. disabled scanning fails)

    Next they perform a command line app "netstat -at" which listed a series of ports that where added to the firewall to see if this would help, adding rule for each port, and disabling the 'all ports' rule.  This did not solve the problem.  I removed this list of ports, because the 'all port' rule is inclusive of these ports and the ports don't show up in the Microsoft Network Monitor Capture I did later (see below).

    Support gave up, and said contact Brother to get a list of ports used.

    Next, I launced "Microsoft Network Monitor 3.3" and with the 'all port' rule enabled, captured network traffic for a bunch of scans.
    I noticed that the scanner uses tcp port 54921 consistently, but dynamicall assigns a second port for responses e.g. 1765,1414,etc... on consecutive scans.
    (I also noticed UDP SNMP being used, but that should be fine).

    So ... I think the firewall is blocking the traffic because of the dynamic port.  My next step will be a support call to Brother to find a range of ports that software selects from which could be used ... rather than opening giant hole in firewall, maybe we can narrow the range a bit.

    Second, I made not of the executbale that is involved with the communicaiton.  Because I am on a 64 bit machine, the communicaiton is in the process "wiawow64.exe" a 32 to 64 bit translator provided by Microsoft.  Unforetunately I was not able to add this exe to the firewall's trusted exe's ... so I am at a loss of what 'Programs' I could grant unfettered firewall access.  Any ideas here?  This may be a way to bypass the dynamic port assignment problem.

    Anybody care to see the network capture logs, I'd be happy to share ... or if they have any ideas of avenues to take I'm glad to give them a try. 

    Otherwise, my last hope is to call Brother support once again and see if they can shed insight into the dynamic port assignment range used.

    I'll keep this updated of progress.  Ideas are very welcome.



    Friday, July 17, 2009 9:52 AM
  • Sorry about the lame response from support referring to network printers not being support. If you have a case ID that you can forward, I'll escalate that. Network printer are totally supported. What isn't supported is a network printer for OneCare's printer sharing feature.
    Your issue is with the scan capabilities of a network device and, as you clearly know, is strictly a firewall issue.
    I think the port range is indeed the solution. I doubt that OneCare is blocking the application/drive outright, simply restricting the dynamic port assignment that you've discovered.
    I appreciate the effort that you're putting forth to resolve the issue and the communication here, so thanks and I look forward to your utlimate success.
    -steve
    Microsoft MVP Windows Live / Windows Live OneCare, Live Mesh, & MS Security Essentials Forums Moderator
    Friday, July 17, 2009 12:06 PM
    Moderator
  • I just sent all error screen shots, network scan captures, and onecaresupportdata.zip to this support ticket: SRX1107174916‏

    Last night I tried support using the chat session, so there may also be notes in this ticket SRX1107231012ID ... though the above ticket is more up to date / has more detail from attached emails -SRX1107174916‏-

    I've also just completed a call from Brother ...

    I’ve just completed a call with Brother Support tier 5.   They had me disable the live onecare firewall, and enable the built in Vista Windows Firewall.  He had me add (only) these exceptions to the ruleset:

       a) Network Scanning: Internal/External UDP 54925
       b) Network PC-Fax Receiving: Internal/External UDP 54926

       c) Network Printing and Remote Setup: Internal/External UDP 137

    Using Windows Firewall, the Scan features do work from the PC and Brother device, without any additional ports.

     

    So, I’m back to Live OneCare Support.

    Any assistance would be appreciated.  I've an open communication channel with Brother now too, so once this is resolved I have told I will provide info for Brother to also update their knowledgbase.  Just getting to the right person at Brother took almost 2 hours on the phone, so hopefully no one else also has to experience this.  Now with this persons contact, we can expedite communications there.

    Thanks
    Friday, July 17, 2009 8:46 PM
  • Hi,

    Please try the below steps:

    As you said that 54921 is the port consistently used and Dynamic port numbers are 1765,1414...etc.

    In this regard, try to add the port 54921 and in also add (1300 to 1800) port range and check the result.

    I appreciate your efforts in trying to resolve the issue by spending more time on this issue.

    Saturday, July 18, 2009 3:51 AM
  • No, same errors occur when I open to the local subnet (where printer is) :
        54921 - 54926 TCP & UDP both directions
        and 1300 - 1800 TCP & UDP both directions
        and 137 UDP both directions

    Since the plain Windows firewall worked with just the 3 UDP ports opened, is it possible that LiveOne Care is blocking the application?

    Its strange that in the network capture files from the "Microsoft Network Monitor 3.3" application, the listed communication when using the Microsoft built in firewall that only had the 3 UDP ports listed above open, show communication on the (supposedly) closed TCP ports 1441 & 54921 - in the image I emailed you & Green Yi it is circled in the file named 'Firewall On Vista.jpg')

    Any other thoughts ... would you like to schedule to remote control this machine?

    Thanks
    Saturday, July 18, 2009 8:15 PM
  • No, same errors occur when I open to the local subnet (where printer is) :
        54921 - 54926 TCP & UDP both directions
        and 1300 - 1800 TCP & UDP both directions
        and 137 UDP both directions

    Since the plain Windows firewall worked with just the 3 UDP ports opened, is it possible that LiveOne Care is blocking the application?

    Its strange that in the network capture files from the "Microsoft Network Monitor 3.3" application, the listed communication when using the Microsoft built in firewall that only had the 3 UDP ports listed above open, show communication on the (supposedly) closed TCP ports 1441 & 54921 - in the image I emailed you & Green Yi it is circled in the file named 'Firewall On Vista.jpg')

    Any other thoughts ... would you like to schedule to remote control this machine?

    Thanks

    Yes, OneCare is blocking the application. Why, I don't know, but based on your troubleshooting, it is.
    Keep working with your open support ticket(s) and I look forward to your results.
    -steve
    Microsoft MVP Windows Live / Windows Live OneCare, Live Mesh, & MS Security Essentials Forums Moderator
    Saturday, July 18, 2009 8:22 PM
    Moderator
  • Ok - I switched the printer from wired to wireless configuration, using the printer interface - joined the network using the same IP address as the wired configuration.

    And voila - the application is no longer being blocked by Live OneCare firewall.

    I narrowed the ports on the OneCare firewall to only UDP ports 137, 54925 & 54926 - and it continues to work :-).

    I'm not sure why it doesn't work wired.  I'm also not sure if it was necessary to add absolutely every exe in the Brother directory to the OneCare 'safe' applications... but since its working - not much more I can do.

    My last interaction with OneCare support suggested I either switch to the Vista Firewall, or start narrowing the ports opening 'only' half the entire range at a time, and go further until we have the port range narrowed e.g. try with only 1-32000 , then try with only 32001-65000 ... etc...   If anybody continues to have this problem you may want to start here.  Meanwhile for me, switching to wireless 802.11b seems to have done the trick.

    • Edited by f1 fan Monday, July 20, 2009 9:39 PM typo
    Monday, July 20, 2009 9:38 PM
  • Ok - I switched the printer from wired to wireless configuration, using the printer interface - joined the network using the same IP address as the wired configuration.

    And voila - the application is no longer being blocked by Live OneCare firewall.

    I narrowed the ports on the OneCare firewall to only UDP ports 137, 54925 & 54926 - and it continues to work :-).

    I'm not sure why it doesn't work wired.  I'm also not sure if it was necessary to add absolutely every exe in the Brother directory to the OneCare 'safe' applications... but since its working - not much more I can do.

    My last interaction with OneCare support suggested I either switch to the Vista Firewall, or start narrowing the ports opening 'only' half the entire range at a time, and go further until we have the port range narrowed e.g. try with only 1-32000 , then try with only 32001-65000 ... etc...   If anybody continues to have this problem you may want to start here.  Meanwhile for me, switching to wireless 802.11b seems to have done the trick.


    Very Glad that, the issue is resolved.
    I appreciate your time and patience and your efforts in resolving and troubleshooting the issue.

    Tuesday, July 21, 2009 11:19 AM
  • In your OneCare firewall advanced settings are the file and printer sharing settings allowed for both local subnet and Internet? In mixed mode networks - wired/wireless - local subnet alone may not work as the different segments are seen as different networks, though they are both actually local.
    -steve
    Microsoft MVP Windows Live / Windows Live OneCare, Live Mesh, & MS Security Essentials Forums Moderator
    Tuesday, July 21, 2009 12:04 PM
    Moderator
  • I just stumbled across this thread as I was having the same issue.  I looked through the Windows logs and found that it was trying to connect to the Printers Name (BRN_xxxxx).  I added the TCPIP address of the printer to the host file and pointed it to the machine name and "voila", I was pleasantly surprised.  I don't use OneCare.  I am using ESET Smart Suite but I can't imagine it would be too different.  I hope this will help everyone.
    Wednesday, January 20, 2010 11:12 PM
  • I just stumbled across this thread as I was having the same issue.  I looked through the Windows logs and found that it was trying to connect to the Printers Name (BRN_xxxxx).  I added the TCPIP address of the printer to the host file and pointed it to the machine name and "voila", I was pleasantly surprised.  I don't use OneCare.  I am using ESET Smart Suite but I can't imagine it would be too different.  I hope this will help everyone.

    I'm having the same problem. I'd like to attempt to implement the above solution rather than switch from wired to wireless network connection (my wireless signal is poor in my office).  Can someone please explain how I can "add the TCPIP address of the printer to the host file" and "point it to the machine" - or a similar workaround? Many thanks.

    Tuesday, February 2, 2010 11:58 PM
  • I just stumbled across this thread as I was having the same issue.  I looked through the Windows logs and found that it was trying to connect to the Printers Name (BRN_xxxxx).  I added the TCPIP address of the printer to the host file and pointed it to the machine name and "voila", I was pleasantly surprised.  I don't use OneCare.  I am using ESET Smart Suite but I can't imagine it would be too different.  I hope this will help everyone.

    I'm having the same problem. I'd like to attempt to implement the above solution rather than switch from wired to wireless network connection (my wireless signal is poor in my office).  Can someone please explain how I can "add the TCPIP address of the printer to the host file" and "point it to the machine" - or a similar workaround? Many thanks.


    HOSTS is a hidden file located in \Windows\System32\Drivers\etc

    Open it with a text editor such as notepad and add an entry with the machine name and the IP address of the printer as noted in the post you quoted.

    Since this is a OneCare forum, though, if you are using OneCare and need help with this, contact OneCare support:
     

    How to reach support (FAQ) - http://social.microsoft.com/Forums/en-US/onecareinstallandactivate/thread/30400b52-7f26-4ba0-bc18-17e305329d90

    If not: 

    Your question may be better posed to one of the forums here, depending on your operating system:

    Vista:
    http://social.answers.microsoft.com/Forums/en-US/category/windowsvista

     

    XP: http://social.answers.microsoft.com/Forums/en-US/category/windowsxp

     

    Windows 7: http://social.answers.microsoft.com/Forums/en-US/category/windows7

     

    -steve


    ~ Microsoft MVP Windows Live ~ Windows Live OneCare| Live Mesh|MS Security Essentials Forums Moderator ~
    Wednesday, February 3, 2010 1:35 PM
    Moderator
  • Having the same issue, tried your solution northshore but it didn't work.

    The weird part is that it USED to work just fine.

    Running Win7 64 bit and a brother MFC-9440CN over a LAN.

     

    Friday, August 6, 2010 11:10 PM
  • Having the same issue, tried your solution northshore but it didn't work.

    The weird part is that it USED to work just fine.

    Running Win7 64 bit and a brother MFC-9440CN over a LAN.

     


     

    You're off topic for this forum, which is dedicated to Windows Live OneCare

     

    Your question may be better posed to one of the forums here -

     

    Windows 7: http://social.answers.microsoft.com/Forums/en-US/category/windows7

     

    -steve


    ~ Microsoft MVP Windows Live ~ Windows Live OneCare| Live Mesh|MS Security Essentials Forums Moderator ~
    Monday, August 16, 2010 12:34 PM
    Moderator
  • Hi northshoreit,

    Your "Start > Search for... > Specify machine by address" solution worked for me.

    I am using a Ricoh Aficio SP C210SF color laser printer over ethernet from Windows 7 64 bit. This printer comes with drivers and utilities that install the same ControlCenter interface that ships with Brother MFC printers, and scanning gave me the same error as described in this thread. But now it's working.

    Thank you.

    -sb

    Monday, September 13, 2010 4:46 AM
  • Hi,

    In my case: windows 7, the problem was fixed by going to start, search for scanner, view scanners and cameras, network settings, change setting to ip address and place your ip

    I hope this helps

    Monday, October 25, 2010 11:24 AM
  • Hello.  Your solution worked for me.  Simply identifying the scanner by IP address, rather than by name, worked.  A 30 second solution after hours spent on the phone with Brother support.  My firewall was already allowing the scanner through, so did not need any changes there.
    Thursday, January 6, 2011 10:48 PM