Categories
it

Printer deployment with Group Policy Preferences and error 0x80070bcb

TL;DR

If you get the error 0x80070bcb when deploying your printers follow the instructions below.
Enable and configure these two GPO’s for all clients you want to deploy the printers to:

Computer Configuration > Policies > Administrative Templates > Printers > Package Point and print - Approved servers

Computer Configuration > Policies > Administrative Templates > Printers > Point and Print Restrictions

Configure them as follows:

In the Policy Package Point and print - Approved servers I had to add the FQDN of the print server.

For the Policy Point and Print Restrictions I had to check the checkbox Users can only point and print to these servers and add the FQDN of the print server. The security prompts I configured as follow:

When installing drivers for a new connection: Do not show warning or elevation prompt

When updating drivers for an existing connection: Show warning only


This week we migrated an old print server from Windows Server 2008 R2 to Windows Server 2019. And we changed the way we deployed printers. Before the change, the user had to select the printer by himself, and there was no automatic deployment. So every employee who wanted a printer gad to go to the printer settings and added the printer. This implementation resulted in many calls to the IT office because the user doesn’t know the nearest printer’s name. So to avoid this situation, we decided to deploy printers using Group Policy Preferences (GPP). GPP’s are like regular Group Policy Objects (GPO), and you can configure the same way. To learn more about the differences, I recommend this article

After configuring the deployment for all printers, most deployed successfully, but a few printers seem to have difficulties. When I wanted to see the GPO result with the command gpresult, I saw the error 0x80070bcb with all printers that didn’t successfully deploy.  This problem seems to be a Windows 10 User Account Control (UAC) problem that exists since Windows Vista.
To resolve this error, I had to enable and configure the two following GPO’s for all Computers that I wanted to deploy the printers too.

Computer Configuration > Policies > Administrative Templates > Printers > Package Point and print - Approved servers

Computer Configuration > Policies > Administrative Templates > Printers > Point and Print Restrictions

In the Policy Package Point and print - Approved servers I had to add the FQDN of the print server.

For the Policy Point and Print Restrictions I had to check the checkbox Users can only point and print to these servers and add the FQDN of the print server. The security prompts I configured as follow:

When installing drivers for a new connection: Do not show warning or elevation prompt

When updating drivers for an existing connection: Show warning only

After having configured these two GPO’s, I forced a GPO update with gpupdate /force, and the printers that didn’t appear before appeared now with no errors.

Acknowledgment:

Thanks a lot to this article that directed me in the right direction:
https://www.adamfowlerit.com/2017/07/deploying-printers-windows-10

About the Author

Hello my name is Loris Scandurra and I am an engineer and project manager based in Switzerland. I write about issues I encounter during my work and other stuff that would be useful or entertaining to document. If you want to write me an E-Mail do so at ls@lorisscandurra.com

Categories
it

Exchange 2016 Hybrid setup false password/username

TL:DR

Don’t copy and paste the credentials. Type them in manually, and the setup will proceed normally.


I am currently doing a general infrastructure update for a customer. During this process, we migrated all Users from Exchange 2010 to Office 365 Mailboxes. But due to how Microsoft (sadly) designed their Office 365 with an On-premise Active Directory environment, you still need a local Exchange Server to manage the Exchange attributes in your On-Prem Active Directory [read the doc]. And because we didn’t want to leave an old Exchange Server with Windows 2008 R2 running in the network, we decided to install a new Exchange Server.
You don’t need to pay for a new Exchange License for this, because the new Exchange Server will only be a Hybrid Server that doesn’t contain any mailboxes itself. So for this, Microsoft provides a Hybrid License for an Exchange Server 2016. After setting up a VM with Windows Server 2016, I started the Exchange installation. The Exchange installation detected a Hybrid setup and asked me to insert the user credentials of an Office 365 Admin. So I did just that, I copied the credentials and pasted them into the setup screen, but it told me that the credentials were wrong. And I knew that couldn’t be because I just copied them like I always do. And I also couldn’t move forward with the installation without providing the credentials.
After some research on the Internet, I found the error [read the forum post]. The problem was that I copy/pasted the credentials. If you do this, the installer will tell you that your credentials are wrong. So I had to copy them manually. After that, the installation proceeded successfully.

About the Author

Hello my name is Loris Scandurra and I am an engineer and project manager based in Switzerland. I write about issues I encounter during my work and other stuff that would be useful or entertaining to document. If you want to write me an E-Mail do so at ls@lorisscandurra.com