What you need to know
- Microsoft has shared steps on how to mitigate a printer issue on Windows 10 related to smart card authentication.
- The company also released an out-of-band update for the same issue this week.
- Mitigation requires you to work with the Windows registry.
The complication only affects a small set of devices, but for anyone with a device that runs into it, updates and mitigation steps are always welcome. Microsoft explains which devices are affected in a support doc:
After installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices which are not compliant with section 3.2.1 of RFC 4556 spec, might fail to print when using smart-card (PIV) authentication.
Here are the steps for temporary mitigation from Microsoft:
To use the temporary mitigation in your environment, follow these steps on all your domain controllers:
- On your Domain Controllers, set the temporary mitigation registry value listed below to 1 (enable) by using the Registry Editor or the automation tools available in your environment.Note: This step can be done before or after steps 2 and 3.
- Install an update that allows the temporary mitigation available in updates released July 27, 2021 or later (below are the first updates to allow the temporary mitigation):
- Restart your domain controller.
Note that editing the registry incorrectly can cause serious issues. Here is the registry value that Microsoft mentions in its instructions:
| Device Manager Name | Version and Update |
|---|---|
| Registry subkey | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kdc |
| Value | Allow3DesFallback |
| Data type | DWORD |
| Data | 1 – Enable temporary mitigation. 0 – Enable default behavior, requiring your devices into compliance with section 3.2.1 of RFC 4556 spec. |
| Restart required? | No |
