Microsoft shares mitigation steps for latest printer issue on Windows 10

Surface Laptop 4 13 Intel Hero
Surface Laptop 4 13 Intel Hero (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • Microsoft has shared steps on how to mitigate a printer issue on Windows 10 related to smart card authentication.
  • The company also released an out-of-band update for the same issue this week.
  • Mitigation requires you to work with the Windows registry.

Microsoft recently issued an out-of-band update for a problem that prevents some printers, scanners, and multifunction devices from working. Now, the company has outlined steps to temporarily mitigate the issue.

The complication only affects a small set of devices, but for anyone with a device that runs into it, updates and mitigation steps are always welcome. Microsoft explains which devices are affected in a support doc:

After installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices which are not compliant with section 3.2.1 of RFC 4556 spec, might fail to print when using smart-card (PIV) authentication.

Here are the steps for temporary mitigation from Microsoft:

To use the temporary mitigation in your environment, follow these steps on all your domain controllers:

  1. On your Domain Controllers, set the temporary mitigation registry value listed below to 1 (enable) by using the Registry Editor or the automation tools available in your environment.Note: This step can be done before or after steps 2 and 3.
  2. Install an update that allows the temporary mitigation available in updates released July 27, 2021 or later (below are the first updates to allow the temporary mitigation):
  3. Restart your domain controller.

Note that editing the registry incorrectly can cause serious issues. Here is the registry value that Microsoft mentions in its instructions:

Swipe to scroll horizontally
Device Manager NameVersion and Update
Registry subkeyHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kdc
ValueAllow3DesFallback
Data typeDWORD
Data1 – Enable temporary mitigation.0 – Enable default behavior, requiring your devices into compliance with section 3.2.1 of RFC 4556 spec.
Restart required?No
Sean Endicott
News Writer and apps editor

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.