Thank you for your feedback



Information Required to Escalate Security Issues

Document ID:FA872
 
06/16/14 Properties  

Problem

Escalation checklist; Needed info before escalating; Escal requirements; 802.1x; Security-related issues; PKI; SCAC; Smart Card Authentication Client; Public Key Infrastructure; Auth issues; Embedded Security settings; Active Directory; Addressbook; Internal Account; Kerberos; LDAP + GSAPPI; LDAP; Password; Secure Audit; SNMP;

Solution

Overview


This article serves as a guide to gathering necessary information before opening an escalation item for Security-related issues; i.e., Embedded Web Server (EWS) Security Settings, Public Key Infrastructure (PKI), Smart Card Authentication Client (SCAC).

IMPORTANT! You should utilize all available technical support resources before electing to escalate issues.

 

Step 1: Gather mandatory information below for ALL escalations.
 

  • Customer Information
    • Account Name
    • Account Address
    • Customer Name
    • Phone Number
    • Email Address
       
  • Lexmark Device Machine Type/Model
     

IMPORTANT! Please utilize this escalation template:

[PROBLEM DESCRIPTION]

  • Problem frequency
  • Readily repeatable or random issue
     

[SETUP or ENVIRONMENT] to include:

  • Number of affected devices (include Lexmark and/or non-Lexmark printers)
  • New roll out or new installation
     

[STEPS TO REPRODUCE]
[ACTUAL BEHAVIOR]
[EXPECTED BEHAVIOR]

 

Step 2: Gather primary requirements for all Security-related issues. 


Before you begin, it is recommended to perform the following:

 Clear Embedded Solutions Log file. This will ensure that new log files will be captured to better isolate the problem. To do so,

Step Action
1
Open the printer's web interface via a web browser (e.g., Mozilla Firefox, Google Chrome).
 
2
Enter the printer's IP address followed by /se (e.g.,http://192.168.1.2/se).
 
3
Select Embedded Solutions, and then click on Clear Log File.
 

 Turn ON Security Debug Log. This helps gather debug information to better isolate the problem. NOTE: This process varies per printer model and firmware code:

For... Then...
2010-2012 (newer) devices with EC4 firmware code...

Perform the steps below.

Note: Click here to view steps on how to identify current firmware code.


Any other devices or firmware version...
 
This requires installation of a Pkiaddebug tool. Please contact Lexmark Technical Support for assistance.

Reference – 2010-2012 Printer Models

Monochrome
Color

MS61x
MS81x
MX410
MX51x
MX61x
MX6500e
MX71x
MX81x

CS510
CX510
X548
X74x
X792
X925
X95x

NOTE: The EC4 firmware for the X548X74xX792X925, and X95x models will be available soon.

An x denotes any number within a given printer model series.

Procedure

Beginning with firmware code EC4, debug functionality is built-in to the firmware; thus, there will be NO need to install the debug app.

Step Action
1
Before you begin, disable Background and Idle Screen if possible, as it is very noisy and may wrap the log file.
 
2
In the printer's SE Menu (i.e., http://<printer's IP address>/se), select Security Logs.
 
3
Click Turn Debugging ON. Click here to view image.
 

NOTE: The Logs Gzip file also captures the Security logs among many others. 

 Reproduce the issue.


Then gather the following logs:

  • Menu Settings Page
  • Logs Gzip
  • Exported Embedded Solutions Settings
  • Exported Security Settings
  • Exported Device/Printer UCF Settings


NOTE: To view detailed steps on how to gather these logs, please refer to Step 2 of the Main Escalation Checklist Index.

IMPORTANT! Capture logs as quickly as possible as this will be reset back "Off" after POR. This provides all the same information you would get from the pkiaddebug All Files report.

If there are working printers on site, always get comparison logs, and then send both sets of logs. This will help in comparing the settings from a working device with one that has issues.

It is OK if the working device is using PKI solutions while the non-working one is using SCAC, or vice versa.

 

Step 3: Select a topic from the list below to view additional requirements specific to your issue.
 


PKI and SCAC Issues


Note: The following are required for PKI or SCAC Scan to Network Folder (SNF) issues.

Requirement Relevance How to obtain
Operating system
Info is used for simulation and analysis.
 
Enduser provided
Folder Permission Settings This contains the information about User Privileges; e.g., Read Only, Write, etc.
  1. Right-click the Destination Folder and click Properties.
  2. Go to Sharing tab, click Advanced Sharing..., click Permissions, and then take a screenshot.
Security Permission Settings This contains the information about Users’ Security Privileges; e.g., Read Only, Write, etc.
  1. Right-click the Destination Folder and click Properties.
  2. Go to Security tab, click Advanced, find Permissions,  and then take a screenshot.

Return to topics


Embedded Security Settings Issues

802.1x
 

Requirement Relevance How to obtain
802.1x Server/Versions
This information is used for simulation especially whether the customer is using Cisco ACS or Microsoft RADIUS Server, etc.
 
Enduser provided
Brand/Model/Firmware Info of the Switch
Info is used for simulation and analysis.
 
Enduser provided

Return to topics


Active Directory
 

Requirement Relevance How to obtain
Status Error
It is an overview on the actual problem.
 
The error would show up if it fails to join the domain. Please provide screenshots.
Server Information Info is used for simulation and analysis.

Note: Applicable on Windows systems only.

  1. Click Start Menu > Programs > Accessories > System Tools > System Info.
  2. Click File, and then Save.

Return to topics


Addressbook
 

Requirement Relevance How to obtain
Test Results Error The actual error would point in the right direction as to which area needs to be reviewed.
Test button can be found on the bottom part of Addressbook Settings in EWS. Please provide screenshots.
 
Active Directory Users and Computer Needed for better comparison with the address book settings.
Info can be obtained from the Administrator who has access to the Domain Controller, which should indicate where the user is residing.
 

Return to topics


SNMP


Requirement Relevance How to obtain
SNMP MIB Walk / SNMP GET
Info is used for simulation and analysis.
 
Enduser provides this by using a third party SNMP tool.

Return to topics


Contact Lexmark
 

If you have any questions or encounter problems when collecting the data required in any of the items provided above, please close this window, go to your product's support page and locate  Get In Touch with Lexmark! for contact information. NOTE: When calling for support, you will need your printer model/machine type and serial number (SN).

Additional information may be requested by the support agent. Please be near the products described in this article to expedite the support process and reduce callbacks.

 



Link:
Please enter the email address you would like to send a copy of this page to.