Hostnames and addresses in UNC paths.

Matching the queue information (ip, port, UNC path) submitted by the client to the data configured for the secure queue is the basic mechanism by which Secure determines if a job should be secured or not.

These comparisons are simple string comparisons, in other words, the supplied values are examined, if they match, the job is secured, if they do not, the job will not be secured. For IP address and port, this isn't too much of a concern, but with UNC paths, it's important to understand that the values are being compared, that no lookups or any additional resolving of the supplied data will continue.

So consider a device shared from PRINTSERVER.MYDOMAIN.LOCAL with the share name PRINTER, and the hosting computer has an IP address of 192.168.0.210.  The following are all valid UNC's to address that printer from within Windows:

\\192.168.0.210\PRINTER

\\PRINTSERVER\PRINTER

\\PRINTSERVER.MYDOMAIN.LOCAL\PRINTER

Setting up a queue on a windows workstation using any of these UNC's will result in a functional print queue.

But these are not equivalent to Secure, if one value is used on the client workstation, and another used on the server, the queue will not secure jobs due to the mismatch.

The secure client does not do name service lookups, neither will it strip, or append the domain name to the computer name, depending on which is supplied.

Double checking what information is being submitted by the client would typically be done by examining the logs.

Extended logging on the Secure Client is covered in this KB.

Then open the PASSpoolntegrationEvent.log file and the UNC's being supplied by the client (when a shared printer is printed to) will be iterated.  Look for lines similar to:

Jan 11, 2018 07:42:05 PrinterAddressFinder - Got a UNC of \\PRINTSERVER\PRINTER

And compare that value to the one setup for the queue in Secure Server.
How did we do with this article?