Microsoft has acknowledged a Windows 10 issue that impacts printing and scanning features. These devices might fail to print when using smart-card (PIV) authentication.

This issue has crept in after Microsoft released fixes for PrintNightmare on July 13, 2021 via update KB5004237. This might cause issue when you install updates released July 13, 2021 or later on a domain controller (DC).  The affected devices are smart card authenticating printers, scanners, and multifunction devices that don’t support DH.

Read the details of the issue below.

Printing and scanning might fail when these devices use smart-card authentication

StatusOriginating updateHistory
ConfirmedOS Build 19042.1110
KB5004237
2021-07-13
Last updated: 2021-07-23, 15:32 PT
Opened: 2021-07-23, 14:36 PT
After installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices which are not compliant with section 3.2.1 of RFC 4556 spec, might fail to print when using smart-card (PIV) authentication.
Affected platforms:
  • Client: Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Microsoft intends to provide a temporary mitigation in the near term. The permanent fix will come through updated settings, firmware, and drivers on PCs.

Next steps

If you encounter this issue with your printing or scanning devices, verify that you are using the latest firmware and drivers available for your device.  If your firmware and drivers are up-to-date and you still encounter this issue, we recommend that you contact the device manufacturer. Ask if a setting or configuration change is required to bring the device into compliance with the hardening change or if a compliant update will be available.

We are working on a temporary mitigation and will provide an update in the near term.  This temporary mitigation should allow printing and scanning to the affected devices. This will allow time for device manufacturers to release compliant firmware and drivers for their devices. Further, it should allow time to update settings, firmware, and drivers in your environment and make them compliant.

Note Devices that are affected when using smart card (PIV) authentication should work as expected when using username and password authentication.

VIAMicrosoft