Printer Share not working “Operation could not be completed 0x00000709” error

Help!
1

File sharing works fine through HAProxy, and I can see the printer shared through HAProxy.
But when I’m on a Win10 system and double click on the printer shared via HAProxy I get an “Operation could not be completed 0x00000709” error.
No error when going directly to the Win10 system sharing the printer.
I’m new to HAProxy and have never gotten printer sharing to work, so this might be a newbe error.

Tshark on the Ubuntu system running HAProxy shows a lot of SMB packets on port 445 as you would expect with the printer share visible to the Win10 client.
But then the connection starts to go to DCERPC protocol over some higher ports like 50213 then EPM protocol and finally a RST and the connection is closed.

My goal is to eventually get HAProxy to load balance two print servers, but I’m not able to get one print server working through HAProxy.

No firewall issues:
sudo firewall-cmd --list-all
sudo: firewall-cmd: command not found
sudo ufw status verbose
Status: inactive

cfg file looks valid.
sudo haproxy -c -f /etc/haproxy/haproxy.cfg
Configuration file is valid

It’s running.
sudo systemctl status haproxy.service -l --no-pager
Active: active (running) since Thu 2023-06-15

sudo journalctl -u haproxy.service --since today --no-pager
Jun 15 16:01:23 LM-U systemd[1]: Starting HAProxy Load Balancer…
Jun 15 16:01:23 LM-U haproxy[2071]: [NOTICE] (2071) : New worker #1 (2073) forked
Jun 15 16:01:23 LM-U systemd[1]: Started HAProxy Load Balancer.

cat /etc/haproxy/haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
    ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
log global
mode tcp
option tcplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

frontend ft_tcp
bind *:88
bind *:135
bind *:137
bind *:138
bind *:139
bind *:445
default_backend bk_tcp

backend bk_tcp
mode tcp
balance roundrobin
stick-table type ip size 200k expire 60s
stick on src
default-server inter 1s
server lm-xws 10.0.0.5

Any suggestions would be greatly appreciated.

2

Haproxy only supports TCP. Forwarding UDP traffic is not supported.

I guess some of those ports you configured are supposed to be UDP ports. Others may be missing.

I’m afraid that this may not be a common use case for haproxy and it is unlikely that you are going to find SMB experts in here.

You can bind to port ranges, even huges ones (although it doesn’t scale that well), so you may try something like:

frontend ft_tcp
 bind :88-65535
 default_backend bk_tcp

To forward everything between 88 and 65535.

3

Thanks for the information lukastribus.

UDP - I don’t think that’s an issue here. SMB and other protocols should be over TCP.

I have seen instances where HAProxy works for printer sharing, I just cannot get my environment working, so I’m still hopeful.

I tried to bind to all related ports:
frontend ft_tcp
bind *:88-65535
default_backend bk_tcp
But then I couldn’t get anything to work :slight_smile:

sudo systemctl restart haproxy
Job for haproxy.service failed because the control process exited with error code.
See “systemctl status haproxy.service” and “journalctl -xeu haproxy.service” for details.

But systemctl status haproxy.service still showed “active (running)”

journalctl -xeu haproxy.service still looked good.
Jun 16 14:15:20 LM-U haproxy[7641]: [NOTICE] (7641) : New worker #1 (7644) forked
Jun 16 14:15:20 LM-U systemd[1]: Started HAProxy Load Balancer.
░░ Subject: A start job for unit haproxy.service has finished successfully
░░ Defined-By: systemd
░░ Support: Enterprise open source support | Ubuntu
░░
░░ A start job for unit haproxy.service has finished successfully.
░░
░░ The job identifier is 2866.

But my Win10 client showed “Cannot access \10.0.0.7” error for even viewing the shared folder and printer.