Error 0x0000011b when connecting to a printer
Symptoms
After installing a Windows Update, the following error 0x0000011b might be displayed on computers when trying to connect to a printer:
Environment
There are three updates released recently that may provide this behavior: (KB5005613, KB5005627 and KB5005563).
The reason for this updates is to correct an exploit vulnerability in printer driver injection (called PrintNightmare). This exploit in the Windows Point and Print feature, enabled the possibility to perform remote code execution and gain local SYSTEM privileges.
When the first updates were released, they did not automatically protect the machines. Users had to create a Registry Key to mitigate the vulnerability manually, however, in September's patch, Microsoft enabled this setting by default for every Windows device, and that is when users started experiencing the 0x0000011b error when trying to use network printers.
Please see Unable to Print after Applying Windows Update KB5004945 (aka "Print Nightmare" Fix) for more information.
Solution
Option 1
Follow and apply Microsoft's recommendations on how to handle printer installation after having applied these updates:
Managing deployment of Printer RPC binding changes for CVE-2021-1678 (KB4599464)
KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates
Option 2 - Uninstall the update
One temporary solution could be to uninstall the update from the print servers. In the case of using Windows Server Update Services (WSUS), the update should also be disapproved.
Option 3 - Disable the new requirement
Also as temporary measure, instead of uninstalling the update, it should be possible to deactivate this new implementation to control the exploit by changing a value in the registry key.
Please do the following:
- In the Windows search box, type regedit, and select Registry Editor
- Navigate to the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Print key
- Create a new DWORD-32 bit value named RpcAuthnLevelPrivacyEnabled, and set it to 0
- Restart the print spooler service
The registry key must be applied on print servers and client computers.
Additional resources
- Managing deployment of Printer RPC binding changes for CVE-2021-1678 (KB4599464)
- KB5005652—Manage new Point and Print default driver installation behavior (CVE-2021-34481)
- KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates