Creation of UPS Printer Fails With Error "Client printer auto-creation failed"

Description

Creation of printers configured in Universal Print Server (UPS) policy fails when user logs on.

The following are some of the symptoms of this issue:

In the event viewer, the following message appears on the server/desktop where the user logs on: \
Client printer auto-creation failed. The driver could not be installed. Possible reasons for the failure: The driver is not in the list of drivers on the server. The driver cannot be located. The driver has not been mapped. Client name: () Printer: (\\printserver\printername) Printer driver: ()

Printers are not created on the user’s session.
The printer is created but the printer has the status “not configured”.

In all the cases, the user is unable to print or connect to the UPS printer.

Background

When a user is a member of large number of security groups in Active Directory, this can cause failure to create printers configured using a Universal Print Server policy.

Resolution

As shown in the following Universal Print Server architecture, the client and the server communicate over the HTTP protocol.

User-added image

As the user is a member of a large group of security groups in Active Directory, this can cause issues for the size of the request header the UPS normally can handle. By default the maximum size is 8192 bytes (8K) for this cookie.

Complete one of the following options to resolve this issue.

Option 1

Limit the number of security groups that the user is member of in the Active Directory.

Option 2

When the UPS print server software is installed, there is an Apache web server configured with it. This web server is installed in the following location:
C:\Program Files\Citrix\XTE\

The conf folder contains a file named httpd.conf

Add the following parameter LimitRequestFieldSize 65535 in the httpd.conf file before #Citrix_Begin or after #Citrix_End.
This changes the size of the request header to a maximum of 64K (similar to the maximum size for a Kerberos ticket).
When the configuration file is changed, restart the UPS services (or restart the server completely) for the changes to take effect.
Note: This option needs to be changed on all of the print servers where the UPS software is installed. This also affects all users and no users or groups can be excluded.

Workaround

Complete the following steps as a workaround to fix the issue:

Remove the user from several Active Directory security groups. The creation of the printer succeeds.
Change the name of the print server to the IP address of the print server. The creation of the printer succeeds.

Problem Cause

When a user is a member of a large number of security groups in the Active Directory it can fail to create printers configured using a Universal Print Server policy.

Issue/Introduction

This article provides resolution when creation of UPS printer fails with error "Client printer auto-creation failed".

Additional Information

Citrix Discussions - Citrix UPS Setup issues when adding network printer to host

The MaxTokenSize by default is 12,000 bytes. This has been the default value since Windows 2000 SP2 and still remains in Windows 7 and Windows 2008 R2. As the company grows, the groups within the organization also grows. If your Kerberos token becomes too big, your users will receive error messages during login; and applications that use Kerberos authentication potentially fail as well. This is why the default value is not a hard limit; the maximum recommended configuration is 48000 bytes or 64k.

Note: It is recommended that you do not set the MaxTokenSize greater than 48000 bytes or 64k. If you set the MaxTokenSize greater than 48000 bytes, applications using Kerberos authentication could potentially fail.

Refer to How to use Group Policy to add the MaxTokenSize registry entry to multiple computers for more information.

Welcome to "KB Articles"