WS2008: The WSD Port Monitor

Welcome back!  If you’re just returning from a weekend, hopefully you got some time to yourself to relax.  It’s Day Eleven of our Windows Server 2008 Series.  Today’s topic – the new WSD Port Monitor.

The WSD Port Monitor is a new printer port monitor in Windows Vista and Windows Server 2008.  This port monitor supports printing to network devices that are designed to include Web Services for Devices (WSD) technology.  Web Services for Devices allows network-connected IP-based devices to advertise their functionality and offer these services to clients by using the Web Services protocol.  WSD-based devices and clients communicate over the network using a series of SOAP (Simple Object Access Protocol) messages over UDP and HTTP(S).  WSD for Devices provides a network plug-and-play experience that is similar to installing a USB device.  Web Services for Devices also defines a security profile that may be extended to provide additional protection and authentication using device-based certificates.

The WSD Port Monitor is installed by default on Windows Vista.  On Windows Server 2008, the port monitor is installed along with the Print Services server role.  Web Services for Devices is not available for Windows XP or Windows Server 2003.  These clients can print to WSD-based devices that are shared on computers running Windows Vista or Windows Server 2008.  There are four main tasks performed by the WSD Port Monitor:

  • Discover and connect to WSD-based network printers
  • Send print jobs to WSD printers
  • Monitor the status and configuration of the WSD printers and update the printer object status accordingly
  • Respond to bidirectional queries from WSD printers

These are the same functions provided by other port monitors (for example the Standard TCP/IP port monitor, tcpmon.dll).  The WSD Port Monitor is implemented in wsdmon.dll.  This DLL is loaded under the print spooler process (spoolsv.exe) and is defined as a port monitor in the following registry key: HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\WSD Port.  For WSD-based print devices, the WSD Port Monitor is used by default.  If the print device does not support the WSD Port Monitor, then the Standard TCP/IP Port Monitor is used instead.

Now that we know what the WSD Port Monitor does, let’s look at the communications mechanism used by WSD.  When a WSD-based printer is connected to a network, it sends out an unsolicited "Hello" message to advertise its presence.  Computers running Windows Vista or Windows Server 2008 listen for these advertisements and add the printer to their list of available network printer resources.  When a WSD-based device is gracefully removed from the network it sends another message (a "Bye" message) to advertise that it is no longer available.  In addition, Windows Vista and Windows Server 2008 machines can discover WSD-based printers by using a "Probe" message when searching for printers via Network Discovery or the Add Printer Wizard.  A typical WSD communication sequence is shown below:

WSD-Communication

Let’s examine each piece of this sequence:

  1. To find a printer, the client sends a multicast Probe message.  The Probe indicates that the client is looking for a print service.  The probe also indicates whether or not the client requires security.
  2. The WSD-based device listens for Probe messages and responds directly to the client with a Probe Match message since it hosts a print service.
  3. To find out more about the WSD device and what services it hosts, a client sends a Get Metadata message directly to the device using unicast.  Prior to sending a Get Metadata message, a client may also send a Resolve message if the name of the WSD device is known.
  4. The device replies with its metadata.  The metadata may either be in-line within the response message or the device may send a pointer to the metadata.  Besides information like the device manufacturer, serial number and firmware version, the metadata also includes the endpoint reference for each of the services hosted by the device.
  5. To find out more about the print service itself, the client may send a Get Metadata message directly to the service.
  6. The service replies with its metadata, including information about the operations that the service supports and printer-specific metadata (ability to print in color, pages per minute, number and size of paper trays etc).
  7. The client sends a message to start a print job.
  8. The service responds with a status to acknowledge the client request to start a print job.
  9. To receive updates on the status of the job or about the overall status of the print service, the client may send a Subscribe message to the print service.
  10. The Subscribe response message include an identifier for the subscription and when it will expire.  If the client needs status information after the expiration, it has to renew the subscription.
  11. The client sends the print job itself to the print service, encoding large images as attachments to the message.  Attachments are an optimization for transmitting a SOAP message by selectively re-encoding portions of the message while still presenting the required XML to the SOAP application.
  12. The print service responds to indicate that the job has been accepted.
  13. The print service sends an event to the client, informing it of, for instance, a change in the print job, number of pages printed, paper jam, completion etc.

Hello, Bye, Probe, Resolve and Get messages are all generated without network solicitation.  These messages are used to announce device state, issue a search request, or obtain metadata.  ProbeMatches, ResolveMatches, and GetResponse messages are generated in response to Probe, Resolve and Get messages.  Hello, Bye, Resolve and ResolveMatches messages are sent by UDP multicast to port 3702.  Get and GetResponse metadata messages occur over HTTP (TCP port 5357) or HTTPS (TCP port 5358).  Probe and ProbeMatches messages are sent over UDP (port 3702) unless they are "directed" messages.  A "directed" message is one where the WSD device name is known and accessed directly by name.  For directed messages, the Probe and ProbeMatches messages use the same ports as the Get and GetResponse metadata messages.  Obviously, to allow WSD network discovery, the Network Discovery firewall exceptions for the listed ports must be enabled in the Windows Firewall.  Finally, you can disable Multicast by setting the IGMPLevel value to 0 in the following registry key: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters.

And that brings Day Eleven to a close.  Tomorrow we’ll be looking at Printer Driver Packages.  Until next time …

Additional Resources:

CC Hameed


Share this post :