Lexmark Print adds user functionality to an existing LPM system:

• Lexmark Print application support

  • View, print, or delete documents and print jobs in a user’s print queue.

  • View quota in a user’s queue.

  • Allow delegate printing from a user’s print queue.

  • Send documents to LPM for conversion and future printing.

• E-mail document submissions—Lets users send an e-mail to an account that the Lexmark Email Watcher monitors. When an e-mail is received, it is sent to LPM, and then converted to a printable document based on predefined conversion settings and user-specified settings. The job can be printed immediately on the specified printer, or it can be integrated with LPM and then printed later.

• AirPrint document submissions—Lets users of Apple devices running the iOS 6.1 or later or OS X 10.7 or later operating system software send documents to LPM. Users can send documents wirelessly to LPM, and then print the jobs later. In Print Management Console, AirPrint jobs are listed under the Site column as IPP Print.

Mobile Single Sign-On

Mobile Single Sign-On or Mobile SSO is a feature that allows the use of the organization's authentication token to access the LPM system. This feature reduces the number of times that a user has to log in when printing. This feature is supported only in the Android Print Plug-in application.

Configuring SSO with the mobile plug-in

Apply the following configuration in the plug-in application:

<?xml version="1.0" encoding="UTF-8"?>​

<config>

  <providers>
    <provider>
      <name>Prem Mobile SSO</name>
      <address>10.100.101.11></address>
      <providerType>server-premise</providerType>
      <auto-discover>true</auto-discover>
    </provider>
  </providers>

  <premise-server-config>
    <sso-url>orcton.eastasia.cloudapp.abc.com</sso-url>
    <sso-client-id>clientid</sso-client-id>
  </premise-server-config> 

   <behavior
    <import-configList>reset_all/<import-configList>
  </behavior>

</config>

As an administrator, introduce the following settings in Lexmark Print configuration file to hide the Logout option:

  <settings>
    ...
    <hide-logout>true</hide-logout>
  </settings>

Notes:

• Set the value to true to hide Logout option.
• This setting is not dependent on AD FS settings.
• By default, the Logout option is shown.
• The plug-in application imports the new configuration settings.

AD FS Management Console​

Notes:

• While creating a client-server application, select Server application or Server application accessing a web API.
• In the Redirect URL field, type lxkmobile://plugin.callback.

Print Management Console Settings

1. Click on the upper-right corner of Print Management Console.

2. Configure the ADFS and LDAP server settings:

   For ADFS Settings:

   1. Type the server address of the ADFS server.

   2. Import the SSL certificate for LPM to communicate to the ADFS server.

   3. Click Save Changes.

   For LDAP Settings:

   1. Click Add.

      Note: If the AD FS points to an existing Active Directory as the LDAP entry, then there is no need to follow the next steps.

   2. Configure the server details.

      Note: In the LDAP settings, add the Active Directory that the AD FS points to.

   3. Click Save Changes.

Supported e-mail protocols

If the e-mail submission functionality is used, then the e-mail server that hosts the account for LPM monitoring must support one of the following protocols:

• IMAP4

• POP3

• Exchange Web Services (EWS)

Supported printers for mobile device usage

Network printers that support PostScript emulation are supported as an output device. However, for the best and fastest output, we recommend any Lexmark printer that supports the PDF format.

Advanced finishing options such as staple and hole punch work only on Lexmark printers. Options for two-sided (duplex) printing may not work on non-Lexmark printers because of vendor-specific implementation.

Supported file formats

The following file formats are supported for document conversion:

Document conversion software dependencies

Document conversion is required for submission of e-mail and mobile application jobs. During installation, LPM detects the version of the installed document conversion software.

Before running the LPM installer, make sure that a supported document conversion application is installed on each Tomcat or application server that handles document conversions. We recommend installing the document conversion application before running the LPM installer for the solution to use it automatically.

Configuring the Lexmark Print application settings

1. From Lexmark Management Console, click the Solutions tab.

2. From the Solutions section, select mobileprint.

3. From the Tasks section, select Configuration, and then configure the settings.

4. Click Apply.

Understanding the mobile and e-mail configuration data

Limiting the maximum file size for each job submission

By default, the maximum file size for each job submission is 1GB. To change the default maximum file size, do the following:

1. From your computer, navigate to <Install-Dir>\Solutions\apps\lpm\WEB-INF\classes.

2. Using a text editor, open the application.yml file.

3. Set the maxFileSize and maxRequestSize.

4. Restart the Lexmark Solutions Application Server (LSAS) service.

Adding Lexmark Print to a software client group

1. From Lexmark Management Console, click the Software Client Groups tab.

2. From the Software Client Groups section, select Mobile Print.

3. From the Tasks section, select Client Profiles.

4. In the Address field, type the IP address (for example, 10.10.2.100) or subnet (for example, 10.10.*.*) of the mobile device or e-mail watcher server.

   Notes:

   • You can also import a CSV file of IP addresses or subnets.
   • Use the asterisk wildcard character (*) at the end of the IP address to search for all devices in that subnet. For example, type 10.10.*.* to accept incoming requests from devices within the range 10.10.0.1–10.10.255.255.

5. Click Add > Save.

Installing .NET framework

To enable interaction between LPM and Microsoft Office document conversion applications when using Lexmark Print version 3.0 or later, install .NET Framework 4.

Document conversion requires .NET Framework 4 to work properly. If .NET Framework 3.5 SP1 is already installed on the machine, then WIC is not necessary for installing .NET Framework 4.

Installing OpenOffice or LibreOffice

1. Download, and then run the setup wizard for OpenOffice or LibreOffice.

2. During installation, select Install this Application for Anyone who uses this computer.

3. Do either of the following:

   • For typical installation, make sure that the default installation path is accepted, and then install all the applications.

   • For custom installation, make sure that all main office applications are installed. The optional components can be installed at your discretion.

If OpenOffice or LibreOffice is installed after installing Lexmark Print, then after performing the previous instructions, do the following:

1. Stop the Lexmark Solutions Application Server service.

2. Navigate to the %SOLUTIONS_INSTALL_DIR%\apps\wf-ldss\WEB-INF\classes\ folder.

3. Using a text editor, open the OpenOfficeToPDFClass.properties file.

4. Set officeToPDF.defaultOfficeHomeDirectory to the location where OpenOffice or LibreOffice is installed.

   Note: For a typical LibreOffice 4 installation, the path is usually C:\Program Files (x86)\LibreOffice 4. Make sure that there is no trailing slash. Also, all backslashes in the path must be replaced with forward slashes.

5. Save the file.

6. Start the Lexmark Solutions Application Server service.

7. From the Lexmark Print application, update the conversion method setting to use the appropriate document converter.

Installing Microsoft Office

1. Download, and then run the setup wizard for Microsoft Office.

2. During installation, select Install this Application for Anyone who uses this computer.

3. Do either of the following:

   • For typical installation, make sure that the default installation path is accepted, and then install all the applications.

   • For custom installation, make sure that all main office applications are installed. The optional components can be installed at your discretion.

4. Do either of the following:

   • For 64-bit operating systems, navigate to C:\Windows\SysWOW64\config\systemprofile\ <folder>.

   • For 32-bit operating systems, navigate to C:\WINDOWS\system32\config\systemprofile\< folder>.

5. Create a directory or a folder inside the "systemprofile" path with the name Desktop.

6. If you are using Microsoft Office 2007, then install the Microsoft Save as PDF or XPS add-in.

7. If you want to convert Microsoft Excel documents (.xls and .xlsx), do the following:

   1. Navigate to the %SOLUTIONS_INSTALL_DIR%\lpm\msoffice folder.

   2. Run the createLsasUser.bat file as an administrator.

   3. Type your username and password.

      Note: This step creates a user account with administrative privileges.

   4. Log in to the created account, open the Microsoft Office components, and then complete the setup process.

      Note: This step creates the necessary folders for the user profile.

   5. Change the Lexmark Solution Application Server service to run as this user, and then restart the service.

If Microsoft Office is installed after installing Lexmark Print, then after performing the previous instructions, do the following:

1. Stop the Lexmark Solutions Application Server service.

2. Navigate to the %SOLUTIONS_INSTALL_DIR%\apps\wf-ldss\WEB-INF\classes\ folder.

3. Using a text editor, open the MsOfficeDocConvClass.properties file.

4. Set officeConv.execName to use one of the following executable files:

   • For Microsoft Office 2013, specify MsOffice2013DocConverter.exe.

   • For Microsoft Office 2010, specify MsOffice2010DocConverter.exe.

   • For Microsoft Office 2007, specify MsOffice2007DocConverter.exe.

5. Save the file.

6. Start the Lexmark Solutions Application Server service.

7. From the Lexmark Print application, update the conversion method setting to use the appropriate document converter.

Adding Lexmark Print Management to Lexmark Print

1. From your mobile device, open Lexmark Print.

2. From the application home screen, tap Find Device.

3. Tap Network Address, and then in the Address field, type IPaddress/mobile, where IPaddress is the IP address of the load balancer.

   Note: If your environment has a hardware or software load balancer in front of several subsystems, then type the hardware or software load balancer address.

4. Depending on your configuration, log in using your LDAP or Active Directory credentials. For more information, see Understanding the mobile and e-mail configuration data.

When you install Lexmark Print Management, selecting the e-mail component also installs Lexmark Email Watcher on the load balancer.

Lexmark Email Watcher is a Windows service that can be seen in the Windows Services control panel applet. Lexmark Email Watcher is not started during the Lexmark Print Management load balancer installation because the service must be configured before it is started. When a configuration change is made to this service, restart it for the update to take effect. Also, to enable the service to start after reboots, set its startup type to Automatic.

Understanding the Lexmark Email Watcher configuration data

Lexmark Email Watcher is installed in the base Lexmark Solutions folder that is selected when installing the load balancer. By default, the location is %ProgramFiles%\Lexmark\Solutions\EmailWatcher. The configuration file is config_EmailWatcher.properties and is located in the conf subfolder. A file that contains sample properties is installed. Some of the properties are commented out, and some are not in the file yet. Add the necessary properties for your email server.

Notes:

• Lexmark Email Watcher must be restarted if any changes are made to the configuration file. The changes do not take effect until the service is restarted.
• When troubleshooting, the log files are located in the .\EmailWatcher\logs folder. If the configuration file enables debugging, then the emailwatcher.log file contains extra logging. To enable more logging, open the .\EmailWatcher\conf\l4j_EmailWatcher.xml file. From the bottom of the file, change the level value for com.lexmark.tis.tools.emailwatcher and javax.mail to debug. Make sure that the properties are changed to info after the issue is resolved.
• To change the username or password, using a text editor, edit the property file, and then replace the encrypted entries with the new credentials. Restart Lexmark Email Watcher to read and re-encrypt the password.

Sample Lexmark Email Watcher config_emailwatcher.properties configurations

For IMAP

# Mandatory Properties
ldd.server=http://[ldd-lb-addr]:9780
ldd.profile=mobileprint
mail.server=imap.gmail.com
mail.user=test@company.com
mail.pw=notTheRealPassword

# Optional Properties.
mail.type=imap
mail.ssl=1
mail.tls=0
mail.port=993
mail.folder=INBOX
mail.allowIdle=1

debug=1

For Microsoft Exchange

# Mandatory Properties
ldd.server=http://[ldd-lb-addr]:9780
ldd.profile=mobileprint
mail.server=ews.mail.com
mail.domain=test_domain
mail.user=test_ews@company.com
mail.pw=notTheRealPassword

# Optional Properties.
mail.type=ews
mail.ssl=1
mail.folder=INBOX
mail.ignoreSSLCert=1

debug=1

Sample config_emailwatcher.properties file for Microsoft Exchange Online modern authentication in <LDD-install-path>\EmailWatcher\conf

Modern authentication authenticates the user through a single browser-based application, tenant ID, user ID, and the required details. The following is a sample batch file for Microsoft Exchange Online modern authentication.

# GENERAL CONFIGURATION
ldd.server=http://<Put LDD Server/LB IP>:9780

# STANDARD PRINT CONFIGURATION.
# This is the existing email watcher feature and is enabled by default.
# Do not use the same email account with guest print.
# Do not change the value of "ldd.profile".debug=1
#
standard.print.enable=1
ldd.profile=mobileprint

### Required only if not using Exchange Online.
### "mail.user" and "mail.pw" values will be replaced with encrypted text
### when EmailWatcher service is started. To change either of the values,
### simply replace the encrypted value with the new value. Please make sure
### that the values do not start with "ENC(" and end with ")".
mail.user=
mail.pw=

# GUEST PRINT CONFIGURATION
# Using the email service account specified below, EmailWatcher can monitor
# incoming print jobs from guest users. This feature is disabled by default.
# To enable, set "guest.print.enable" to 1.
#
# Do not use the same email account with standard print.
# Do not change the value of "ldd.profile.guest".
#
guest.print.enable=1
ldd.profile.guest=guestrelease

### Required only if not using Exchange Online.
### Specify the values for "mail.user.guest" and "mail.pwd.guest". Values will
### be replaced with encrypted text when EmailWatcher service is started.
### Make sure that the values do not start with "ENC(" and end with ")".
mail.user.guest=
mail.pw.guest=

# MAIL SERVER CONFIGURATION
# Uncomment then provide values for the applicable properties.
# If not applicable, keep it being commented out.
#
### Specify mail server address for IMAP, POP3, Exchange Premise mail types
### For Exchange Online, value is not required.
mail.server= 

mail.type=ews
#mail.domain=<mail domain>
#mail.ssl=< 0 or 1>
#mail.port=<mail server port>
mail.folder=INBOX
#mail.ignoreSSLCert=< 0 or 1 >
mail.poll=60
#mail.allowIdle=1  #If  Mail Server supports IMAP IDLE
mail.hideUserAndJobInfo=1

# ADDITIONAL SERVER CONFIGURATION FOR MS EXCHANGE
# Uncomment then provide values for the applicable properties.
# If not applicable, keep it being commented out.

### Authentication types:
###   basic     - For username/password authentication
###   oauth2    - Modern authentication (OAuth 2.0)
ews.auth.type=oauth2

### Authorization flows:
###   auth-code-with-client-id-secret     - OAuth 2.0 authorization code grant type, or auth code flow
ews.auth.grantType=auth-code-with-client-id-secret

### The generated application (client) ID of your registered
### app in Azure Active Directory.
ews.aad.clientId=076c7620-10e8-4418-9592-1f7a1a80868b

### The generated application (client) secret of your registered
### app in Azure Active Directory.
ews.aad.clientSecret=KeX8Q~Xd~wo.49fFqE_a6S.lMn~Pu6tQHhmE-a2c

### Identity platform endpoint to acquire security tokens
### For <tenant>, valid values are common, organizations, consumers, and tenant identifiers.
ews.aad.authority=https://login.microsoftonline.com/12709065-6e6c-41c9-9e4d-fb0a436969ce

### The redirect URI of your app, where authentication responses
### can be sent and received by your app. It must exactly match one
### of the redirect URIs you registered in the portal.
### You must specify a port in the URI. For example: https://localhost:5000/
ews.aad.redirectUri=http://localhost:9991/

### A space-separated list of scopes that you want the user to consent to.
### This value allows your app to get consent for multiple web APIs you want to call.
ews.aad.scopes=openid offline_access https://graph.microsoft.com/Mail.ReadWrite

### Indicates the type of user interaction that is required
### when authenticating the user.
### Valid values: login, consent, select_account
ews.aad.prompt=select_account

### The timeout (milliseconds) to wait for the user to input and validate their
### credentials for authentication.
ews.socket.timeout=300000

### Messages that will be printed in the oauth2 login tab of browser after acquiring the auth code.
ews.afterLoginMessage.standard=Authorization code for Email Watcher Standard Print service account has been successfully acquired. You can now close this tab.
ews.afterLoginMessage.guest=Authorization code for Email Watcher Guest Print service account has been successfully acquired. You can now close this tab.

### The delay (milliseconds) between authentication prompts
### when both standard and guest print features are enabled.
ews.auth.prompt.delay=5000

Modern authentication support for Lexmark Email Watcher

This feature authenticates the user through a single browser-based application, tenant ID, user ID, Azure ID, password, and other details. This feature applies only to Microsoft Exchange Online.

Understanding the authentication support requirements

Before you begin, make sure that modern authentication for LPM server is configured as follows:

Configuring client application and API permissions

1. Navigate to Microsoft Azure Portal.

   Note: The current URL of Microsoft Azure Portal is https://portal.azure.com /#home.

2. Click Azure Active Directory > App registrations.

   Note: If you want to register a new client, then click New registration.

3. Select the registered client application.

4. To add or generate a client secret for the application, do the following:

   1. Click Client credentials > New client secret.

   2. Type the description, and then specify the expiry date.

   3. Click Add.

      Note: Take note of the actual value of client secret as it will be masked after saving it.

5. To add Redirect URIs, do the following:

   1. Select Redirect URIs.

   2. Click Add a platform > Web.

   3. Enter a valid URI for the application.

      Note: The port details must be specified.

   4. Click Configure.

Setting API permissions for registered client applications

1. Navigate to Microsoft Azure Portal.

   Note: The current URL of Microsoft Azure Portal is https://portal.azure.com /#home.

2. Click Azure Active Directory > App registrations.

3. Select the registered client application.

4. In the left pane, select API permissions > Add a permission.

5. In the Microsoft APIs section, select Microsoft Graph > Delegated permissions.

6. In the Opened permissions section, select the following:

   • email

   • offline_access

   • openid

7. In the Mail section, select Mail.ReadWrite.

8. Select Add permissions.

Configuring modern authentication for LPM server

1. Configure the properties file of the application.

   Note: For more information on authentication settings and values, see Lexmark Modern Authentication for LPM server.

2. Run the command prompt as an administrator.

   Note: For more information on parameters, see Parameters.

3. From the User Account Control window, click Yes.

4. Navigate to the Email Watcher root directory: <C:\Program Files\Lexmark\Solutions\EmailWatcher\conf_>.

5. At the command prompt, type EmailWatcher.bat.

   Note: If the standard print feature is enabled, then the default browser is launched. If the default browser is already open, then a new tab is launched.

6. Type the user ID and password.

   Note: The credentials must be the same as that of the Microsoft Exchange Online mail user.

7. Click Sign in.

   Notes:

   • If the guest print feature is enabled, then the browser prompts you to enter the credentials of the service account for guest print.
   • After successful authentication, the application continues running in the background.

Lexmark Modern Authentication for LPM server

Parameters

Sample config_emailwatcher.properties file for Microsoft Exchange Online modern authentication in <LDD-install-path>\EmailWatcher\conf>

#------------------------------------------------------------------------------
# GENERAL CONFIGURATION
#------------------------------------------------------------------------------
ldd.server=http://<LB Server/LB IP>:9780

#------------------------------------------------------------------------------
# STANDARD PRINT CONFIGURATION
# This is the existing email watcher feature and is enabled by default.
# Do not use the same email account with guest print.
# Do not change the value of "ldd.profile"
#------------------------------------------------------------------------------

standard.print.enable=1
ldd.profile=mobileprint

### Required only if not using Exchange Online.
### "mail.user" and "mail.pw" values will be replaced with encrypted text
### when EmailWatcher service is started. To change either of the values,
### simply replace the encrypted value with the new value. Please make sure
### that the values do not start with "ENC(" end with ")".
mail.user=
mail.pw=

#------------------------------------------------------------------------------
# GUEST PRINT CONFIGURATION
# Using the email service account specified below, EmailWatcher can monitor
# incoming print jobs from guest users. This feature is disabled by default.
# To enable, set "guest.print.enable" to 1. 
#
# Do not use the same email account with standard print.
# Do not change the value of "ldd.profile.guest".
#------------------------------------------------------------------------------
guest.print.enable=1
ldd.profile.guest=guestrelease

### Required only if not using Exchange Online.
### Specify the values for # "mail.user.guest" and "mail.pwd.guest". Values will
### be replaced with encrypted text when EmailWatcher service is started.
### Make sure that the values do not start with "ENC(" and end with ")".
mail.user.guest=
mail.pw.guest=

#------------------------------------------------------------------------------
# MAIL SERVER CONFIGURATION
# Uncomment then provide values for the applicable properties.
# If not applicable, keep it being commented out.
#------------------------------------------------------------------------------
### Specify mail server address for IMAP, POP3, Exchange Premise mail types
### For Exchange Online, value is not required.
mail.server= 
mail.type=ews
#mail.domain=<mail domain>
#mail.ssl=< 0 or 1 >
#mail.port=<mail server port>
mail.folder=INBOX
#mail.ignoreSSLCert=< 0 or 1 >
mail.poll=60
#mail.allowIdle=1  #If  Mail Server supports IMAP IDLE
mail.hideUserAndJobInfo=1
#------------------------------------------------------------------------------
# ADDITIONAL SERVER CONFIGURATION FOR MS EXCHANGE
# Uncomment then provide values for the applicable properties.
# If not applicable, keep it being commented out.
#------------------------------------------------------------------------------
### Authentication types:
###   basic     - For username/password authentication
###   oauth2    - Modern authentication (OAuth 2.0)
ews.auth.type=oauth2

### Authorization flows:
###   auth-code-with-client-id-secret     - OAuth 2.0 authorization code grant type, or auth code flow
ews.auth.grantType=auth-code-with-client-id-secret

### The generated application (client) ID of your registered
### app in Azure Active Directory.
ews.aad.clientId=076c7620-10e8-4418-9592-1f7a1a80868b

### The generated application (client) secret of your registered
### app in Azure Active Directory.
ews.aad.clientSecret=KeX8Q~Xd~wo.49fFqE_a6S.lMn~Pu6tQHhmE-a2c

### Identity platform endpoint to acquire security tokens
### ### For tenant, valid values are common, organizations, consumers, and tenant identifiers.
ews.aad.authority=https://login.microsoftonline.com/12709065-6e6c-41c9-9e4d-fb0a436969ce

### The redirect URI of your app, where authentication responses
### can be sent and received by your app. It must exactly match one
### of the redirect URIs you registered in the portal.
### You must specify a port in the URI. For example: https://localhost:5000/
ews.aad.redirectUri=http://localhost:9991/

### A space-separated list of scopes that you want the user to consent to.
### This value allows your app to get consent for multiple web APIs you want to call.
ews.aad.scopes=openid offline_access https://graph.microsoft.com/Mail.ReadWrite

### Indicates the type of user interaction that is required
### when authenticating the user.
### Valid values: login, consent, select_account
ews.aad.prompt=select_account

### The timeout (milliseconds) to wait for the user to input and validate their
### credentials for authentication.
ews.socket.timeout=300000

### Messages that will be printed in the oauth2 login tab of browser after acquiring the auth code.
ews.afterLoginMessage.standard=Authorization code for Email Watcher Standard Print service account has been successfully acquired. You can now close this tab.
ews.afterLoginMessage.guest=Authorization code for Email Watcher Guest Print service account has been successfully acquired. You can now close this tab.

### The delay (milliseconds) between authentication prompts
### when both standard and guest print features are enabled.
ews.auth.prompt.delay=5000 

Understanding e-mail print options

When you submit an e-mail, several options are available that can be sent with the printer address or nickname that manages the output. To use the print options, make sure that Device ID is set to First Word of Subject. For more information, see Understanding the mobile and e-mail configuration data.

The options are specified after the device ID.

See the following examples:

Configuring printer nicknames

Printer nicknames map a user-friendly nickname and the IP address of a printer. When configured, printer nicknames let users use the nickname instead of the IP address when submitting jobs.

1. Open a web browser, and then type http://IPaddress:9780/printrelease/, where IPaddress is the IP address of the load balancer.

2. Log in as an administrator.

   Notes:

   • The default user name and password is admin.
   • The default credentials are the same as those in Lexmark Management Console (LMC).
   • If the Print Management Console is configured to connect to an LDAP server, then use your LDAP user name and password.

3. Depending on your configuration, from the Print Management Console, do either of the following:

   • Click Printer Nicknames.

   • Click Device Functions > Printer Nicknames.

4. Manage the printers.

   • Filter the list by typing the keywords in the Filter field, and then clicking .

     Note: Do not use special characters or symbols.

   • Refresh the list by clicking .

   • Add, edit, or delete printers.

When installing Lexmark Print Management, select the AirPrint component to enable the AirPrint feature.

Accessing AirPrint configuration

1. Open a web browser, and then type http://IPaddress:0001/#/settings/configAccess, where IPaddress is the IP address of the load balancer.

2. From the side navigation, click the AirPrint group.

Understanding AirPrint discovery

To perform AirPrint advertisement and service discovery for Lexmark Print Management, do either of the following:

Unicast

• Configure a Microsoft DNS server. For more information, see Configuring DNS servers for AirPrint advertisement.

• Configure BIND for Windows DNS Server. For more information, see Configuring BIND for AirPrint advertisement.

Multicast

1. Access the AirPrint configuration page. For more information, see Accessing AirPrint configuration.

2. From the General tab, select Enable Bonjour discovery.