Help Center menu


Mobility Print manual


Configure Mobility Print behind a Network Load Balancer

A Network Load Balancer helps to effectively spread the load of incoming print requests across all print servers that sit behind the load balancer. This provides two benefits:

  • Benefit 1: SysAdmins can easily increase load capabilities simply by adding print servers.
  • Benefit 2: If one of the print servers behind a load balancer fails, users can still print because their print jobs are redirected to the remaining active print servers.

Requirements for Load Balancing with Mobility Print

In order for Mobility Print to work behind a network load balancer, you need to configure all the Mobility Print servers behind the load balancer to:

  • Direct users to the address of the load balancer, instead of its own address.
  • Configure each Mobility Print Server to use the same JSON Web Token (JWT) key, which is used to authenticate print jobs.
  • Configure all the Mobility Print servers to host all the same print queues. Thankfully there are easy methods to migrate print queues from one Windows server to another, and this could be automated with scheduled tasks and PrintBRM.exe

Network Load Balancer Considerations



To avoid user sessions to Mobility Print from flipping between back-end Mobility Print Servers behind a Network Load Balancer affinity should be configured on the Network Load Balancer.  

Ensuring that affinity is configured will help to avoid issues such as IPP requests from macOS or Linux devices flipping between servers which otherwise could potentially overwrite existing jobs in flight with the same IS.  

Header based affinity using an “Authorization” header is probably sufficient, or if you can guarantee that all users are NOT connecting from behind a NAT then IP based affinity could be used.

Health checks

A suitable endpoint for health checking the Mobility Print server is path /health from server version 1.0.3400 and above, alternatively /login/ (the admin UI login page). It is a regular page that responds with HTTP 200.


To configure the Mobility Print servers


  1. Make a copy of the auth.jwt.key file from one of the Mobility Print servers. This file is in the [Mobility Print install folder]\data\config folder. It will be copied to all the other servers so they use this token as well.
  2. Then on each of the other Mobility Print servers perform these steps:
    1. Stop the Mobility Print Services on each Mobility Print server.
    2. Navigate to [Mobility Print install folder]\data\config\ and rename the auth.jwt.key file to auth.jwt.key_old.
    3. Copy the auth.jwt.key from step 1 into the [Mobility Print install folder]\data\config\ folder on each Mobility Print server.
    4. In the same folder on each Mobility Print server open the file dns.conf.toml with a text editor like Notepad.
    5. Edit the line Accessible IP=“ ” to put the IP address of the Network Load Balancer in between the quotation marks.
    6. If required to present a different port other than the default 9164 (eg. 443) Find the entry AccessibleHTTPSPort and set it to a desired value.
    7. Save the file.
    8. Restart the Mobility Print Services on each Mobility Print server.
  3. Windows users may need to re-add Mobility Print queues to their workstations, as their tokens will now likely be invalid.
  4. Test. The clients should now be able to successfully deliver print jobs to all print servers behind the Network Load Balancer.


Listen ports

Typically, the Mobility Print server would not be directly accessible. The Load Balancer exposes only standard ports (e.g. 443) (this is generally a hard requirement with Cloud providers).

The Mobility Print server allows you to customize the port on which it is accessible externally either by changing its listening port or by presenting its client links using another port such as 443 rather than the default 9164 while continuing to listen on 9164.

  • If the Mobility Print server’s HTTPS accessible port needs to be changed, such as with HTTP / L7 load balancer; it can be set via the AccessibleHTTPSPort config entry in data/config/dns.conf.toml as shown in the configuration section above.

  • If the Mobility Print server’s listen port(s) need to be changed, such as with a non-proxying (forwarding) network / TCP / L4 load balancer; they can be changed in the config file found in [Mobility Print install folder]

In pc-mobility-print.conf, the section:

"Services": [
        "Path": "v*/mobility-print",
        "Args": ["-dataDir=${ServiceRoot}/data", "", "-features=\"fullIPPLogging\""],
        "GracefulShutdownTimeoutSecs": 10,
        "RestartDelaySecs": 5,
        "MaxCrashCount": 10

can have additional Args added to specify the ports, like:

"Services": [
        "Path": "v*/mobility-print",
        "Args": ["-dataDir=${ServiceRoot}/data", "", "-features=\"fullIPPLogging\"", "-httpPort=80", "-httpsPort=443"],
        "GracefulShutdownTimeoutSecs": 10,
        "RestartDelaySecs": 5,
        "MaxCrashCount": 10

Save the changes and restart the Mobility service. After applying either port change method and once the configuration takes effect, visiting end-user device /setup pages will now allow discovery and printing to happen using a different port.

Note that with individual clients there may be slight differences between managed and BYOD deployments that may require further configuration.

Managed Chrome clients

If using managed Chrome client configuration, the following settings are relevant:

  • If also using Print Deploy, PrintDeployServerHosts should include load balancer hostname (only) for the Print Deploy server, e.g., and AccessiblePrintDeployTLSPort should be the port, e.g. 443.

  • Otherwise, MobilityPrintServerHosts should include the load balancer address for the Mobility Print server, e.g.

StrictSSLCheckingEnabled can be set to true when using CA-signed certificates to ensure that native TLS is used (instead of encrypted HTTP).

App Server connection

By default, the Mobility Print server will look at print-provider.conf to determine the connection details for the App Server. If the App Server is also behind a load balancer relative to the Mobility Print server (needed to target the active instance in an active/passive HA failover setup), then the load balancer’s hostname and port should be added to data/config/papercut-server.conf.


Note that ApplicationServerPort should typically be set to 80 (as the Print Provider is HTTP-only) - the Mobility Print Server will special-case this and use 443 when connecting.

See Also

For more information, check out the Network Load Balancing page.