Skip to main content
Peakay66
Peakay66
Participant
February 27, 2019
Answered

Is there a "Third Party Updates" catalog list for adobe products for SCCM usage?

  • February 27, 2019
  • 3 replies
  • 16498 views

Hi, is there a list of Catalogs available for adobe products for use with Third Party Updates in SCCM? The only ones I have found reference to don't appear to be signed. 

For Acrobat, I used https://armmf.adobe.com/arm-manifests/win/SCUP/AcrobatCatalog-DC.cab but this returns the following error. 

Catalog "Adobe Acrobat DC Catalog" does not include content signing certificates, attempts to publish update content for updates from this catalog may be unsuccessful until content signing certificates are added and approved.

Solution: Contact the catalog provider to obtain an updated catalog that includes the content signing certificates.

******************

I have this for Reader DC

https://armmf.adobe.com/arm-manifests/win/SCUP/ReaderCatalog-DC.cab

Catalog "Adobe Reader DC" does not include content signing certificates, attempts to publish update content for updates from this catalog may be unsuccessful until content signing certificates are added and approved.

Solution: Contact the catalog provider to obtain an updated catalog that includes the content signing certificates.

******************

I have this for Reader Classic

https://armmf.adobe.com/arm-manifests/win/SCUP/ReaderCatalog-2017.cab

Catalog "Adobe Reader Classic" does not include content signing certificates, attempts to publish update content for updates from this catalog may be unsuccessful until content signing certificates are added and approved.

Solution: Contact the catalog provider to obtain an updated catalog that includes the content signing certificates.

This topic has been closed for replies.
Correct answer Peakay66

what I found for me in case of use to others is that when SCCM had an issue with the certs, it blocked them.  Under administration, Security, Certificates - right click unblock and then the next day the updates were available.  One of them has an expiration date of 15/03/2019, so I may have other issues in a couple of weeks, have to wait and see. 

3 replies

U
user5162922
Participant
December 13, 2019

So it appears that some of the mps listed in cab are signed with old expired certs.

according to this.

Configuration Manager has a new version for the catalog cab file format. The new version includes the certificates for the vendor's binary files. These certificates are added to the Certificates node under Security in the Administration workspace once you approve and trust the catalog.

  • You can still use the older catalog cab file version as long as the download URL is https and the updates are signed. The content will fail to publish because the certificates for the binaries aren't in the cab file and already approved. You can work around this issue by finding the certificate in the Certificates node, unblocking it, then publish the update again. If you're publishing multiple updates signed with different certificates, you'll need to unblock each certificate that is used.

 

R
RandomITGuy
Participant
December 31, 2019

For the future folks who come here with the errors listed through out this post, our end came down to whitelisting. Previously we had been successful in working with this in the past having whitelisted the main sites listed in their set up for Third Party updates via SCCM (ex: https://armmf.adobe.com). Now while this allows the catalog to sync correctly and find the updates when going to publish we got the errors listed throughout this posting (ex: Remote server 403 forbidden, catalog is old format, ect.)

 

Well looking further into SMS_ISVUPDATES_SYNCAGENT log, it turned out that update themselves download from an different site/ location that needs to be whitelisted as well (http://armdl.adobe.com). Once this was done I was able to once again publish, download and deploy these updates without issue. I don't know if this is a recent change as it was not needed in the past but it worked. Hope this helps.  

AGrove92
AGrove92
Participant
March 8, 2019

Hi,

I have the same issue. I'm running SCCM current branch 1810 and I've added the adobe reader third party update for a customer today.

updates get imported from WSUS but when I try and approve them for use there is a check carried out on the cert validity. In the log file I get this

When I added the third party catalog there was a cert to be approved and that is still in my allow list and not blocked. The below settings have been used in the third party updates config.

Can I get an update on whether a cert is going to be issued for content signing or will I need to do this manually for the customer?

Thanks

Andrew

N
niw45693555
Participant
May 22, 2019

My issue the same as AGrove92:

Receiving following error in SMS_ISVUPDATES_SYNCAGENT.log when attempting to sync catalog for Adobe Acrobat Reader DC:


SyncUpdateCatalog: **** Warning: Catalog is old format, no content certificates are included and updates will not be deployable until certificates are trusted. ****

Using the following URL:
     https://armmf.adobe.com/arm-manifests/win/SCUP/ReaderCatalog-DC.cab

SCUP, Patch My PC, nor any other third party software update tool was used.

Running SCCM current branch 1902.

Able to download and publish update content in the past without issue.

Does anyone know if there is a different URL for catalog containing updates that include certificates?

Vendor name Adobe option has been added to SUP products selected list of items and the certificate is not blocked.

U
user5162922
Participant
December 12, 2019

@niw45693555 correct this is pretty horrible. Their help is  not updated and the cab files hashes are screwed up

Peakay66
Peakay66AuthorCorrect answer
Participant
March 4, 2019

what I found for me in case of use to others is that when SCCM had an issue with the certs, it blocked them.  Under administration, Security, Certificates - right click unblock and then the next day the updates were available.  One of them has an expiration date of 15/03/2019, so I may have other issues in a couple of weeks, have to wait and see. 

A
Anonymous
March 8, 2019

Hello,

I have checked the certs, and all are unblocked. However, when trying to publish Adobe updates in SCCM 1810, it fails.

As asked above, can we have the list of sites that we can ask our network team to add in the proxy exceptions, please? Internet in general is not allowed in my customers environment. We need to provide the sites and they then allow those as exception.

Many thanks

Ravi Sharma

EnterpriseHelp
EnterpriseHelp
Inspiring
March 8, 2019

See this doc: Blocking HTTPS Enpoints — DC Deployment Planning and Configuration.

Hope that's what you're looking for.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices