Copy link to clipboard
Copied
We observed Adobe Acrobat Reader 21.001.20135 version is perventing users from connecting to global protect. If the users login in Global protect and the screen freezes and there is a background error message which says 'The Acrobat PDF browser plug -in is missing Please reinstall Adobe Acrobat or Adobe Acrobat Reader to fix this problem. Please reinstall Adobe Acrobat or Adobe Acrobat Reader to fix this problem" After uninstalling the Reader users are able to login to Global Protect. We see IE Addons of Adobe Enabled still we see the issue. Tried disabling the add on but no luck? Any one facing similar issue? Any thoughts on how to fix this issue?
Hi All,
We have released update today which addresses this issue. Release notes of the update: https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/continuous/dccontinuousfeb2021qfe.html#dccontinuousfebtwentytwentyoneqfe
Let us know if this fixes this issue for you all.
Thanks,
Karan
Copy link to clipboard
Copied
Hello Sai,
Thank you for reaching out and sorry for the trouble.
The team is looking into this issue.
As you receive the error, please share the screenshot of the following setting: Edit > Preferences > Internet.
Share the OS version on the machine.
Also, try once to remove the application and reboot the machine. You may use the cleaner tool for windows (https://www.adobe.com/devnet-docs/acrobatetk/tools/Labs/cleaner.html#windows) to remove the application.
Then reinstall the application from this link: https://get.adobe.com/reader/enterprise/
Let us know how it goes.
Thanks,
Meenakshi
Copy link to clipboard
Copied
Hi Meenakshi,
Thank you for reverting.
We've attached the Internet option in the current version of Adobe.
Further the OS version is Windows 10 1909.
We were deploying Adobe from SCCM and we've disabled product updates with the Adobe customization Wizard DC. We've updated to 2020.013.20074 but we have few users who are aleady compliant to this version and the software didn't install due to Detection method has met the requirement. For these users we suspect it got auto updated from internet once the new version is released on February 9th. We will reinstall this version again on one of the machines which has this issue. Please let me know if you need any further information.
Thank you
Sai
Copy link to clipboard
Copied
Copy link to clipboard
Copied
We are experiencing the exact same problem, note that this Adobe update addresses a critical zero-day vulnerability, so rolling back is not a good option. I confirmed it happens on both an old version of GP 5.0.2 and our current version of 5.2.3-22. Although the behavior is not consisent, sometimes it does go through eventually after hanging at a blank window for a moment.We are still testing, but any more input from adobe on this would be helpful....
Copy link to clipboard
Copied
Same exact problem in our environment. The dialog stating that the browser plug-in has to be reinstalled is inhibiting our Global Protect users from logging in to Global Protect. Uninstalling and reinstalling is not an appropriate fix for this issue.
Our users are mostly remote and do not have the ability to add or remove software. And there are hundreds of them.
This is obviously a fairly widespread issue. Please release a fix or fixed version ASAP.
Copy link to clipboard
Copied
A temporary workaround is to cancel the error message and then the GP login box works. You only have a few seconds to cancel the error, before it disappears.
Copy link to clipboard
Copied
I'd prefer not to have to walk 300 users through figuring out how to cancel a hidden dialog.
This is the dialog that is presented:
Copy link to clipboard
Copied
Definitely not ideal, but our Art Operations Team (200+ users) are using it temporarily to at least get logged in.
Copy link to clipboard
Copied
I agree that it's a workaround. We have limited staff available to walk users through it is really the primary issue.
Copy link to clipboard
Copied
This is Adobe's response to this issue:
Seems they don't want to fix because it's a "3rd party issue".
They need to know how GlobalProtect is interacting with their plugin? It's not.
It's simply displaying an html dialog for authentication. Whatever mechanism they're using to call IE no longer sees the plugin after the update to 21.001.20135. This issue wasn't present prior to 21.001.20135 ... so it's quite clearly an issue with this version of Reader.
Copy link to clipboard
Copied
Hi,
We understand this has caused a lot of inconvenience. We are actively working to fix this issue on highest priority. Please let us (engineering team) know if you can join us for a meeting to resolve this at a faster pace. You can write to me directly at asrivastATadobeDOTcom.
Thanks for your patience,
-Amboo
Copy link to clipboard
Copied
Copy link to clipboard
Copied
Thank you very much!
This is an amazing direction and resolved on a few workstations.
Now need to think about the best way to distribute the installation to thousands of PCs
Copy link to clipboard
Copied
We're another organization being bitten by this. I'm unfamiliar with Global Protect, but we are seeing that the plug in is not installed.
Copy link to clipboard
Copied
Same for our organization. I have a ticket opened with Palo Alto, but not sure what help they will be to us.
Copy link to clipboard
Copied
Thank you - this was going to be our next action - please update us if you get any kind of info!
Copy link to clipboard
Copied
Per Palo Alto, this is an Adobe issue. They are seeing issues across different types of login (LDAP, SAML). They are suggesting to downgrade the version of Adobe Acrobat until they can patch it.
"Thanks for the update. Yes I can lower and keep monitoring.
From what we've seen the Adobe update is breaking the SAML page somehow. I don't see any patches worked on from a GP standpoint.
Apparently, other vendors are affected as well so this is something Adobe will have to patch soon.
If I receive any notice about a possible GP hotfix or an adobe patch, I'll notify you asap."
Copy link to clipboard
Copied
Thank you for the update- we are left wondering in our org why Globalprotect has any interaction with Adobe at all when doing a SAML auth. For now we disabled auto update via SCCM and are rolling people back on adobe, although this is only temporary due to the security holes
Copy link to clipboard
Copied
We wonder the same. Doesn't make a whole lot of sense.
Copy link to clipboard
Copied
Technically it doesn't, it seems Adobe PDF IE extension isn't properly loading when opening from embedded browser via a WinForm or WPF desktop Application such as Global Protect but instead of failing silently it throws that error message and doesn't allow you to continue until the message box is closed. It's pretty common for desktop applications to use WebComponents / IE Frames for SSO purposes
Global Protect 5.2 does have a new feature if you are able to use it https://docs.paloaltonetworks.com/globalprotect/5-2/globalprotect-app-new-features/new-features-rele...
Copy link to clipboard
Copied
Having same issues here. Uninstalling Adobe Reader and restarting fixes all issues with Global Protect.
Copy link to clipboard
Copied
For those till dealing with this issue, we've found a workaround that's fairly simple for users to perform themselves and allows users to authenticate without the hidden dialog popping up. Disable the Adobe PDF Reader add-on in IE. It may be here:
or here:
Good luck!
Copy link to clipboard
Copied
I verified this works too! Thank you!
Copy link to clipboard
Copied
Good find. That worked for me and I'll push this simple fix out to the rest of the users at my company. Thanks defaultgvyr4vhafhlf.