Copy link to clipboard
Copied
When trying to download Adobe Acrobat Reader DC updates released in February ( http://armdl.adobe.com/pub/adobe/reader/win/AcrobatDC/1901020098/AcroRdrDCUpd1901020098_MUI.msp and
http://armdl.adobe.com/pub/adobe/reader/win/AcrobatDC/1901020098/AcroRdrDCUpd1901020098.msp )
, I am receiving error messages on my SCCM server:
"Signature check on downloaded binary has failed".
After downloading the file manually, I checked the certificate used on the .msp package.
The certificate used expired on 3/15/2019:
I was able to get these updates to download by accepting the (expired) certificate under Administration -> Security -> Certificates section of the SCCM console.
After I unblocked the cert, I searched for the update under All Software Updates (Vendor = Adobe) -> "Publish(ed) Third-Party Software Update Content" -> Checked the SMS_ISVUPDATES_SYNCAGENT.log for "Successfully added content" -> Configured the Software Update Component to run a sync in 10 mins -> the update is now listed as not metadata
...Copy link to clipboard
Copied
Adobe, any plans to fix this?
The code signing certificate has been expired for several weeks. The Product Updates page also contains an expired certificate.
Copy link to clipboard
Copied
Hi Chris,
The team says the cert is valid and has asked if you're using the latest SCUP catalog. You should be seeing an exp date of 2021.
Copy link to clipboard
Copied
As far as SCUP goes, this functionality is now builtin with the release of SCCM 1806 (Enable third party updates - Configuration Manager | Microsoft Docs ).
So there's no longer the need for the SCUP application.
As far as catalogs, I have added all of the catalogs listed on the following Adobe Page: SCCM-SCUP — DC Windows Desktop Deployment to my SCCM site (see screenshot above). It seems as though some of the catalogs on that page have certs that are no longer valid.
Please advise if there is a different page that has Adobe catalog URL's.
Copy link to clipboard
Copied
It appears the catalog/cert issue will be resolved in the next update. Probably next week.
Copy link to clipboard
Copied
Thanks for the update. Is this the correct page that I should be using for your list of catalogs?
Copy link to clipboard
Copied
I was able to get these updates to download by accepting the (expired) certificate under Administration -> Security -> Certificates section of the SCCM console.
After I unblocked the cert, I searched for the update under All Software Updates (Vendor = Adobe) -> "Publish(ed) Third-Party Software Update Content" -> Checked the SMS_ISVUPDATES_SYNCAGENT.log for "Successfully added content" -> Configured the Software Update Component to run a sync in 10 mins -> the update is now listed as not metadata only. I was then able to download the update to my software update package and add to my software update group.
This is not a preferred approach as accepting expired certs is not ideal, but it allowed me to download Adobe Reader updates.
I checked the certs on the following page: SCCM-SCUP — DC Windows Desktop Deployment and there are still 3 catalogs that have expired certs:
Copy link to clipboard
Copied
Hi Chris, thanks for your diligence. I agree it's not optimal. As mentioned above, this will be corrected next week.
I'm also forwarding these posts to engineering.
Copy link to clipboard
Copied
This issue is a few months old ...
But i didn't want to open a new one, because we have the same issue now.
The Certificate is expired again. The certificate wich the msp is signed with, is expired in December 2019.
We are using the following Catalogs:
URL: http://armmf.adobe.com/arm-manifests/win/SCUP
File: ReaderCatalog-DC.cab
Same problem with the FlashPlayer Update Catalog:
URL: https://fpdownload.adobe.com/get/flashplayer/distribution/win
File: AdobeFlashPlayerCatalog_SCUP.cab