• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Is there a "Third Party Updates" catalog list for adobe products for SCCM usage?

Community Beginner ,
Feb 26, 2019 Feb 26, 2019

Copy link to clipboard

Copied

Hi, is there a list of Catalogs available for adobe products for use with Third Party Updates in SCCM? The only ones I have found reference to don't appear to be signed. 

For Acrobat, I used https://armmf.adobe.com/arm-manifests/win/SCUP/AcrobatCatalog-DC.cab but this returns the following error. 

Catalog "Adobe Acrobat DC Catalog" does not include content signing certificates, attempts to publish update content for updates from this catalog may be unsuccessful until content signing certificates are added and approved.

Solution: Contact the catalog provider to obtain an updated catalog that includes the content signing certificates.

******************

I have this for Reader DC

https://armmf.adobe.com/arm-manifests/win/SCUP/ReaderCatalog-DC.cab

Catalog "Adobe Reader DC" does not include content signing certificates, attempts to publish update content for updates from this catalog may be unsuccessful until content signing certificates are added and approved.

Solution: Contact the catalog provider to obtain an updated catalog that includes the content signing certificates.

******************

I have this for Reader Classic

https://armmf.adobe.com/arm-manifests/win/SCUP/ReaderCatalog-2017.cab

Catalog "Adobe Reader Classic" does not include content signing certificates, attempts to publish update content for updates from this catalog may be unsuccessful until content signing certificates are added and approved.

Solution: Contact the catalog provider to obtain an updated catalog that includes the content signing certificates.

TOPICS
Acrobat

Views

13.0K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Community Beginner , Mar 03, 2019 Mar 03, 2019

what I found for me in case of use to others is that when SCCM had an issue with the certs, it blocked them.  Under administration, Security, Certificates - right click unblock and then the next day the updates were available.  One of them has an expiration date of 15/03/2019, so I may have other issues in a couple of weeks, have to wait and see. 

Votes

Translate

Translate
Community Beginner ,
Mar 03, 2019 Mar 03, 2019

Copy link to clipboard

Copied

what I found for me in case of use to others is that when SCCM had an issue with the certs, it blocked them.  Under administration, Security, Certificates - right click unblock and then the next day the updates were available.  One of them has an expiration date of 15/03/2019, so I may have other issues in a couple of weeks, have to wait and see. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Mar 07, 2019 Mar 07, 2019

Copy link to clipboard

Copied

Hello,

I have checked the certs, and all are unblocked. However, when trying to publish Adobe updates in SCCM 1810, it fails.

As asked above, can we have the list of sites that we can ask our network team to add in the proxy exceptions, please? Internet in general is not allowed in my customers environment. We need to provide the sites and they then allow those as exception.

Many thanks

Ravi Sharma

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Mar 07, 2019 Mar 07, 2019

Copy link to clipboard

Copied

See this doc: Blocking HTTPS Enpoints — DC Deployment Planning and Configuration.

Hope that's what you're looking for.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 13, 2019 Dec 13, 2019

Copy link to clipboard

Copied

That is stilll getting same error msg " Catalog is old format, no content certificates are included "

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Mar 07, 2019 Mar 07, 2019

Copy link to clipboard

Copied

Hi,

I have the same issue. I'm running SCCM current branch 1810 and I've added the adobe reader third party update for a customer today.

updates get imported from WSUS but when I try and approve them for use there is a check carried out on the cert validity. In the log file I get this

Adobe Cert Log.PNG

When I added the third party catalog there was a cert to be approved and that is still in my allow list and not blocked. The below settings have been used in the third party updates config.

Third Party Update setup.PNG

Can I get an update on whether a cert is going to be issued for content signing or will I need to do this manually for the customer?

Thanks

Andrew

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 22, 2019 May 22, 2019

Copy link to clipboard

Copied

My issue the same as AGrove92:

Receiving following error in SMS_ISVUPDATES_SYNCAGENT.log when attempting to sync catalog for Adobe Acrobat Reader DC:


SyncUpdateCatalog: **** Warning: Catalog is old format, no content certificates are included and updates will not be deployable until certificates are trusted. ****

Using the following URL:
     https://armmf.adobe.com/arm-manifests/win/SCUP/ReaderCatalog-DC.cab

SCUP, Patch My PC, nor any other third party software update tool was used.

Running SCCM current branch 1902.

Able to download and publish update content in the past without issue.

Does anyone know if there is a different URL for catalog containing updates that include certificates?

Vendor name Adobe option has been added to SUP products selected list of items and the certificate is not blocked.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 12, 2019 Dec 12, 2019

Copy link to clipboard

Copied

@niw45693555 correct this is pretty horrible. Their help is  not updated and the cab files hashes are screwed up

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 13, 2019 Dec 13, 2019

Copy link to clipboard

Copied

So it appears that some of the mps listed in cab are signed with old expired certs.

according to this.

Configuration Manager has a new version for the catalog cab file format. The new version includes the certificates for the vendor's binary files. These certificates are added to the Certificates node under Security in the Administration workspace once you approve and trust the catalog.

  • You can still use the older catalog cab file version as long as the download URL is https and the updates are signed. The content will fail to publish because the certificates for the binaries aren't in the cab file and already approved. You can work around this issue by finding the certificate in the Certificates node, unblocking it, then publish the update again. If you're publishing multiple updates signed with different certificates, you'll need to unblock each certificate that is used.

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 31, 2019 Dec 31, 2019

Copy link to clipboard

Copied

LATEST

For the future folks who come here with the errors listed through out this post, our end came down to whitelisting. Previously we had been successful in working with this in the past having whitelisted the main sites listed in their set up for Third Party updates via SCCM (ex: https://armmf.adobe.com). Now while this allows the catalog to sync correctly and find the updates when going to publish we got the errors listed throughout this posting (ex: Remote server 403 forbidden, catalog is old format, ect.)

 

Well looking further into SMS_ISVUPDATES_SYNCAGENT log, it turned out that update themselves download from an different site/ location that needs to be whitelisted as well (http://armdl.adobe.com). Once this was done I was able to once again publish, download and deploy these updates without issue. I don't know if this is a recent change as it was not needed in the past but it worked. Hope this helps.  

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines