Copy link to clipboard
Copied
Hi, is there a list of Catalogs available for adobe products for use with Third Party Updates in SCCM? The only ones I have found reference to don't appear to be signed.
For Acrobat, I used https://armmf.adobe.com/arm-manifests/win/SCUP/AcrobatCatalog-DC.cab but this returns the following error.
Catalog "Adobe Acrobat DC Catalog" does not include content signing certificates, attempts to publish update content for updates from this catalog may be unsuccessful until content signing certificates are added and approved.
Solution: Contact the catalog provider to obtain an updated catalog that includes the content signing certificates.
******************
I have this for Reader DC
https://armmf.adobe.com/arm-manifests/win/SCUP/ReaderCatalog-DC.cab
Catalog "Adobe Reader DC" does not include content signing certificates, attempts to publish update content for updates from this catalog may be unsuccessful until content signing certificates are added and approved.
Solution: Contact the catalog provider to obtain an updated catalog that includes the content signing certificates.
******************
I have this for Reader Classic
https://armmf.adobe.com/arm-manifests/win/SCUP/ReaderCatalog-2017.cab
Catalog "Adobe Reader Classic" does not include content signing certificates, attempts to publish update content for updates from this catalog may be unsuccessful until content signing certificates are added and approved.
Solution: Contact the catalog provider to obtain an updated catalog that includes the content signing certificates.
what I found for me in case of use to others is that when SCCM had an issue with the certs, it blocked them. Under administration, Security, Certificates - right click unblock and then the next day the updates were available. One of them has an expiration date of 15/03/2019, so I may have other issues in a couple of weeks, have to wait and see.
Copy link to clipboard
Copied
what I found for me in case of use to others is that when SCCM had an issue with the certs, it blocked them. Under administration, Security, Certificates - right click unblock and then the next day the updates were available. One of them has an expiration date of 15/03/2019, so I may have other issues in a couple of weeks, have to wait and see.
Copy link to clipboard
Copied
Hello,
I have checked the certs, and all are unblocked. However, when trying to publish Adobe updates in SCCM 1810, it fails.
As asked above, can we have the list of sites that we can ask our network team to add in the proxy exceptions, please? Internet in general is not allowed in my customers environment. We need to provide the sites and they then allow those as exception.
Many thanks
Ravi Sharma
Copy link to clipboard
Copied
See this doc: Blocking HTTPS Enpoints — DC Deployment Planning and Configuration.
Hope that's what you're looking for.
Copy link to clipboard
Copied
That is stilll getting same error msg " Catalog is old format, no content certificates are included "
Copy link to clipboard
Copied
Hi,
I have the same issue. I'm running SCCM current branch 1810 and I've added the adobe reader third party update for a customer today.
updates get imported from WSUS but when I try and approve them for use there is a check carried out on the cert validity. In the log file I get this
When I added the third party catalog there was a cert to be approved and that is still in my allow list and not blocked. The below settings have been used in the third party updates config.
Can I get an update on whether a cert is going to be issued for content signing or will I need to do this manually for the customer?
Thanks
Andrew
Copy link to clipboard
Copied
My issue the same as AGrove92:
Receiving following error in SMS_ISVUPDATES_SYNCAGENT.log when attempting to sync catalog for Adobe Acrobat Reader DC:
SyncUpdateCatalog: **** Warning: Catalog is old format, no content certificates are included and updates will not be deployable until certificates are trusted. ****
Using the following URL:
https://armmf.adobe.com/arm-manifests/win/SCUP/ReaderCatalog-DC.cab
SCUP, Patch My PC, nor any other third party software update tool was used.
Running SCCM current branch 1902.
Able to download and publish update content in the past without issue.
Does anyone know if there is a different URL for catalog containing updates that include certificates?
Vendor name Adobe option has been added to SUP products selected list of items and the certificate is not blocked.
Copy link to clipboard
Copied
@niw45693555 correct this is pretty horrible. Their help is not updated and the cab files hashes are screwed up
Copy link to clipboard
Copied
So it appears that some of the mps listed in cab are signed with old expired certs.
according to this.
Configuration Manager has a new version for the catalog cab file format. The new version includes the certificates for the vendor's binary files. These certificates are added to the Certificates node under Security in the Administration workspace once you approve and trust the catalog.
Copy link to clipboard
Copied
For the future folks who come here with the errors listed through out this post, our end came down to whitelisting. Previously we had been successful in working with this in the past having whitelisted the main sites listed in their set up for Third Party updates via SCCM (ex: https://armmf.adobe.com). Now while this allows the catalog to sync correctly and find the updates when going to publish we got the errors listed throughout this posting (ex: Remote server 403 forbidden, catalog is old format, ect.)
Well looking further into SMS_ISVUPDATES_SYNCAGENT log, it turned out that update themselves download from an different site/ location that needs to be whitelisted as well (http://armdl.adobe.com). Once this was done I was able to once again publish, download and deploy these updates without issue. I don't know if this is a recent change as it was not needed in the past but it worked. Hope this helps.