Copy link to clipboard
Copied
We are setting up to receive flash background updates from an internal server for our 5000+ enterprise pcs running windows 7 64bit and Windows 10
Current mms.cfg
AutoUpdateDisable=0
SilentAutoUpdateEnable=1
SilentAutoUpdateServerDomain=SVRTSTR2
SilentAutoUpdateVerboseLogging=1
Note- the server is running server 2016, with IIS, and the website is set up with an SSL certificate and the cab files were extracted to the site with the correct folder structure
Here is the log:
2018-1-3+3-4-0.217 [info] 1629 SVRTSTR2
2018-1-3+3-4-0.220 [info] 1614
2018-1-3+3-4-0.222 [info] 1615
2018-1-3+3-4-0.224 [info] 1618
2018-1-3+3-4-0.226 [info] 1604
2018-1-3+3-4-0.226 [info] 1608
2018-1-3+3-4-0.227 [info] 1612
2018-1-3+3-4-0.232 [info] 1620
2018-1-3+4-4-0.198 [info] 1629 SVRTSTR2
2018-1-3+4-4-0.199 [info] 1614
2018-1-3+4-4-0.201 [info] 1615
2018-1-3+4-4-0.204 [info] 1618
2018-1-3+4-4-0.207 [info] 1619 1063
2018-1-3+4-4-0.228 [info] 1629 SVRTSTR2
2018-1-3+4-4-0.232 [info] 1614
2018-1-3+4-4-0.234 [info] 1615
2018-1-3+4-4-0.236 [info] 1618
2018-1-3+4-4-0.238 [info] 1604
2018-1-3+4-4-0.238 [info] 1608
2018-1-3+4-4-0.238 [info] 1612
2018-1-3+4-4-0.239 [info] 1620
2018-1-3+5-4-0.181 [info] 1629 SVRTSTR2
2018-1-3+5-4-0.181 [info] 1614
2018-1-3+5-4-0.184 [info] 1615
2018-1-3+5-4-0.186 [info] 1618
2018-1-3+5-4-0.190 [info] 1619 1063
2018-1-3+5-4-0.212 [info] 1629 SVRTSTR2
2018-1-3+5-4-0.215 [info] 1614
2018-1-3+5-4-0.217 [info] 1615
2018-1-3+5-4-0.219 [info] 1618
2018-1-3+5-4-0.220 [info] 1604
2018-1-3+5-4-0.220 [info] 1608
2018-1-3+5-4-0.228 [info] 1631 /pub/flashplayer/update/current/sau/currentmajor.xml
2018-1-3+5-4-0.320 [warning] 1470 12175
2018-1-3+5-4-0.321 [warning] 1474 183
2018-1-3+5-4-0.321 [warning] 1475
2018-1-3+5-4-0.322 [info] 1432
2018-1-3+5-4-0.322 [info] 1612
2018-1-3+5-4-0.323 [info] 1620
2018-1-3+6-4-0.259 [info] 1629 SVRTSTR2
2018-1-3+6-4-0.260 [info] 1614
2018-1-3+6-4-0.263 [info] 1615
2018-1-3+6-4-0.265 [info] 1618
2018-1-3+6-4-0.268 [info] 1619 1063
2018-1-3+6-4-0.295 [info] 1629 SVRTSTR2
2018-1-3+6-4-0.297 [info] 1614
2018-1-3+6-4-0.299 [info] 1615
2018-1-3+6-4-0.301 [info] 1618
2018-1-3+6-4-0.303 [info] 1608
2018-1-3+6-4-0.303 [info] 1604
2018-1-3+6-4-0.303 [info] 1612
2018-1-3+6-4-0.304 [info] 1620
2018-1-3+7-4-0.328 [info] 1629 SVRTSTR2
2018-1-3+7-4-0.328 [info] 1614
2018-1-3+7-4-0.331 [info] 1615
2018-1-3+7-4-0.333 [info] 1618
2018-1-3+7-4-0.335 [info] 1619 1063
Please assist
NOTE:
-I have already tried deleting the reg key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Macromedia\FlashPlayerSAU\LastUpdateCheck
-I have imported the Cert to the Trusted Root Certification Authorities store (local computer) on the workstation
I can view the files on a browser(firefox/chrome/IE11) from the workstation by entering https://svrtstr2/ --I get the IIS landing page, and can navigate the folder strucure all the way through without error
Copy link to clipboard
Copied
Thank you for posting the log file with background update verbose logging enabled. Very helpful.
The request to the /pub/flashplayer/update/current/sau/currentmajor.xml is failing, due to Microsoft error code 12175. From Error Messages (Windows) :
ERROR_WINHTTP_SECURE_FAILURE
One or more errors were found in the Secure Sockets Layer (SSL) certificate sent by the server. To determine what type of error was encountered, check for a WINHTTP_CALLBACK_STATUS_SECURE_FAILURE notification in a status callback function. For more information, see WINHTTP_STATUS_CALLBACK.
A few things to check:
Note that Flash Player ActiveX will not install on Windows 10 as Microsoft integrates Flash Player ActiveX in IE and Edge browsers and all Flash Player ActiveX for IE/Edge are released by Microsoft via Windows Update.
<EDIT>
Not sure if I missed the screenshots, or if you posted them after. According to the screenshots, the SSL cert is issued to flashupdates.kaplanic.com but this is not what you have in the mms.cfg file.
<EDIT_2>
The IE screenshot also shows a certificate error. This is most likely the culprit. Please resolve the certificate error and try again.
Copy link to clipboard
Copied
Hello,
I have a new cert with the correct domain:
I deleted the reg key:
I set the 443 bindings on the server:
I'm still not getting updated:
2018-1-12+14-29-18.383 [info] 1631 /pub/flashplayer/update/current/sau/currentmajor.xml
2018-1-12+14-29-18.476 [warning] 1470 12175
2018-1-12+14-29-18.476 [warning] 1474 183
2018-1-12+14-29-18.477 [warning] 1475
2018-1-12+14-29-18.477 [info] 1432
2018-1-12+14-29-18.479 [info] 1612
2018-1-12+14-29-18.479 [info] 1620
2018-1-12+14-51-55.75 [info] 1629 SVRTSTR2.charlie.kaplaninc.com
2018-1-12+14-51-55.76 [info] 1614
2018-1-12+14-51-55.78 [info] 1615
2018-1-12+14-51-55.81 [info] 1618
2018-1-12+14-51-55.84 [info] 1619 1063
2018-1-12+14-51-55.111 [info] 1629 SVRTSTR2.charlie.kaplaninc.com
2018-1-12+14-51-55.113 [info] 1614
2018-1-12+14-51-55.115 [info] 1615
2018-1-12+14-51-55.117 [info] 1618
2018-1-12+14-51-55.119 [info] 1604
2018-1-12+14-51-55.119 [info] 1608
2018-1-12+14-51-55.134 [info] 1631 /pub/flashplayer/update/current/sau/currentmajor.xml
2018-1-12+14-51-55.191 [warning] 1470 12175
2018-1-12+14-51-55.191 [warning] 1474 183
2018-1-12+14-51-55.192 [warning] 1475
2018-1-12+14-51-55.192 [info] 1432
2018-1-12+14-51-55.194 [info] 1612
2018-1-12+14-51-55.195 [info] 1620
Copy link to clipboard
Copied
It's failing due to the same reason as before.
Your most recent screenshot indicates the certificate is assigned to flashupdates.charlie.kaplaninc.com, but the log file has SVRTSTR2.charlie.kaplaninc.com The server domain names are not the same. Please use flashupdates.charlie.kaplaninc.com in the mms.cfg file instead of SVRTSTR2.charlie.kaplaninc.com. If you need to use SVRTSTR2.charlie.kaplaninc.com, then you'll need to get a certificate with that name.
Copy link to clipboard
Copied
Hello,
Thank you for your response. Am I to understand that the server name must match the certificate name?
I thought just the domain names must match. I do not see anywhere in the documentation instructions that the server name and the certificate name must match?
I have a server with computername: SVRTSTR2
it is on the Domain: Charlie.Kaplaninc.com
Are you saying that I must name the certificate: SVRTSTR2.charlie.kaplaninc.com
Or, alternatively, could I rename the computername of the server : flashupdates
Copy link to clipboard
Copied
Yes they must match.
Which ever one will work for you.
I'll ensure the Admin Guide is updated with this information.
Copy link to clipboard
Copied
Hello,
I renamed the server--still no joy
2018-1-15+19-57-47.953 [info] 1629 flashupdates.charlie.kaplaninc.com
2018-1-15+19-57-47.956 [info] 1614
2018-1-15+19-57-47.958 [info] 1615
2018-1-15+19-57-47.960 [info] 1618
2018-1-15+19-57-47.962 [info] 1604
2018-1-15+19-57-47.963 [info] 1608
2018-1-15+19-57-47.976 [info] 1631 /pub/flashplayer/update/current/sau/currentmajor.xml
2018-1-15+19-57-48.276 [warning] 1474 12044
2018-1-15+19-57-48.280 [warning] 1475
2018-1-15+19-57-48.283 [info] 1432
2018-1-15+19-57-48.288 [info] 1612
2018-1-15+19-57-48.289 [info] 1620
2018-1-15+20-4-0.339 [info] 1629 flashupdates.charlie.kaplaninc.com
2018-1-15+20-4-0.340 [info] 1614
2018-1-15+20-4-0.343 [info] 1615
2018-1-15+20-4-0.345 [info] 1618
2018-1-15+20-4-0.348 [info] 1619 1063
2018-1-15+20-4-0.378 [info] 1629 flashupdates.charlie.kaplaninc.com
2018-1-15+20-4-0.380 [info] 1614
2018-1-15+20-4-0.383 [info] 1615
2018-1-15+20-4-0.385 [info] 1618
2018-1-15+20-4-0.386 [info] 1604
2018-1-15+20-4-0.386 [info] 1608
2018-1-15+20-4-0.395 [info] 1631 /pub/flashplayer/update/current/sau/currentmajor.xml
2018-1-15+20-4-5.696 [info] 1622 4
2018-1-15+20-4-5.703 [info] 1622 4
2018-1-15+20-4-21.395 [warning] 1470 12002
2018-1-15+20-4-21.395 [warning] 1474 183
2018-1-15+20-4-21.399 [warning] 1475
2018-1-15+20-4-21.403 [info] 1432
2018-1-15+20-4-21.408 [info] 1612
2018-1-15+20-4-21.409 [info] 1620
2018-1-15+20-5-53.494 [info] 1629 flashupdates.charlie.kaplaninc.com
2018-1-15+20-5-53.494 [info] 1614
2018-1-15+20-5-53.497 [info] 1615
2018-1-15+20-5-53.500 [info] 1618
2018-1-15+20-5-53.503 [info] 1619 1063
2018-1-15+20-5-53.519 [info] 1629 flashupdates.charlie.kaplaninc.com
2018-1-15+20-5-53.523 [info] 1614
2018-1-15+20-5-53.529 [info] 1615
2018-1-15+20-5-53.531 [info] 1618
2018-1-15+20-5-53.536 [info] 1604
2018-1-15+20-5-53.536 [info] 1608
2018-1-15+20-5-53.537 [info] 1612
2018-1-15+20-5-53.550 [info] 1620
2018-1-15+20-6-10.534 [info] 1629 flashupdates.charlie.kaplaninc.com
2018-1-15+20-6-10.534 [info] 1614
2018-1-15+20-6-10.537 [info] 1615
2018-1-15+20-6-10.539 [info] 1618
2018-1-15+20-6-10.541 [info] 1619 1063
2018-1-15+20-6-10.574 [info] 1629 flashupdates.charlie.kaplaninc.com
2018-1-15+20-6-10.574 [info] 1614
2018-1-15+20-6-10.577 [info] 1615
2018-1-15+20-6-10.580 [info] 1618
2018-1-15+20-6-10.583 [info] 1604
2018-1-15+20-6-10.583 [info] 1608
2018-1-15+20-6-10.599 [info] 1631 /pub/flashplayer/update/current/sau/currentmajor.xml
2018-1-15+20-6-10.789 [warning] 1474 12044
2018-1-15+20-6-10.795 [warning] 1475
2018-1-15+20-6-10.799 [info] 1432
2018-1-15+20-6-10.802 [info] 1612
2018-1-15+20-6-10.803 [info] 1620
2018-1-15+20-9-45.175 [info] 1629 flashupdates.charlie.kaplaninc.com
2018-1-15+20-9-45.175 [info] 1614
2018-1-15+20-9-45.178 [info] 1615
2018-1-15+20-9-45.180 [info] 1618
2018-1-15+20-9-45.183 [info] 1619 1063
2018-1-15+20-9-45.221 [info] 1629 flashupdates.charlie.kaplaninc.com
2018-1-15+20-9-45.224 [info] 1614
2018-1-15+20-9-45.226 [info] 1615
2018-1-15+20-9-45.233 [info] 1618
2018-1-15+20-9-45.235 [info] 1604
2018-1-15+20-9-45.236 [info] 1608
2018-1-15+20-9-45.251 [info] 1631 /pub/flashplayer/update/current/sau/currentmajor.xml
2018-1-15+20-9-45.349 [warning] 1474 12044
2018-1-15+20-9-45.349 [warning] 1475
2018-1-15+20-9-45.350 [info] 1432
2018-1-15+20-9-45.351 [info] 1612
2018-1-15+20-9-45.352 [info] 1620
I get this if I try to go to the pub folder:
Copy link to clipboard
Copied
did you try to reboot everything? just a silly but sometimes useful option
Copy link to clipboard
Copied
So, it sounds like the certificate issue has been resolved, but now you have a file system permissions issue. The entire directory path to the files, and the files themselves, need to be accessible. As per the screenshot you currently don't have access to the required directory path. You need to troubleshoot the file system permissions issue on your server and fix that.
Copy link to clipboard
Copied
Interesting...because if you notice my screenshot in my original post- I did have access to the full path from the browser....
Copy link to clipboard
Copied
The first screenshot was for a different server, https://svrtstr2/pub/flashplayer/update/current/sau .
The most recent screenshots shows 'error 403 - access denied' when attempting to access https://flashupdates.charlie.kaplaninc.com/pub , which is the server name in the mms.cfg file, as indicated by the log file.
Copy link to clipboard
Copied
same server- just that I renamed it per instruction
Copy link to clipboard
Copied
The physical server is the same, but now the name is different. Something in your configuration setting is now resulting in the error. Are you able to access the XML file itself?
Do you have directory browsing enabled on the server? disabled directory browsing does result in the 403 error when attempting to view the directory contents.
Copy link to clipboard
Copied
Copy link to clipboard
Copied
directory browsing enabled on the server---please provide instructions to get this working--I have done all the required steps and have never gotten it to work
Copy link to clipboard
Copied
I can't provide instructions on how to troubleshoot your server configuration. You'll need to do that. The issues you are encountering are not at all related to Background Updates, they are related to the server configuration.
After checking which server to use (local or Adobe), Background Update process checks the mms.cfg file to see if the client is opted into Background Updates, if it is, it then checks the currentmajor.xml file to see if there is an update available. The request tom and/or response from, the currentmajor.xml file is failing due to server configuration issues. There are 2 numbers in the log file, after the info/warning column. The first number is the Background Update code. The second number is the corresponding Windows Error code.
Pertinent Background Update codes in the log file are:
Looking through the log file, there are various Windows Error codes associated with codes 1470 and 1474. The Windows error codes are available at WinHttpReceiveResponse function (Windows) . Here is a summary of the Windows Error codes I'm seeing in the most recent log file you posted:
ERROR_WINHTTP_TIMEOUT
The request has timed out.
ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED
Returned by WinHttpReceiveResponse when the server requests client authentication.
Windows Server 2003 with SP1 and Windows XP with SP2: This error is not supported.
ERROR_WINHTTP_SECURE_FAILURE
One or more errors were found in the Secure Sockets Layer (SSL) certificate sent by the server. To determine what type of error was encountered, check for a WINHTTP_CALLBACK_STATUS_SECURE_FAILURE notification in a status callback function. For more information, see WINHTTP_STATUS_CALLBACK.
The request timing out is that it took too long to get a response. This could be network related (firewall, proxy server, something else).
This MSDN article may be of assistance SSL in WinHTTP (Windows)
Copy link to clipboard
Copied
I can access the directory structure now:
but here is the log from running FlashPlayerUpdateService.exe
018-1-17+18-1-47.883 [info] 1629 flashupdates.charlie.kaplaninc.com
2018-1-17+18-1-47.885 [info] 1614
2018-1-17+18-1-47.886 [info] 1615
2018-1-17+18-1-47.886 [info] 1618
2018-1-17+18-1-47.887 [info] 1619 1063
2018-1-17+18-1-47.903 [info] 1629 flashupdates.charlie.kaplaninc.com
2018-1-17+18-1-47.905 [info] 1614
2018-1-17+18-1-47.906 [info] 1615
2018-1-17+18-1-47.908 [info] 1618
2018-1-17+18-1-47.910 [info] 1604
2018-1-17+18-1-47.910 [info] 1608
2018-1-17+18-1-47.931 [info] 1631 /pub/flashplayer/update/current/sau/currentmajor.xml
2018-1-17+18-1-48.5 [warning] 1474 12044
2018-1-17+18-1-48.6 [warning] 1475
2018-1-17+18-1-48.6 [info] 1432
2018-1-17+18-1-48.7 [info] 1612
2018-1-17+18-1-48.8 [info] 1620
Copy link to clipboard
Copied
It's still failing due to Error 12044:
ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED
Returned by WinHttpReceiveResponse when the server requests client authentication.
Windows Server 2003 with SP1 and Windows XP with SP2: This error is not supported.
What happens when you navigate directly to the https://flashupdates.charlie.kaplaninc.com/pub/flashplayer/update/current/sau/currentmajor.xml using a web browser? Does it display a security warning before loading the page contents? Please describe the exact behaviour you observe when navigating directly to the page.
Copy link to clipboard
Copied
Goes straight to it:
If I click the lock:
Copy link to clipboard
Copied
Are you using a self-signed certificate or a certificate from a trusted certificate authority, such as DigiCert?
If so, have you installed the certificate to the root certificate store on the client system? It's not clear to me if all of your screenshots are from the same system (the server) or from a server and client, and would like to confirm how your test environment is set up.
Copy link to clipboard
Copied
I'm using a self signed certificate build in house by our infosec team.
I install the certificate to the trusted Root Certification Authorities store on the client computer
The screenshots are from the client
exept for the screenshots showing IIS- those are from the server:
Copy link to clipboard
Copied
I would recommend using a cert signed by a trusted certificate authority. The error is coming from a Windows API (WinHTTPReceiveResponse, referring to client authentication), not Flash Player code. See links I posted previously to Microsoft documentation.
Copy link to clipboard
Copied
Can you please provide a certificate?
Copy link to clipboard
Copied
No, Adobe is not a certificate authority and cannot provide that. There are numerous certificate authorities (e.g. DigiCert) you can use.
Copy link to clipboard
Copied
OK- so for clarification- you are saying that this internal server solution for distributing adobe flash updates only works if the customer buys a certificate from a third party certificate authority? It will not work with a self signed certificate?