14 Replies Latest reply: Nov 20, 2012 11:05 PM by Frustrated in AZ RSS

    Unable to activate via TMG

    WestminsterSA Community Member

      I am unable to activate Digital Editions on our school network. We need to use this software, as the library is now doing ebook loans.

      I am able to go to http://adeactivate.adobe.com/

      When I open up Digital Editions it asks for my username and password (for the Microsoft TMG proxy) but fails over and over and I receive the E_ADEPT_IO ActivationServiceInfo Error%20#2032

      I do not see anything in the TMG logs when I open Digital Editions and enter in the password.

      I have also tested with the Firewall on the desktops disabled.

        • 2. Re: Unable to activate via TMG
          WestminsterSA Community Member

          I managed to chat with an Adobe representative. He gave me basic fixes.

          Then he told me that Adobe only support the install of Digital Edition as a Local Administrator on a network with no proxies. I explained how that was very bad for security and he closed the chat session.

          This is terrible, considering we HAVE TO use these terrible proprietary ACSM files in our school because that is what the ebook borrowing software we will be using, uses.

          • 3. Re: Unable to activate via TMG
            WestminsterSA Community Member

            I have now figured out at which stage it is failing.

            Using http://www.wireshark.org/download.html I discover that Digital Editions is successful in accessing http://adeactivate.adobe.com/adept/ActivationServiceInfo which downloads ActivationServiceInfo.acsm

            It appears to be failing after downloading that file.

            This means that Digital Editions is having no problem going through the firewall until after it downloads that file and tries to run it.

             

            This is the proxy error I receive at that stage "Expert Info (Chat/Sequence): HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )"

             

            Why does it authenticate fine to the proxy for the first part but fails for the second part?

            • 4. Re: Unable to activate via TMG
              WestminsterSA Community Member

              I have so far discovered that I need to allow adobe.com and macromedia.com through my proxy as anonymous users.

              Why the hell doesn't Adobe Digital Editions use the system wide proxy? This can be fixed? Why can't it use the system wide proxy. This just seems mental to me.

              • 5. Re: Unable to activate via TMG
                Frustrated in AZ Community Member

                I read the thread, and I'm puzzled.

                 

                First, ADE was never intended to be used via a network.  It's just a

                library management system designed to be used by one user at a time.  If

                the Adobe rep tried to get it running on a network, he probably wasn't

                trained in ADE.

                 

                Next, I think you're confused - and probably others are as well.  ADE works

                with the implementation of Digital Rights Management (DRM) that comes from

                Adobe Content Server - which is entirely separate software.  And that may

                be why you think you have to use ADE. But that's not true.  ADE is not the

                only implementation of DRM.

                 

                Digital rights have been incorporated into several other software systems

                that are used commercially (in contrast to ADE), and some of those systems

                are being used for multiple users in a situation like yours.  The most

                obvious one is Overdrive.  It's used by a large number of libraries and

                publication houses to distribute and manage multiple sites and multiple

                users.  If you're thinking of 'distributing' textbooks to students, that's

                a parallel to libraries loaning ebooks to patrons, and Overdrive will work

                just fine for that.

                 

                I'm sure that this isn't the answer you were looking for, but....

                 

                =================

                • 6. Re: Unable to activate via TMG
                  WestminsterSA Community Member

                  First, I have never said I wanted to run it via the network. I said I want it to run on a local machine. The problem is that all the machines can only access the Internet via our Microsoft Forefront Threat Management Gateway. This is where the problem lies. The reason this fails is that ADE is NOT authenticating to the proxy. It appears to be using the system wide proxy but then tries to access the Internet using an anonymous user. This is bad software design.

                   

                  Next, I think you didn't read my comments very well. The company that we are working with, to allow students to borrow eBooks, uses ACSM files which requires us to use ADE. Do not make assumptions.

                   

                  We are using http://www.wheelersbooks.com.au/info/ebooks/

                  • 7. Re: Unable to activate via TMG
                    Frustrated in AZ Community Member

                    Thanks for clarifying the environment.  That helps.

                     

                    But, as far as the use of ADE is concerned, the website that you've

                    referenced states that they use Digital Rights Management.  I didn't go far

                    into the site, but you should not make the assumption that you must use

                    Digital Editions, perhaps because it's from the same vendor as the DRM

                    protection software.  You could use Calibre, Overdrive, Bluefire Reader (or

                    Apple software) and achieve the same results.  .ascm files work with all of

                    those products (but Apple has implemented DRM a bit differently).

                     

                    I'm not an Adobe employee, nor did I work on the design of the software.

                    However, I have worked in programming extensively during my 40 year career,

                    and I've been emmeshed in similar design situations.  The blending of

                    distribution from a central point and software that's designed to be

                    downloaded individually from the vendor's site doesn't work well - and

                    that's why I commented on the 'network' side of things.  The software

                    coding gets difficult if access to the Internet is controlled by a gateway,

                    which I think is what you're saying.  It's not that Adobe has a 'bad

                    design' - it's that Adobe did not design its software to be downloaded in

                    your environment.

                    I understand the need to try to manage access to the Internet in an

                    environment like yours.  In my experience, resolving this conundrum

                    involves figuring out whether you will permit the user to download

                    according to the software's expectations or not.  The alternative that

                    might work is to have the users download the software directly from

                    whichever product vendor you select.  I don't think you'll have this issue

                    if you use Overdrive or Calibre.  I can't speak for Bluefire Reader.

                     

                    ==============

                    • 8. Re: Unable to activate via TMG
                      WestminsterSA Community Member

                      From Calibre's FAQ:

                      How do I use purchased EPUB books with calibre?

                      Most purchased EPUB books have DRM. This prevents calibre from opening them. You can still use calibre to store and transfer them to your ebook reader. First, you must authorize your reader on a windows machine with Adobe Digital Editions. Once this is done, EPUB books transferred with calibre will work fine on your reader. When you purchase an epub book from a website, you will get an ”.acsm” file. This file should be opened with Adobe Digital Editions, which will then download the actual ”.epub” ebook. The ebook file will be stored in the folder “My Digital Editions”, from where you can add it to calibre.

                       

                      Overdrive Media Console doesn't seem to resolve the problem either.

                       

                      If Adobe did not design it's software to work with a local computer system wide proxy.... why does it? It uses the system proxy but then fails at authentication. This IS bad software design.

                       

                      We have resolved the issue by allowing anonymous connections through TMG for the websites ADE contacts during use. This is not a good solution but it at least has it working for now.

                      • 9. Re: Unable to activate via TMG
                        Luis.Portocarrero.Pinto Community Member

                        Hi WestminsterSA, I have the same problem. Can you tell me please How should I configure my proxy server? Thanks in advanced

                        • 10. Re: Unable to activate via TMG
                          Frustrated in AZ Community Member

                          I answered WestminsterSA concerning downloading via his school's network.

                          I missed a part of the answer, however, and he repeated part of the

                          question:

                           

                          "If Adobe did not design it's software to work with a local computer system

                          wide proxy.... why does it? It uses the system proxy but then fails at

                          authentication. This IS bad software design."

                          He fails to understand that his school proxy settings - anonymous - are not

                          connected in any way to the way ADE is coded.  It was never designed as

                          anything other than a 1:1 software system: the user connects directly with

                          Adobe.  Your network is passing stuff up the line, but it's failing at the

                          network's authentication, not at ADE's.  My comments about use in a

                          networked environment are still valid.  And that's not 'bad software

                          design" at all.

                           

                          To both of you: the suggestions I have for server configuration are made in

                          a vacuum, because I don't know anything about your IT environment or who

                          controls what portions of it.  Given that ADE wants to connect directly

                          with Adobe to be installed, AND ADE anticipates a direct connection with

                          the ebook sources, I'm not sure that you can do anything at all with the

                          servers.  However, if your servers can be configured to permit ADE to

                          connect directly with Adobe, or vice versa, then you 'may' be able to get

                          ADE to run effectively.  The prototype is the WIndows 7 firewall, which

                          acts as a 'network' front end.

                           

                          In the US, schools libraries and universities in general do not use ADE for

                          students or patrons.  They use more robust, multi-user systems like

                          Overdrive (not Calibre - they do not have a DRM module).  You do not HAVE

                          to run ADE in order to get DRM-enabled material.  What's tripping you up -

                          and many more than just you two - is the fact that Adobe's Content Server

                          Manager CSM) is the core of DRM processing in several of the epublication

                          management systems.  Because CSM is in widespread use, AND because Digital

                          Editions is able to interact with it by design (Adobe product to Adobe

                          product), many, many sources for ebooks combine the two, and tell you that

                          you 'must' use ADE.  Overdrive would take exception to that.

                           

                          My overall suggestion is to sit down with the IT department and hash this

                          out IF lots of the students are going to use or are using ebooks for

                          classes and research.  It sounds like neither of your institututions has

                          thought this out thoroughly.  Yes, that's an oversimplification, and may

                          not be possible.  But you should try!

                           

                          ================

                           

                           

                           

                           

                           

                           

                          On Tue, Nov 20, 2012 at 3:46 PM, Luis.Portocarrero.Pinto <

                          • 11. Re: Unable to activate via TMG
                            WestminsterSA Community Member

                            You need to allow anonymous connections through your proxy for particular adobe activation sites. I can't remember what they are now, but if you monitor anonymous connections to TMG when attempting to activate you will see the sites requested.

                             

                            "If Adobe did not design it's software to work with a local computer system

                            wide proxy.... why does it? It uses the system proxy but then fails at

                            authentication. This IS bad software design."

                            He fails to understand that his school proxy settings - anonymous - are not

                            connected in any way to the way ADE is coded. It was never designed as

                            anything other than a 1:1 software system: the user connects directly with

                            Adobe. Your network is passing stuff up the line, but it's failing at the

                            network's authentication, not at ADE's. My comments about use in a

                            networked environment are still valid. And that's not 'bad software

                            design" at all.

                            You fail to understand how proxying works. The anonymous part is because ADE is not using the system wide proxy credentials supplied to it for the whole of the connection. This is due to the way it is coded. The software is using the correct proxy settings for the most part but is not passing the authentication through for the entirety of the activation. This has absolutely nothing to do with the proxy itself. If the software is not using supplied credentials when talking to the proxy server it is not going to be allowed through.

                            Basically ADE is going... "I will send this through the proxy but I'm not going to supply credentials with it." This is bad software design. This design will only work with a filter that filters ALL traffic without any authentication. This is an issue lots of people face with iOS and Android because lots of apps don't use a system wide proxy and also have no way to enter in credentials for a proxy. This is simply people writing software and ignoring the fact that people will use proxies that require authentication.

                            • 12. Re: Unable to activate via TMG
                              Frustrated in AZ Community Member

                              I've been working with software for over 30 years.  I understand the way

                              proxying works from the lowest level.  Do not lecture me on how you think

                              it should work.

                               

                              ADE does not supply credentials because it does not know that it's

                              operating in a proxy environment.  The proxy server doesn't tell it that it

                              is - and it wouldn't matter anyway, because ADE's 'bad' design is not

                              intended to operate in that environment.  Period.

                               

                              ==========

                              • 13. Re: Unable to activate via TMG
                                WestminsterSA Community Member

                                Except for the fact that ADE presents you with a popup requesting you enter in the credentials for the proxy... but fails to passthrough those credentials.

                                • 14. Re: Unable to activate via TMG
                                  Frustrated in AZ Community Member

                                  Sorry.  The proxy server is asking for those credentials, not ADE.

                                   

                                  We're back to the fact that ADE is not intended for use in a network.

                                   

                                  ===========