1 2 Previous Next 42 Replies Latest reply on Feb 9, 2018 9:18 AM by jeromiec83223024

    Flash Background Updates from internal server not working

    matts54643606 Level 1

      We are setting up to receive flash background updates from an internal server for our 5000+ enterprise pcs running windows 7 64bit and Windows 10

       

      Current mms.cfg

      AutoUpdateDisable=0
      SilentAutoUpdateEnable=1
      SilentAutoUpdateServerDomain=SVRTSTR2
      SilentAutoUpdateVerboseLogging=1

       

       

      Note- the server is running server 2016, with IIS, and the website is set up with an SSL certificate and the cab files were extracted to the site with the correct folder structure

       

      Here is the log:

       

       

      2018-1-3+3-4-0.217 [info] 1629 SVRTSTR2

      2018-1-3+3-4-0.220 [info] 1614

      2018-1-3+3-4-0.222 [info] 1615

      2018-1-3+3-4-0.224 [info] 1618

      2018-1-3+3-4-0.226 [info] 1604

      2018-1-3+3-4-0.226 [info] 1608

      2018-1-3+3-4-0.227 [info] 1612

      2018-1-3+3-4-0.232 [info] 1620

      2018-1-3+4-4-0.198 [info] 1629 SVRTSTR2

      2018-1-3+4-4-0.199 [info] 1614

      2018-1-3+4-4-0.201 [info] 1615

      2018-1-3+4-4-0.204 [info] 1618

      2018-1-3+4-4-0.207 [info] 1619 1063

      2018-1-3+4-4-0.228 [info] 1629 SVRTSTR2

      2018-1-3+4-4-0.232 [info] 1614

      2018-1-3+4-4-0.234 [info] 1615

      2018-1-3+4-4-0.236 [info] 1618

      2018-1-3+4-4-0.238 [info] 1604

      2018-1-3+4-4-0.238 [info] 1608

      2018-1-3+4-4-0.238 [info] 1612

      2018-1-3+4-4-0.239 [info] 1620

      2018-1-3+5-4-0.181 [info] 1629 SVRTSTR2

      2018-1-3+5-4-0.181 [info] 1614

      2018-1-3+5-4-0.184 [info] 1615

      2018-1-3+5-4-0.186 [info] 1618

      2018-1-3+5-4-0.190 [info] 1619 1063

      2018-1-3+5-4-0.212 [info] 1629 SVRTSTR2

      2018-1-3+5-4-0.215 [info] 1614

      2018-1-3+5-4-0.217 [info] 1615

      2018-1-3+5-4-0.219 [info] 1618

      2018-1-3+5-4-0.220 [info] 1604

      2018-1-3+5-4-0.220 [info] 1608

      2018-1-3+5-4-0.228 [info] 1631 /pub/flashplayer/update/current/sau/currentmajor.xml

      2018-1-3+5-4-0.320 [warning] 1470 12175

      2018-1-3+5-4-0.321 [warning] 1474 183

      2018-1-3+5-4-0.321 [warning] 1475

      2018-1-3+5-4-0.322 [info] 1432

      2018-1-3+5-4-0.322 [info] 1612

      2018-1-3+5-4-0.323 [info] 1620

      2018-1-3+6-4-0.259 [info] 1629 SVRTSTR2

      2018-1-3+6-4-0.260 [info] 1614

      2018-1-3+6-4-0.263 [info] 1615

      2018-1-3+6-4-0.265 [info] 1618

      2018-1-3+6-4-0.268 [info] 1619 1063

      2018-1-3+6-4-0.295 [info] 1629 SVRTSTR2

      2018-1-3+6-4-0.297 [info] 1614

      2018-1-3+6-4-0.299 [info] 1615

      2018-1-3+6-4-0.301 [info] 1618

      2018-1-3+6-4-0.303 [info] 1608

      2018-1-3+6-4-0.303 [info] 1604

      2018-1-3+6-4-0.303 [info] 1612

      2018-1-3+6-4-0.304 [info] 1620

      2018-1-3+7-4-0.328 [info] 1629 SVRTSTR2

      2018-1-3+7-4-0.328 [info] 1614

      2018-1-3+7-4-0.331 [info] 1615

      2018-1-3+7-4-0.333 [info] 1618

      2018-1-3+7-4-0.335 [info] 1619 1063

       

       

      Please assist

       

       

      NOTE:

       

      -I have already tried deleting the reg key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Macromedia\FlashPlayerSAU\LastUpdateCheck

      -I have imported the Cert to the Trusted Root Certification Authorities store (local computer) on the workstation

      I can view the files on a browser(firefox/chrome/IE11) from the workstation by entering https://svrtstr2/ --I get the IIS landing page, and can navigate the folder strucure all the way through without error

       

        • 1. Re: Flash Background Updates from internal server not working
          maria__ Adobe Employee

          Thank you for posting the log file with background update verbose logging enabled.  Very helpful.

           

          The request to the /pub/flashplayer/update/current/sau/currentmajor.xml is failing, due to Microsoft error code 12175.  From Error Messages (Windows) :

           

          ERROR_WINHTTP_SECURE_FAILURE

          12175

          One or more errors were found in the Secure Sockets Layer (SSL) certificate sent by the server. To determine what type of error was encountered, check for a WINHTTP_CALLBACK_STATUS_SECURE_FAILURE notification in a status callback function. For more information, see WINHTTP_STATUS_CALLBACK.

           

          A few things to check:

          • Ensure you have opened port 443 for HTTPS requests
          • Ensure the SSL certificate matches the domain you are attempting to use it on
          • In your mms.cfg file, is the local server configured as just SVRTSTR2, or is it in your.server.com format?  If not in your.server.com format, please change it to this format.
          • Attempt to access the currentmajor.xml file from a web browser.  It should be accessible.

           

          Note that Flash Player ActiveX will not install on Windows 10 as Microsoft integrates Flash Player ActiveX in IE and Edge browsers and all Flash Player ActiveX for IE/Edge are released by Microsoft via Windows Update.

           

           

          <EDIT>

          Not sure if I missed the screenshots, or if you posted them after.  According to the screenshots, the SSL cert is issued to flashupdates.kaplanic.com but this is not what you have in the mms.cfg file.

           

          <EDIT_2>
          The IE screenshot also shows a certificate error.  This is most likely the culprit. Please resolve the certificate error and try again.

          • 2. Re: Flash Background Updates from internal server not working
            matts54643606 Level 1

            Hello,

             

            I have a new cert with the correct domain:

             

            I deleted the reg key:

            I set the 443 bindings on the server:

             

            I'm still not getting updated:

             

            2018-1-12+14-29-18.383 [info] 1631 /pub/flashplayer/update/current/sau/currentmajor.xml

            2018-1-12+14-29-18.476 [warning] 1470 12175

            2018-1-12+14-29-18.476 [warning] 1474 183

            2018-1-12+14-29-18.477 [warning] 1475

            2018-1-12+14-29-18.477 [info] 1432

            2018-1-12+14-29-18.479 [info] 1612

            2018-1-12+14-29-18.479 [info] 1620

            2018-1-12+14-51-55.75 [info] 1629 SVRTSTR2.charlie.kaplaninc.com

            2018-1-12+14-51-55.76 [info] 1614

            2018-1-12+14-51-55.78 [info] 1615

            2018-1-12+14-51-55.81 [info] 1618

            2018-1-12+14-51-55.84 [info] 1619 1063

            2018-1-12+14-51-55.111 [info] 1629 SVRTSTR2.charlie.kaplaninc.com

            2018-1-12+14-51-55.113 [info] 1614

            2018-1-12+14-51-55.115 [info] 1615

            2018-1-12+14-51-55.117 [info] 1618

            2018-1-12+14-51-55.119 [info] 1604

            2018-1-12+14-51-55.119 [info] 1608

            2018-1-12+14-51-55.134 [info] 1631 /pub/flashplayer/update/current/sau/currentmajor.xml

            2018-1-12+14-51-55.191 [warning] 1470 12175

            2018-1-12+14-51-55.191 [warning] 1474 183

            2018-1-12+14-51-55.192 [warning] 1475

            2018-1-12+14-51-55.192 [info] 1432

            2018-1-12+14-51-55.194 [info] 1612

            2018-1-12+14-51-55.195 [info] 1620

            • 3. Re: Flash Background Updates from internal server not working
              maria__ Adobe Employee

              It's failing due to the same reason as before.

               

              Your most recent screenshot indicates the certificate is assigned to flashupdates.charlie.kaplaninc.com, but the log file has SVRTSTR2.charlie.kaplaninc.com  The server domain names are not the same.  Please use flashupdates.charlie.kaplaninc.com in the mms.cfg file instead of SVRTSTR2.charlie.kaplaninc.com.  If you need to use SVRTSTR2.charlie.kaplaninc.com, then you'll need to get a certificate with that name.

              • 4. Re: Flash Background Updates from internal server not working
                matts54643606 Level 1

                Hello,

                 

                Thank you for your response. Am I to understand that the server name must match the certificate name?

                I thought just the domain names must match. I do not see anywhere in the documentation instructions that the server name and the certificate name must match?

                 

                I have a server with computername: SVRTSTR2

                it is on the Domain: Charlie.Kaplaninc.com

                 

                Are you saying that I must name the certificate: SVRTSTR2.charlie.kaplaninc.com

                 

                Or, alternatively, could I rename the computername of the server : flashupdates

                • 5. Re: Flash Background Updates from internal server not working
                  maria__ Adobe Employee

                  Yes they must match.

                   

                  Which ever one will work for you.

                   

                  I'll ensure the Admin Guide is updated with this information.

                  • 6. Re: Flash Background Updates from internal server not working
                    matts54643606 Level 1

                    Hello,

                     

                    I renamed the server--still no joy

                     

                     

                    2018-1-15+19-57-47.953 [info] 1629 flashupdates.charlie.kaplaninc.com

                    2018-1-15+19-57-47.956 [info] 1614

                    2018-1-15+19-57-47.958 [info] 1615

                    2018-1-15+19-57-47.960 [info] 1618

                    2018-1-15+19-57-47.962 [info] 1604

                    2018-1-15+19-57-47.963 [info] 1608

                    2018-1-15+19-57-47.976 [info] 1631 /pub/flashplayer/update/current/sau/currentmajor.xml

                    2018-1-15+19-57-48.276 [warning] 1474 12044

                    2018-1-15+19-57-48.280 [warning] 1475

                    2018-1-15+19-57-48.283 [info] 1432

                    2018-1-15+19-57-48.288 [info] 1612

                    2018-1-15+19-57-48.289 [info] 1620

                    2018-1-15+20-4-0.339 [info] 1629 flashupdates.charlie.kaplaninc.com

                    2018-1-15+20-4-0.340 [info] 1614

                    2018-1-15+20-4-0.343 [info] 1615

                    2018-1-15+20-4-0.345 [info] 1618

                    2018-1-15+20-4-0.348 [info] 1619 1063

                    2018-1-15+20-4-0.378 [info] 1629 flashupdates.charlie.kaplaninc.com

                    2018-1-15+20-4-0.380 [info] 1614

                    2018-1-15+20-4-0.383 [info] 1615

                    2018-1-15+20-4-0.385 [info] 1618

                    2018-1-15+20-4-0.386 [info] 1604

                    2018-1-15+20-4-0.386 [info] 1608

                    2018-1-15+20-4-0.395 [info] 1631 /pub/flashplayer/update/current/sau/currentmajor.xml

                    2018-1-15+20-4-5.696 [info] 1622 4

                    2018-1-15+20-4-5.703 [info] 1622 4

                    2018-1-15+20-4-21.395 [warning] 1470 12002

                    2018-1-15+20-4-21.395 [warning] 1474 183

                    2018-1-15+20-4-21.399 [warning] 1475

                    2018-1-15+20-4-21.403 [info] 1432

                    2018-1-15+20-4-21.408 [info] 1612

                    2018-1-15+20-4-21.409 [info] 1620

                    2018-1-15+20-5-53.494 [info] 1629 flashupdates.charlie.kaplaninc.com

                    2018-1-15+20-5-53.494 [info] 1614

                    2018-1-15+20-5-53.497 [info] 1615

                    2018-1-15+20-5-53.500 [info] 1618

                    2018-1-15+20-5-53.503 [info] 1619 1063

                    2018-1-15+20-5-53.519 [info] 1629 flashupdates.charlie.kaplaninc.com

                    2018-1-15+20-5-53.523 [info] 1614

                    2018-1-15+20-5-53.529 [info] 1615

                    2018-1-15+20-5-53.531 [info] 1618

                    2018-1-15+20-5-53.536 [info] 1604

                    2018-1-15+20-5-53.536 [info] 1608

                    2018-1-15+20-5-53.537 [info] 1612

                    2018-1-15+20-5-53.550 [info] 1620

                    2018-1-15+20-6-10.534 [info] 1629 flashupdates.charlie.kaplaninc.com

                    2018-1-15+20-6-10.534 [info] 1614

                    2018-1-15+20-6-10.537 [info] 1615

                    2018-1-15+20-6-10.539 [info] 1618

                    2018-1-15+20-6-10.541 [info] 1619 1063

                    2018-1-15+20-6-10.574 [info] 1629 flashupdates.charlie.kaplaninc.com

                    2018-1-15+20-6-10.574 [info] 1614

                    2018-1-15+20-6-10.577 [info] 1615

                    2018-1-15+20-6-10.580 [info] 1618

                    2018-1-15+20-6-10.583 [info] 1604

                    2018-1-15+20-6-10.583 [info] 1608

                    2018-1-15+20-6-10.599 [info] 1631 /pub/flashplayer/update/current/sau/currentmajor.xml

                    2018-1-15+20-6-10.789 [warning] 1474 12044

                    2018-1-15+20-6-10.795 [warning] 1475

                    2018-1-15+20-6-10.799 [info] 1432

                    2018-1-15+20-6-10.802 [info] 1612

                    2018-1-15+20-6-10.803 [info] 1620

                    2018-1-15+20-9-45.175 [info] 1629 flashupdates.charlie.kaplaninc.com

                    2018-1-15+20-9-45.175 [info] 1614

                    2018-1-15+20-9-45.178 [info] 1615

                    2018-1-15+20-9-45.180 [info] 1618

                    2018-1-15+20-9-45.183 [info] 1619 1063

                    2018-1-15+20-9-45.221 [info] 1629 flashupdates.charlie.kaplaninc.com

                    2018-1-15+20-9-45.224 [info] 1614

                    2018-1-15+20-9-45.226 [info] 1615

                    2018-1-15+20-9-45.233 [info] 1618

                    2018-1-15+20-9-45.235 [info] 1604

                    2018-1-15+20-9-45.236 [info] 1608

                    2018-1-15+20-9-45.251 [info] 1631 /pub/flashplayer/update/current/sau/currentmajor.xml

                    2018-1-15+20-9-45.349 [warning] 1474 12044

                    2018-1-15+20-9-45.349 [warning] 1475

                    2018-1-15+20-9-45.350 [info] 1432

                    2018-1-15+20-9-45.351 [info] 1612

                    2018-1-15+20-9-45.352 [info] 1620

                     

                    I get this if I try to go to the pub folder:

                     

                     

                     

                    • 7. Re: Flash Background Updates from internal server not working
                      Robert Mc Dowell Level 3

                      did you try to reboot everything? just a silly but sometimes useful option

                      • 8. Re: Flash Background Updates from internal server not working
                        maria__ Adobe Employee

                        So, it sounds like the certificate issue has been resolved, but now you have a file system permissions issue.  The entire directory path to the files, and the files themselves, need to be accessible.  As per the screenshot you currently don't have access to the required directory path.  You need to troubleshoot the file system permissions issue on your server and fix that.

                        • 9. Re: Flash Background Updates from internal server not working
                          matts54643606 Level 1

                          Interesting...because if you notice my screenshot in my original post- I did have access to the full path from the browser....

                          • 10. Re: Flash Background Updates from internal server not working
                            maria__ Adobe Employee

                            The first screenshot was for a different server, https://svrtstr2/pub/flashplayer/update/current/sau .

                             

                            The most recent screenshots shows 'error 403 - access denied' when attempting to access https://flashupdates.charlie.kaplaninc.com/pub , which is the server name in the mms.cfg file, as indicated by the log file.

                            • 11. Re: Flash Background Updates from internal server not working
                              matts54643606 Level 1

                              same server- just that I renamed it per instruction

                              • 12. Re: Flash Background Updates from internal server not working
                                maria__ Adobe Employee

                                The physical server is the same, but now the name is different.  Something in your configuration setting is now resulting in the error.  Are you able to access the XML file itself?

                                 

                                Do you have directory browsing enabled on the server?  disabled directory browsing does result in the 403 error when attempting to view the directory contents.

                                • 14. Re: Flash Background Updates from internal server not working
                                  matts54643606 Level 1

                                  directory browsing enabled on the server---please provide instructions to get this working--I have done all the required steps and have never gotten it to work

                                   

                                   

                                  • 15. Re: Flash Background Updates from internal server not working
                                    maria__ Adobe Employee

                                    I can't provide instructions on how to troubleshoot your server configuration.  You'll need to do that.  The issues you are encountering are not at all related to Background Updates, they are related to the server configuration. 

                                     

                                    After checking which server to use (local or Adobe), Background Update process checks the mms.cfg file to see if the client is opted into Background Updates, if it is, it then checks the currentmajor.xml file to see if there is an update available.  The request tom and/or response from, the currentmajor.xml file is failing due to server configuration issues.  There are 2 numbers in the log file, after the info/warning column.  The first number is the Background Update code.  The second number is the corresponding Windows Error code.

                                     

                                    Pertinent Background Update codes in the log file are:

                                    • 1631 = Create an HTTP request handle for currentmajor.xml
                                    • 1470 = WinHttpSendRequest call to currentmajor.xml failed
                                    • 1474 = WinHttpReceiveResponse call to currentmajor.xml failed
                                    • 1475 = Could not retrieve currentmajor.xml

                                     

                                    Looking through the log file, there are various Windows Error codes associated with codes 1470 and 1474.  The Windows error codes are available at WinHttpReceiveResponse function (Windows) .  Here is a summary of the Windows Error codes I'm seeing in the most recent log file you posted:

                                     

                                     

                                    ERROR_WINHTTP_TIMEOUT

                                    12002

                                    The request has timed out.

                                     

                                    ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED

                                    12044

                                    Returned by WinHttpReceiveResponse when the server requests client authentication.

                                    Windows Server 2003 with SP1 and Windows XP with SP2:  This error is not supported.

                                     

                                    ERROR_WINHTTP_SECURE_FAILURE

                                    12175

                                    One or more errors were found in the Secure Sockets Layer (SSL) certificate sent by the server. To determine what type of error was encountered, check for a WINHTTP_CALLBACK_STATUS_SECURE_FAILURE notification in a status callback function. For more information, see WINHTTP_STATUS_CALLBACK.

                                     

                                    The request timing out is that it took too long to get a response.  This could be network related (firewall, proxy server, something else).

                                     

                                    This MSDN article may be of assistance SSL in WinHTTP (Windows)

                                    • 16. Re: Flash Background Updates from internal server not working
                                      matts54643606 Level 1

                                      I can access the directory structure now:

                                       

                                      but here is the log from running FlashPlayerUpdateService.exe

                                       

                                       

                                      018-1-17+18-1-47.883 [info] 1629 flashupdates.charlie.kaplaninc.com

                                      2018-1-17+18-1-47.885 [info] 1614

                                      2018-1-17+18-1-47.886 [info] 1615

                                      2018-1-17+18-1-47.886 [info] 1618

                                      2018-1-17+18-1-47.887 [info] 1619 1063

                                      2018-1-17+18-1-47.903 [info] 1629 flashupdates.charlie.kaplaninc.com

                                      2018-1-17+18-1-47.905 [info] 1614

                                      2018-1-17+18-1-47.906 [info] 1615

                                      2018-1-17+18-1-47.908 [info] 1618

                                      2018-1-17+18-1-47.910 [info] 1604

                                      2018-1-17+18-1-47.910 [info] 1608

                                      2018-1-17+18-1-47.931 [info] 1631 /pub/flashplayer/update/current/sau/currentmajor.xml

                                      2018-1-17+18-1-48.5 [warning] 1474 12044

                                      2018-1-17+18-1-48.6 [warning] 1475

                                      2018-1-17+18-1-48.6 [info] 1432

                                      2018-1-17+18-1-48.7 [info] 1612

                                      2018-1-17+18-1-48.8 [info] 1620

                                      • 17. Re: Flash Background Updates from internal server not working
                                        maria__ Adobe Employee

                                        It's still failing due to Error 12044:

                                         

                                        ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED

                                        12044

                                        Returned by WinHttpReceiveResponse when the server requests client authentication.

                                        Windows Server 2003 with SP1 and Windows XP with SP2:  This error is not supported.

                                         

                                        What happens when you navigate directly to the https://flashupdates.charlie.kaplaninc.com/pub/flashplayer/update/current/sau/currentmajor.xml using a web browser?  Does it display a security warning before loading the page contents?  Please describe the exact behaviour you observe when navigating directly to the page.

                                         

                                         

                                        • 18. Re: Flash Background Updates from internal server not working
                                          matts54643606 Level 1

                                          Goes straight to it:

                                           

                                           

                                           

                                          If I click the lock:

                                          • 19. Re: Flash Background Updates from internal server not working
                                            maria__ Adobe Employee

                                            Are you using a self-signed certificate or a certificate from a trusted certificate authority, such as DigiCert?

                                             

                                            If so, have you installed the certificate to the root certificate store on the client system?  It's not clear to me if all of your screenshots are from the same system (the server) or from a server and client, and would like to confirm how your test environment is set up.

                                            • 20. Re: Flash Background Updates from internal server not working
                                              matts54643606 Level 1

                                              I'm using a self signed certificate build in house by our infosec team.

                                               

                                              I install the certificate to the trusted Root Certification Authorities store on the client computer

                                               

                                               

                                              The screenshots are from the client

                                               

                                              exept for the screenshots showing IIS- those are from the server:

                                              • 21. Re: Flash Background Updates from internal server not working
                                                maria__ Adobe Employee

                                                I would recommend using a cert signed by a trusted certificate authority.  The error is coming from a Windows API (WinHTTPReceiveResponse, referring to client authentication), not Flash Player code.  See links I posted previously to Microsoft documentation.

                                                • 22. Re: Flash Background Updates from internal server not working
                                                  matts54643606 Level 1

                                                  Can you please provide a certificate?

                                                  • 23. Re: Flash Background Updates from internal server not working
                                                    maria__ Adobe Employee

                                                    No, Adobe is not a certificate authority and cannot provide that.  There are numerous certificate authorities (e.g. DigiCert) you can use.

                                                    • 24. Re: Flash Background Updates from internal server not working
                                                      matts54643606 Level 1

                                                      OK- so for clarification- you are saying that this internal server solution for distributing adobe flash updates only works if the customer buys a certificate from a third party certificate authority? It will not work with a self signed certificate?

                                                      • 25. Re: Flash Background Updates from internal server not working
                                                        maria__ Adobe Employee

                                                        The Background Update service uses the WinHTTP API.  Based on the API documentation, self-signed certs should work, but it's not working in your environment as it keeps returning error 12044 (server requesting client authentication).  You can continue to troubleshoot the error and attempt to resolve it.  As an alternative you can try using a cert from trusted third party certificate authority.  Assuming everything is configured correctly, it should work.

                                                        • 26. Re: Flash Background Updates from internal server not working
                                                          jeromiec83223024 Adobe Employee

                                                          If you're self-signing certificates, every client connecting to that SSL server needs to have your self-issued public CA certificate installed and trusted in their system keychain.  It's not enough to just self-sign a cert and put it on the server.  Something in that key's trust chain has to already be trusted by the local system.  Otherwise, it's just like a stranger walking up and saying "Oh hey, give me your car keys for a minute.  It's cool though.  I'm trustworthy, because I have this piece of paper I printed at home that says I'm cool, and I'm totally not going to steal your car."


                                                          The thing that you're paying for when you buy a certificate, is for a trusted, independent authority say that you're cool.  Depending on the type of certificate they issue, there are varying levels of trust expressed in that relationship.  The reason that you don't have to install anything in the client in that instance, is because their public keys are already built into the operating system.  They're established, trusted authorities that the operating system vendor recognizes as such, and so the vendor distributes their keys as part of the OS (and updates them periodically through OS updates).

                                                           

                                                          That said, you don't even need to pay for an SSL certificate if cost is an issue.  You can get a free one at letsencrypt.org.  It's so much better than messing around with self-signed stuff.

                                                          • 27. Re: Flash Background Updates from internal server not working
                                                            matts54643606 Level 1

                                                            Hello! Thanks for the good advise. I did try to use the letsEncrypt certificate- but ran into this problem:

                                                             

                                                             

                                                            I think maybe the issue is that the website is not accessible publicly--it's only accessible within our closed corp network.....

                                                             

                                                            any ideas?

                                                            • 28. Re: Flash Background Updates from internal server not working
                                                              matts54643606 Level 1

                                                              I found this answer:

                                                               

                                                              # re: Using Let's Encrypt with IIS on Windows

                                                              @Vicky - Lets Encrypt uses domain validation which means the domain has to be visible to the public to verify ownership. Basically you have to run LE on a server that responds to that domain.

                                                              So you can't use it unless you expose your IP to the Internet. Perhaps you can do it temporarily to get the certificate and then close if off again, but then Updates also won't work (unless you open it up again).

                                                               

                                                              https://weblog.west-wind.com/posts/2016/Feb/22/Using-Lets-Encrypt-with-IIS-on-Windows

                                                               

                                                               

                                                              so.......I guess I'm confused- whats the point of hosting the updates on a public internet server--- if that was the goal I could simply ask for the updates straight from adobe servers? I thought this was a solution for hosting the updates and serving them out in a closed - private- network?

                                                               

                                                              • 29. Re: Flash Background Updates from internal server not working
                                                                jeromiec83223024 Adobe Employee

                                                                Lets Encrypt was just a suggestion because it was free, and you didn't want to pay for something.  I didn't realize that it had the public requirement.  Sorry about leading you down a dead end.

                                                                 

                                                                There are definitely commercial CA services that will work behind an Intranet (Verisign Intranet Certs come to mind).  You should also be able to use a self-signed SSL cert, as long as you want to deploy your signed CA cert to your clients as a prerequisite.  That seems like way more work than is worth it compared to just buying an SSL Certificate, but it's not my budget.

                                                                • 30. Re: Flash Background Updates from internal server not working
                                                                  matts54643606 Level 1

                                                                  Thanks for the info---I'm wondering why my original signed cert is not working- I imported it into the trusted store on the client....anyways- I guess I'll just have to ask for a paid SSL and try it that way.

                                                                  • 31. Re: Flash Background Updates from internal server not working
                                                                    jeromiec83223024 Adobe Employee

                                                                    The quick sanity check is to just see if your browser will show the lock icon when you go to the offending URL:

                                                                    https://flashupdates.charlie.kaplaninc.com/pub/flashplayer/update/current/sau/currentmajor.xml

                                                                     

                                                                    If it does, and the browser throws up the contents of the xml file (you may have to view source), then we should really be loading it too.  If you have the TLS configuration really tight, like you're only allowing a small subset of protocols and ciphers, it would be interesting to know what those are.  I'd be interested in trying to replicate it.

                                                                     

                                                                    In Flash Player proper, we're usually delegating all of that to the browser, but in the auto-updater, we may be missing support for a particular TLS feature or something that you're using.  I can't think of a lot of other good reasons for why it would be failing only in our installation toolchain.

                                                                     

                                                                    If you go to the URL and the browser throws an error, then you probably have a problem that needs to be fixed.  The browser might also give you some more useful feedback about what's failing (e.g. whether it's your webserver configuration or your certificates).  Check the detailed errors, and/or the console and/or seceurity tab in the developer tools. They usually have pretty explicit errors.

                                                                     

                                                                    For what it's worth, self-signing is obnoxiously complicated.  I've been playing with this stuff since the late '90s, and I do it just infrequently enough to not remember exactly how I did it the last time.  My workflow usually involves a lot of cussing and reading the OpenSSL docs while I'm regenerating the appropriate keys for the third time. 

                                                                    • 32. Re: Flash Background Updates from internal server not working
                                                                      jeromiec83223024 Adobe Employee

                                                                      Maria clued me into what's going on.  I didn't catch it when I skimmed the thread, sorry.

                                                                       

                                                                      The error being returned is from WinHTTP:

                                                                      ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED

                                                                       

                                                                      You can configure a webserver to require a certificate for client authentication.  (e.g. instead of having the client log in via username/password to get to a page, they provide a certificate that you issue, and that they install).

                                                                       

                                                                      It sounds like you have client certificate authentication enabled in your IIS configuration, and you don't want to do that. 

                                                                       

                                                                      In step 3 here, set it to Ignore or Allow, not Require:

                                                                      https://blogs.msdn.microsoft.com/asiatech/2014/02/12/how-to-configure-iis-client-certifica te-mapping-authentication-for-iis7/

                                                                      • 33. Re: Flash Background Updates from internal server not working
                                                                        matts54643606 Level 1

                                                                        Here is a screen of the settings as they were

                                                                         

                                                                         

                                                                        Also- I can pull up the xml in the browser with no error message:

                                                                         

                                                                         

                                                                         

                                                                        and here is some other info:

                                                                         

                                                                        • 34. Re: Flash Background Updates from internal server not working
                                                                          matts54643606 Level 1

                                                                          Here is the latest from the log---any ideas?

                                                                           

                                                                           

                                                                          Also-I'll note that the cert I have is a .pfx file

                                                                           

                                                                          2018-1-31+11-30-1.15 [info] 1629 flashupdates.charlie.kaplaninc.com

                                                                          2018-1-31+11-30-1.15 [info] 1614

                                                                          2018-1-31+11-30-1.15 [info] 1615

                                                                          2018-1-31+11-30-1.30 [info] 1618

                                                                          2018-1-31+11-30-1.30 [info] 1604

                                                                          2018-1-31+11-30-1.30 [info] 1608

                                                                          2018-1-31+11-30-1.30 [info] 1612

                                                                          2018-1-31+11-30-1.30 [info] 1620

                                                                          2018-1-31+12-30-0.904 [info] 1629 flashupdates.charlie.kaplaninc.com

                                                                          2018-1-31+12-30-0.936 [info] 1614

                                                                          2018-1-31+12-30-0.951 [info] 1615

                                                                          2018-1-31+12-30-0.967 [info] 1618

                                                                          2018-1-31+12-30-0.982 [info] 1619 1063

                                                                          2018-1-31+12-30-1.14 [info] 1629 flashupdates.charlie.kaplaninc.com

                                                                          2018-1-31+12-30-1.14 [info] 1614

                                                                          2018-1-31+12-30-1.14 [info] 1615

                                                                          2018-1-31+12-30-1.29 [info] 1618

                                                                          2018-1-31+12-30-1.29 [info] 1604

                                                                          2018-1-31+12-30-1.29 [info] 1608

                                                                          2018-1-31+12-30-1.29 [info] 1612

                                                                          2018-1-31+12-30-1.29 [info] 1620

                                                                          2018-1-31+13-30-0.903 [info] 1629 flashupdates.charlie.kaplaninc.com

                                                                          2018-1-31+13-30-0.935 [info] 1614

                                                                          2018-1-31+13-30-0.950 [info] 1615

                                                                          2018-1-31+13-30-0.966 [info] 1618

                                                                          2018-1-31+13-30-0.982 [info] 1619 1063

                                                                          2018-1-31+13-30-1.13 [info] 1629 flashupdates.charlie.kaplaninc.com

                                                                          2018-1-31+13-30-1.13 [info] 1614

                                                                          2018-1-31+13-30-1.13 [info] 1615

                                                                          2018-1-31+13-30-1.13 [info] 1618

                                                                          2018-1-31+13-30-1.13 [info] 1604

                                                                          2018-1-31+13-30-1.13 [info] 1608

                                                                          2018-1-31+13-30-1.13 [info] 1612

                                                                          2018-1-31+13-30-1.13 [info] 1620

                                                                          2018-1-31+14-30-0.911 [info] 1629 flashupdates.charlie.kaplaninc.com

                                                                          2018-1-31+14-30-0.942 [info] 1614

                                                                          2018-1-31+14-30-0.958 [info] 1615

                                                                          2018-1-31+14-30-0.974 [info] 1618

                                                                          2018-1-31+14-30-0.989 [info] 1619 1063

                                                                          2018-1-31+14-30-1.20 [info] 1629 flashupdates.charlie.kaplaninc.com

                                                                          2018-1-31+14-30-1.20 [info] 1614

                                                                          2018-1-31+14-30-1.20 [info] 1615

                                                                          2018-1-31+14-30-1.36 [info] 1618

                                                                          2018-1-31+14-30-1.36 [info] 1604

                                                                          2018-1-31+14-30-1.36 [info] 1608

                                                                          2018-1-31+14-30-1.36 [info] 1631 /pub/flashplayer/update/current/sau/currentmajor.xml

                                                                          2018-1-31+14-30-1.255 [warning] 1474 12044

                                                                          2018-1-31+14-30-1.255 [warning] 1475

                                                                          2018-1-31+14-30-1.270 [info] 1432

                                                                          2018-1-31+14-30-1.270 [info] 1612

                                                                          2018-1-31+14-30-1.270 [info] 1620

                                                                          • 35. Re: Flash Background Updates from internal server not working
                                                                            jeromiec83223024 Adobe Employee

                                                                            From your logs:

                                                                             

                                                                            2018-1-31+14-30-1.36 [info] 1631 /pub/flashplayer/update/current/sau/currentmajor.xml

                                                                            2018-1-31+14-30-1.255 [warning] 1474 12044

                                                                            2018-1-31+14-30-1.255 [warning] 1475

                                                                             

                                                                            1474 = WinHttpReceiveResponse call to currentmajor.xml failed

                                                                            1475 = Could not retrieve currentmajor.xml

                                                                             

                                                                            12044 is Microsoft’s ‘ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED’ code

                                                                             

                                                                            Your IIS server is requiring a client certificate for the file at /pub/flashplayer/update/current/sau/currentmajor.xml.  Those SSL Settings can be applied at the directory level, so you might not be requiring a client cert at the site level, but my guess is that it gets enabled somewhere along this path.  I'd just walk down each directory and check the SSL settings on each. 

                                                                            • 36. Re: Flash Background Updates from internal server not working
                                                                              matts54643606 Level 1

                                                                              They were all set to Accept-- except for the top Default website- which was set to Ignore- I changed it to Accept

                                                                               

                                                                              I cant help thinking its something in IIS?

                                                                               

                                                                              From a client machine I can browse to the xml file- if I click the lock icon I get this:

                                                                               

                                                                              • 37. Re: Flash Background Updates from internal server not working
                                                                                matts54643606 Level 1

                                                                                could it be something in my network blocking it? I have installed wireshark and can run a capture - would that be helpful?

                                                                                • 38. Re: Flash Background Updates from internal server not working
                                                                                  jeromiec83223024 Adobe Employee

                                                                                  I don't know enough about your environment.  It's a Windows API throwing the SSL handshake error about the missing client SSL certificate.  I tend to believe that we're getting the request for that client certificate, especially since it's the underlying Windows API that's throwing the error about it.

                                                                                   

                                                                                  If you guys proxy all of your browser traffic through a security appliance or something, that might explain it.

                                                                                   

                                                                                  You might get a sense of it from looking at Wireshark, e.g. is the response to the HTTPS request actually coming from the IP that you expect.  Is it coming from the same IP when you hit it in the browser vs. when you hit it with the installer, etc.

                                                                                  1 2 Previous Next