Adobe CC PDapp error, Licensing issues and Disk space eaten by logs

One customer reported having problems when launching Adobe CC applications. Launching any application would cause a popup error to appear, and after clicking OK, some applications would start while most would not.

error-indesign

Once opened, the applications that could run would report that they were soon reaching the end of the trial period for the Adobe CC components.

At server level, the license would be shown as Active for this same user, so I knew there was nothing wrong at that level.

After searching a bit, I found out that PDapp.exe is in fact a module that is being used for checking updates. Even though we had disabled checking the updates in our package, it seems that the module was crashing before being able to read the config.

I found a suggestion about upgrading Apple Application Manager component on Adobe forums and gave it a try. After the upgrade, the licensing check started and the applications were again available and properly licensed.

 

On a side note, when looking at the logs i found that Adobe CC and specifically PDapp.exe had created dozens of files in the user profile, in this folder:

C:\Users\YourUserNameHere\AppData\Local\Temp\  (PDapp***.log)

I had to delete about 35 GB of logs. I will need to see if those come back now that the problem has been resolved, but if you use adobe products and your disk space is shrinking, you know where to look.

 

 

Firefox: Prevent Access to MarketPlace

In order to prevent your enterprise users to go to MarketPlace in the latest versions of Firefox, use the following setting in mozilla.cfg

// Disable Firefox MarketPlace
lockPref(“browser.apps.URL”, “\”\””);

Define WinHttp proxy for 32 & 64 bits applications

In order to define the “system” proxy on windows, you can now use Netsh (instead of proxycfg, that was used in the past)

 

to set the proxy, you can use the following process:

define the proxy within Internet Explorer

run the command

Netsh winhttp import proxy source=ie

 

Alternatively you can set the proxy directly via

Netsh winhttp set proxy myproxy:portnumber <exceptions>

 

One thing to take into consideration is that there are two versions of Netsh,

one 64 bits under c:\windows\system32 (the native and default one from the command prompt)

as well as the 32 bits one under c:\Windows\Syswow64 folder.

The 64 bits version should normally be the one to use.

How to use Firefox to connect to ServiceNow with NTLM

In the previous post, I talked about how to use Firefox as default browser for Sccm Catalog access.

As I have encountered the same issue with an internal implementation of ServiceNow, I first thought that the workaround would be the same,

however in our environement NTLM authentication is being used instead of kerberos, so the entry is different:

Open about:config and confirm that you want to make changes

network.automatic-ntlm-auth.trusted-uris

enter the fqdn of your server (without protocol), ie

testserver.domain.com

You should now be able to connect directly to your ServiceNow instance without being prompted for a password.

How to use Firefox as default browser with SCCM Software Catalog

By default, if you use Firefox as default browser, and you open the Software Center then Click on
“Find Additional applications from the Software Catalog”, you will get prompted with a Authentication prompt

This is simply due to the fact that Firefox does not transmit the logged on user credentials by default, where Internet Explorer does.

 

In order to get the same functionality, add the following entry to your mozilla.cfg file

lockPref(“network.negotiate-auth.trusted-uris”, “sccmserver.company.com”)

Of course, replace the value with your Sccm server FQDN.

Next time you launch the software catalog, you won’t be prompted for credentials.

The only thing you have to do is enable Silverlight, and the functionality will be the same as with Internet Explorer.

 

Add Certificates to Firefox installation with Certutil

The Firefox certificates are stored in the user profile in the cert8.db database.

The file is copied to the user profile only at first launch of Firefox.
You can import certificates into the file then deploy it as default for new users by putting it in the folder core\browser\defaults\profile of the installation

For more customization details, see this post: Customize Firefox ESR 31
.

What happens then when you want to add a new certificate to the user db ?
You could add the certificate to the cert8.db and redeploy it, but this would overwrite potential changes made by the user
.
The other way to proceed is to use Mozilla’s Certutil tool to add the certificate.
BTW, Do not try to use the default Certutil that comes with windows, this won’t work.
.

First step, download the tool(s) needed by certutil

Download NSS 3.11 for windows
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_RTM/WINNT5.0_OPT.OBJ/

Download Nspr 4.6 for windows
http://ftp.mozilla.org/pub/nspr/releases/v4.6/WINNT5.0_OPT.OBJ/

Note that those are not the latest versions of the binaries, as the download folders for later versions do not contain windows binaries,
You could try to “build” a later version of the tool, but this is not the purpose of this post.
.

Second Step, mix it all together

Unzip NSS to a folder
You should get the following folder structure

/bin (this is where you can find the certutil.exe utility, but it won’t work straight out of the box)
/include
/lib

copy the contents of the /lib folder to the /bin folder

Unzip NSPR

You should get the following folder structure (same as for NSS)

/bin
/include
/lib

copy the contents of the NSPR /lib folder to the NSS /bin folder

copy the certificate you want to deploy at the same level
.
you should get this structure

/bin (now also contains libs from nss and nspr)
/include
/lib
mycert.cer
.

In order to import the certificate into the user cert8.db, the command is the following

Certutil.exe -A -d path to folder where cert8.db can be found -i certificate -n Name of cert -t level of trust

.
The directory is different for each user. In order to find it, you need to look into the following file:
C:\Users\ *UserName* \AppData\Roaming\Mozilla\Firefox\profiles.ini

Here is an example of a profiles.ini

[General]
StartWithLastProfile=1

[Profile0]
Name=default
IsRelative=1
Path=Profiles/hicgn0ja.default
Default=1

For the user testuser cert8.db file will be found in the folder C:\Users\testuser\AppData\Roaming\Mozilla\Firefox\Profiles\hicgn0ja.default

Here is the vbscript I use for deploying the cert: (no support will be provided, test before using it).
.
.
CONST ForReading = 1
Set objNetwork = WScript.CreateObject(“WScript.Network”)
strUserName = objNetwork.UserName
Set fso = CreateObject(“Scripting.FileSystemObject”)
Set ObjShell = Createobject(“wscript.shell”)
Set FileSystem = CreateObject(“Scripting.FileSystemObject”)
strDBFileLocation = “cert8.db”

mydir = Replace(WScript.ScriptFullName,WScript.ScriptName,””)
strProfileLocation = “C:\Users\” & strUserName & “\AppData\Roaming\Mozilla\Firefox\profiles.ini”

If (fso.FileExists(strProfileLocation)) Then
‘wscript.echo “file exists”
strData = FileSystem.OpenTextFile(strProfileLocation ,ForReading).ReadAll
arrLines = Split(strData,vbCrLf)

For Each strLine in arrLines
If Left(strLine, 14) = “Path=Profiles/” then
strProfileName = Right(strLine, (len(strLine) – 14))
End if
Next

strProfileFolder = “C:\Users\” & strUserName & “\AppData\Roaming\Mozilla\Firefox\Profiles\” & strProfileName

if (fso.FolderExists(strProfileFolder)) Then
myfile = strProfileFolder & “\cert8.db”
oldfile = strProfileFolder & “\cert8.old”
FileSystem.CopyFile myfile, oldfile, True
‘wscript.echo “folder exists”
End if

Certcmd = “Bin\Certutil.exe” & ” ” & “-A -d ” & strProfileFolder & ” ” & “-i” & ” ” & “certname.cer” & ” -n” & ” certname -t” & ” ” & “””CT,c,c”””

Objshell.run Certcmd,0,True

Else
Wscript.Quit()
End if

I did not try yet to use other features of the Certutil tool or of other tools that come with the downloads.
more information can be found on Mozilla’s website developer.mozilla.org

Sccm Reporting: list updates that are part of a Software Update Group

While Sccm provides a lot of standard reports, sometimes they do not give you the information you want.

Let’s take a simple example.

If I go to Software Library / Software Updates / Software Update Groups, I can select one of the groups and show its members to display the list of updates that are part of the group. Now let’s try to provide this list to another person… it should be simple, right ?

But wait, I can’t export this view, cannot print it… and there does not seem to be a report for this in the default report list.. ?

Let’s build one by ourselves… !

.

Step 1: Find what tables / views are being used by the console

If you are proficient in SQL, you could use SQL Server Management Studio to query the tables and views until you find the information you are looking for.

An -easier – alternative is to look at the code the Sccm console is using to provide you with the results you are looking for. This can be done by looking at the sccm logs in Smsprov.log. For each operation in the console, you will get some SQL queries being run in the background, and those will appear in this log. (note that this log is to be found on the server itself, you will not find it on a  computer where the console is installed).

smsprov.log1

Now open Sql Server Management Studio and validate that the information returned is what you are looking for.

For my part I choosed to reduce the number of colums returned so as i can use them to create a report.

My Sql query looks like this :

select all upd.ArticleID,upd.BulletinID,upd.DatePosted,upd.DateRevised,upd.IsExpired,upd.IsSuperseded,upd.Description,upd.DisplayName,upd.CIInformativeURL from vSMS_CIRelation as cr,fn_ListUpdateCIs(1033) as upd where ((cr.FromCIID = 16832645 AND cr.RelationType = 1) AND upd.CI_ID = cr.ToCIID)

order by upd.DatePosted

.

Step 2: Let’s Create a Report based on our Query

.

smsprov.log2

Create a new Sccm SQL-Based Report, define the name and path and the Report Builder will automatically open.

smsprov.log3

Select to Create a new Table or Matrix, and for the Query Design window, click simply on Edit as Text and copy your query.

smsprov.log4

Select all fields and add them to the Values group.

smsprov.log5

There you are, resize the colums to get a report that looks a bit nicer.

.

Step 3: Make the report more user friendly

While report provides us with the updates present in a software update group, this software update group is fixed by our query. Let’s make it work for all Software Update groups…

In order to do this we need to get a list of Software update groups and their corresponding ID.

Here is a query that does just this:

select SMS_AuthorizationList.CI_ID,SMS_AuthorizationList.DisplayName from fn_ListAuthListCIs(1033) AS SMS_AuthorizationList

In order to be able to use this query we need to create a second dataset based on this query

smsprov.log6

We then define a new parameter

smsprov.log8

which values are based on the Second Dataset

smsprov.log7

We can now change the query of our first dataset to use the parameter:

select all upd.ArticleID,upd.BulletinID,upd.DatePosted,upd.DateRevised,upd.IsExpired,upd.IsSuperseded,upd.Description,upd.DisplayName,upd.CIInformativeURL from vSMS_CIRelation as cr,fn_ListUpdateCIs(1033) as upd  where ((cr.FromCIID = @ReportParameter1 AND cr.RelationType = 1) AND upd.CI_ID = cr.ToCIID) Order By upd.ArticleID

We replace our fixed CI_ID with the parameter.

Now when we launch the report, we can choose which Software Update Report we want to target.

You can automatically update the report title by using a TextBox using the expression

=Parameters!ReportParameter1.Label

Finally I made the url clickable via the following change

smsprov.log9

Now we have a report that we can export, print and provide as needed.