Author Archive: Frank DeRienzo

Using a Named Instance of SQL Server with Adobe Connect

Issue: When using  a named instance of SQL server with Adobe Connect, if you enter the name of the instance during installation, the connection to the database will fail.

Workaround: Instead of using the name of the instance, you may enable TCPIP on the instance and use the IP address and then enter the port number for which the named instance is configured on the separate line as appropriate; if the named instance is listening on port 1833 (instead of 1433), then you would use the IPAddress (192.168.1.1)  and then the port number (1833) in the appropriate fields.

Using the instance name during installation after Connect version 8 will not work. The best approach is to use the port number of the instance and the IP Address of the database server.

To troubleshoot this, use SQL Server Configuration Manager:

Screen Shot 2014-02-21 at 7.59.05 AM

  • Make sure the instance has TCP/IP enabled.
  • Check to see what port the instance is listening on for that IP.
  • Use the IP address as server name (no instance name).  Put the port number in the port number field.
  • Make sure the named instance is listening on the port entered in Connect

Screen Shot 2014-02-21 at 7.59.41 AM

Screen Shot 2014-02-21 at 8.00.24 AM

Beginning with Connect version 8, the installer changed; in previous earlier versions, you would need to enter the the server instance and port on the same line.  The  newer installer has the port on a separate line:

HOST: INSTANCE-IP-ADDRESS
PORT: INSTANCE PORT-NUMBER
DATABASE NAME: SAMPLE-NAME
USER: SAMPLE-USER
PASSWORD: ****************
CONFIRM PASSWORD: ****************

The changes in the installer (beginning with Connect version 8) caused some confusion with named instances.

A named instance will work on an initial installation.  Sometimes, in an effort to troubleshoot you may initially point to a conventional instance of SQL in order to establish the installation and then point the established Connect installation to a named instance. The DB connection from an established Connect installation is more robust and forgiving than that of an initial installation.  After the installation is complete, you can modify custom.ini to include the instance name.

Note: You could use the server name, but you would need to ensure that the named instance has NAMED PIPES enabled.

Select Captivate content will not publish directly to an Adobe Connect server

Issue: When attempting to publish Captivate content that includes a random question slide linked to an empty question pool directly to an Adobe Connect server Captivate crashes. We reproduced this issue with a Captivate file composed of a quiz with a set of random questions near the end of the project. Upon clicking on the publish button, a dialog box pops up stating that there are more random question slides than questions available in the pools. The options are to click “yes” to publish or to click “no” to invoke the question pools manager and edit the quiz. Upon clicking yes to publish the file, the error message ensues warning that your attempt to publish your project to the Adobe Connect Server has failed.

Result: Captivate crashes aborting the publishing process.

3203688.fw

Workaround: Publishing the Captivate project as a .zip file works fine.

Expected: Captivate content that includes a random question slide linked to an empty question pool should publish directly to an Adobe Connect server without any issues.

This problem is scheduled to be addressed in Connect 9.3 with Captivate 8

Content Availability & Replication among Clustered Connect Servers

This article addresses how to make sure every URL int a Connect cluster pops up like your grandmother’s trustworthy old pop-up-toaster.  If some published content will not play or display properly from your Connect cluster, do the following:

  • Make sure that the load balancing device in front the Connect cluster is not using sticky sessions or session awareness.
  • If you are using a Big-IP LTM, make sure that Nagle’s Algorithm is turned off .
  • Make sure that Clustered servers communicate with each other on ports 8506 and 8507. A simple netstat -an from the command prompt on each server will make certain each server is listening on 8507.
  • Don’t try to cheat on the number of documented VIPs required on the load-balancing device or SSL accelerator. Only one VIP is not the right answer.
  • When the servers cannot communicate, trouble ensues.Clustered servers need to be able to communicate with each other on port 8507. When they cannot communicate, the links to content will be broken and end users may experience hanging videos or unavailable content.
  • Search in your debug log for “cluster-”
    • [01-31 18:20:23,729] cluster-8507-696969 (INFO) MirrorHandler: waiting for commands”    2014-02-10T16:30:23.739-0600….
    • If you do  not see cluster-8507 then there is a replication communication problem on 8507
  • To help facilitate troubleshooting, during setup and during upgrades, if possible, allow the servers to have external access – at least allow the monitored and screened ability to toggle external access on and off by special request if needed. This will allow you access to Adobe’s license server and also to troubleshooting tools.
  • Install telnet on each server. Telnet is a great test tool. Placing telnet on each server and actually testing connectivity to each and from each server on ports 8506 and 8507 is prudent.
  • It is also prudent to have a useful browser on each server. I often install FireFox on each server along with the latest available Flashplayer. You may want to install Flashplayer on IE as well even though enhanced security will render it a challenge to use for any useful troubleshooting purposes. Useful flash-enabled browsers will facilitate direct tests on any problematic content on the servers from the servers thereby eliminating network and load-balancing variables when isolating issues.

Controlling Recording Playback through the URL

When added to a Connect archive recording URL, the following suffixed commands will force the prescribed behavior. This may help with projects that include the embedding of archive recording URLs.

  • pbEIOpen=true – the event index would come up opened
  • pbEIOpen=false – the event index would come up closed
  • pbEIOverlay=true – the event index would show up in overlay mode
  • pbEIOverlay=false – the event index would show up in persistent mode
  • pbMode=normal – open in normal playback mode
  • pbMode=edit – open in editing mode
  • archiveOffset=parameter in milliseconds – open to a specific time in the recording

You can modify the URLs along these lines; use an “&” to concatenate multiple parameters.

Every recording will automatically append ?launcher=false&fcsContent=true. You cannot play a recording in the Connect Meeting addin; if you append ?launcher=true, it will toggle to ?launcher=false and open the recording in the browser:

This URL is an example of what a normal URL would look like during recording playback:

https://connect.mydomain.com/recording1/?launcher=false&fcsContent=true&pbMode=normal

To change this to open with the index closed, append pbEIOpen=false like this:

https://connect.mydomain.com/recording1/?launcher=false&fcsContent=true&pbMode=normal&pbEIOpen=false

Demystifying Mixing VoIP and Telephony in a Meeting

With Unified Voice (UV) enabled and selected from within a meeting room:

The host may choose: Meeting>Preferences>Audio Conference>Allow participants to use Microphones: When Allow participants to use Microphones is checked, participants have power to enable their own microphones within the meeting. When it is unchecked, the host must enable microphones first and then the participant can enable the microphone with host permission within the meeting:

uv-1.fw

In either case, checked or unchecked, the host needs to first start the audio conference within any meeting:

uv-1b.fw

And the participant needs to choose the microphone option and enable it (even though the host has enabled it manually within the meeting or set it as permanently enabled within the room):

uv-1a.fw

Note that by default, when UV is in use, the telephony option is checked for the participant:

UV2.fw

The participant must select the microphone option in order to use the microphone instead of the phone; this will allow the microphone to broadcast to the users in the meeting using UV telephony:

UV3.fw

With all these settings in place, VoIP microphones can talk to telephony and telephony to VoIP and both will be audible in an archive recording for playback on demand.

Using iframe to Invoke an Adobe Connect-hosted URL

Make sure that the iframe reference is formatted correctly.

When referencing an a meeting archive recording, it is best to first move an archive from under its parent meeting to the Connect Central content library before referring to it via iframe.

Do not let the URL of the archive recording redirect to Connect Central login page. To bypass the login screen you may either parse a username and password as a parameter in the URL or you may set permissions on the referenced content URL in Connect Central to allow for public viewing.  The latter option is usually the best. To avoid exposing the genuine user’s password as plain text in a GET request, it is usually best to simply make the recording public in Connect Central then link it. Alternatively, you may also create a new user in Connect Central with no other permissions except access to the referenced URL.

Referencing content in Connect Central that is set to public viewing:

<iframe src=http://connectdomainname.adobeconnect.com/customurl1″></iframe>

Referencing content by parsing a username and password:

<iframe src=”http://connectdomainname.adobeconnect.com/username?login=username@adobe.com&password=userpassword&account-id=12345678” width=”600″ height=”600″></iframe>

When referring to multiple URLs whether archives or MP4s or other Connect-hosted links, be sure to use a separate iframe reference for each Conenct URL rather than attempting to wrap all URLs in a single iframe reference. For example, two public links together in a table might look like this:

  <tr>
    <td width=”600″><iframe src=”http://connectdomainname.adobeconnect.com/customurl1″></iframe></td>
  </tr>
  <tr>
    <td><iframe src=”http://connectdomainname.adobeconnect.com/customurl2″></iframe></td>
  </tr>

Configuring Adobe Connect to take Advantage of Database Mirroring

Full redundancy requires that the Connect database be either mirrored or clustered; Adobe uses mirroring as the preferred solution.

The following example settings in the custom.ini file are needed to configure Connect to take advantage of SQL Mirroring:

DB_NAME=ConnectDBName

DB_HOST=ConnectDBPrimaryHostName

DB_BACKUP_HOST=ConnectDBSecondaryHostName

DB_URL=jdbc:macromedia:sqlserver://{DB_HOST}:{DB_PORT};databaseName={DB_NAME};user={DB_USER};password={DB_PASSWORD};AlternateServers=({DB_BACKUP_HOST}:{DB_PORT};DatabaseName={DB_NAME});ConnectionRetryCount=12;ConnectionRetryDelay=10;FailoverMode=extended;FailoverPreconnect=false;FailoverGranularity=atomic

Note: Change the first three variables as appropriate, but do not make any changes to the DB_URL.  It is all one line and it pulls the values from the other three entries in custom.ini:

The follwoing setting is always pudent whether using mirroring or clustering, but it is particularly important if you are clustering SQL. If you are running the Connect SQL database in a SQL cluster rather than in a mirrored environment, you will want to make sure that Connect makes multiple database connection attempts during SQL fail-over. If Connect loses its SQL database, the entire Connect cluster will go down and it will wait for an administrator to manually reconnect to the database through launching the Connect configuration console on port 8510. Add the following to the custom.ini file to support any delays in clustered SQL fail-over:

DB_URL_CONNECTION_RETRY_COUNT = 15
DB_URL_CONNECTION_RETRY_DELAY= 30

The actual JDBC string That invokes these variables is in the config.ini file:

DB_URL=jdbc:macromedia:sqlserver://{DB_HOST}:{DB_PORT};databaseName={DB_NAME};user={DB_USER};password={DB_PASSWORD};ConnectionRetryCount={DB_URL_CONNECTION_RETRY_COUNT};ConnectionRetryDelay={DB_URL_CONNECTION_RETRY_DELAY}

Save the custom.ini and cycle the services.

 

 

Event Template Account Logo will not Publish

Issue: The Connect Events template account logo in AEM does not change when you attempt publish a new template logo

Solution: To change the account logo on Event templates, you need to change the account logo of the Connect account from within Connect Central:

Click on the the thumbnail image to see the Customization page in Connect Central: Administration > Customization > Customize Central

Event-logo-CC.fw

 

For more information on Connect Central customization options see the following help link: Customize the Adobe Connect Central user interface

For more customization options see the following resource: Extensions : Solution extensions

For more information on Events Templates see the following tutorials:

Creating and Editing Event Templates

Resetting the Default Event Templates in Adobe Connect

Creating a Two Person Event Template with Adobe Connect

Event Administration in Adobe Connect 9

Adobe Connect 9: Event Migration Guide

Improving the Performance of Connect Meeting Clustered Fail-over

To improve the performance of Connect Meeting fail-over in a cluster, make the following changes to the custom.ini file and cycle the FMS and Connect services or reboot the connect servers:

The installation documentation for clustering originally prescribed setting the MEETING_TIMEOUT variable to 0 as shown:

#For Connect 8&9 Cluster fail-over add the following
MEETING_TIMEOUT=0
MEETING_CONNECT_BACK_TIME=1

We have discovered that setting the MEETING_TIMEOUT variable to 1 insures that a meeting will only have one active session while setting the MEETING_TIMEOUT variable to 0 opens the possibility (although rare) of a meeting having more than one active session. The result is a bit odd. Everyone could be happily in an ongoing Connect meeting while one attendee is alone in what appears to be the same meeting. This is usually triggered by an some form interruption in the isolated users meeting session such as from a brief outage in the network connection of the isolated user.

The new recommended custom.ini setting looks follows:

#For Connect 9 Cluster fail-over add the following
MEETING_TIMEOUT=1
MEETING_CONNECT_BACK_TIME=1

Save the custom.ini after making the change and cycle the Flash Management Sever and Adobe Connect Server services.

In Connect version 9.2, the meeting timeout session may be set back to 0 as we have made the appropriate code changes to insure the functionality works as originally intended even if a user experiences network interruptions and must reconnect to the meeting.

SSL Configuration Checklist for Connect with AEM-based Events

This supplemental checklist alongside the  Adobe Connect installation guide and the SSL Configuration guide, will help expedite your SSL implementation of Connect with AEM-Events:

1. Always begin with a fully functional installation of Connect and AEM-based Events before adding SSL; Do not attempt to secure a server that is not fully tested to run all features without SSL: A server running all features in the clear with no problems manifested is the only place to begin.

2. Decide whether to use hardware-based or software-based SSL and obtain appropriate public certificates and FQDN’s. If needed, see Mohit’s excellent instructions to generate CSRs. If you are using software-based SSL, stunnel can either be installed locally or on a separate server. If you are using hardware-based SSL you will want to refer to the relevant third-party documentation along with that provided by Adobe. For F5 BIG-IP LTM, the following articles along with this blog article and the resources aforementioned will help:

For information about stunnel installation options with Connect 9, see Jim’s blog post on Adobe Connect 9.0.0.1 and 9.1 stunnel installation options. Within the 9.0.0.1 installation folder, under  \Adobe Connect 9.0.0.1\Adobe Connect\Merge_Modules, we provide the installer for  stunnel-4.53.  From there, you can install Stunnel 4.53 for your SSL deployment. Adobe QE has tested stunnel version 4.56 collocated with Connect – installed within the Connect installation directory. These days it is arguably prudent to use the latest security option tested. Depending on the version of Connect you are running, if you wish to use stunnel locally, then you would create and/or populate the stunnel directory under the root install directory: Connect\9.1.2\stunnel.

Click on this thumbnail diagram below to see what it would look like with a hardware-based SSL accelerator:

C9SSLAEMSingle

Click on this thumbnail diagram below to see what it would look like with stunnel collocated with Connect:

C9SSLAEMStunnel

The rest of this checklist & summary will assume stunnel is being used collocated with Connect, but the configuration variables will apply to hardware-based external SSL acceleration options as well and even a casual glance back at these diagrams will help you infer the differences.

The sample file editing offered herein will be based on the single server stunnel example depicted in the diagram above.

3. Four FQDN’s are required: This is how our working example FQDN list would appear in a host file.

  • 192.167.21.176  connectmtg.domain.com
  • 192.167.21.175 connect.domain.com
  • 192.167.21.174:443  cqauthor.domain.com
  • 192.167.21.173:443  cqpublisher.domain.com

4. Four certificates (or a wildcard certificate) is needed; here is the list of certificates for SSL following our example:

  • connectmtg.domain.com
  • connect.domain.com
  • cqauthor.domain.com
  • cqpublisher.domain.com

Note: These are depicted in our working example as a wildcard certificate: domain.com. If the certificates are not trusted public certificates, then meeting rooms will not open; self-signed certificates will not work with meeting unless they are installed on all clients. Place the certificates into the stunnel installation directory: \Connect\9.1.2\stunnel\

5. Backup and edit the stunnel.conf file: in the \Connect\9.1.2\stunnel\ directory to set up the four VIPs and pools:

stunnel.conf for four servers on one
; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = all
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
TIMEOUTclose=0
options = DONT_INSERT_EMPTY_FRAGMENTS
; Service-level configuration
[https-vip]
; incoming vip for https (to secure Connect Application Traffic)
; ip address of the server with stunnel on it
; listens on port 443
accept =192.167.21.175:443
; ip of the connect server
; send the unecrypted request to port 8443
connect =127.0.0.1:8443
; Certificate info for Connect cert key in stunnel root
cert = domain.com.cert.pem
key = domain.com.key.pem
[rtmps-vip]
; incoming vip for fms (to secure Connect Meeting Traffic)
accept = 192.167.21.176:443
; ip of the fms server
; Send unencrypted request to 1935
connect = 127.0.0.1:1935
; Certificate info for Connect meeting cert key in stunnel root
cert = domain.com.cert.pem
key = domain.com.key.pem
[CQ_Author-vip]
; incoming vip for CQ-Author (to secure AEM-based Events Authoring)
accept = 192.167.21.174:443
; ip of the CQ Author server
; Send unencrypted request to 4502
connect = 127.0.0.1:4502
; Certificate info for CQ Author cert key in stunnel root
cert = domain.com.cert.pem
key = domain.com.key.pem
[CQ_Publisher-vip]
; incoming vip for CQ-Publisher (to secure AEM-based Events Publishing)
accept = 192.167.21.173:443
; ip of the CQ Publisher server
; Send unencrypted request to 4503
connect = 127.0.0.1:4503
; Certificate info for CQ Publisher cert key in stunnel root
cert = domain.com.cert.pem
key = domain.com.key.pem

6. Next backup and edit the custom.ini file: By default, the custom.ini will point to 4502 and 4502 for CQ Author and Publisher respectively; you must change the links to reflect https rather than http and also change the  names to the correct FQDNs and also enable SSL for Connect with these following entries:

CQ_AUTHOR_SERVER=https://author.adobeconnect.com
CQ_PUBLISH_SERVER=https://publisher.adobeconnect.com
DOMAIN_COOKIE=adobeconnect.com
ADMIN_PROTOCOL=https://
SSL_ONLY=yes
RTMP_SEQUENCE=rtmps://external-host:443/?rtmp://localhost:8506/

7. Next backup and edit the server.xml file; in the \appserv\conf\ directory; uncomment two sections depicted here to enable SSL:

<Executor name=”httpsThreadPool”
namePrefix=”https-8443-”
maxThreads=”350″
minSpareThreads=”25″/>

<Connector port=”8443″ protocol=”HTTP/1.1″
executor=”httpsThreadPool”
enableLookups=”false”
acceptCount=”250″
connectionTimeout=”20000″
SSLEnabled=”false”
scheme=”https”
secure=”true”
proxyPort=”443″
URIEncoding=”utf-8″/>

Note: Be sure to test the server.xml file for correct editing by opening it in a browser and viewing any syntax errors.

8. After configuring the stunnel.conf, the custom.ini and the server.xml file for all four server instances, stop all five the services in the following order:

  • Adobe Connect CQ Author
  • Adobe Connect CQ Publisher
  • Adobe Connect Server
  • Adobe Flash Media Server
  • stunnel

9. After all services are completely stopped, start all five services in reverse order; do not cheat and just restart each one successively.

  • stunnel
  • Adobe Flash Media Server
  • Adobe Connect Server
  • Adobe Connect CQ Publisher
  • Adobe Connect CQ Author

10. Open a browser on the Connect server; go to localhost:4502 and log into CQ5 Author as an administrator and edit the URL

  • Select CRXDE Lite on the menu list on the right side of the screen
  • Go to: content>connect>c1>jcr:content
  • Scroll to the serverURL line
    • Edit the URL for https
    • https://cqauthor.domain.com

11. Open a browser on the Connect server and go to localhost:4503 and log into CQ5 Publisher as an administrator and edit the URL

  • Select CRXDE Lite on the right menu list
  • Go to content>connect>c1>jcr content
  • Scroll to the serverURL line
    • Edit the URL for https
    • https://cqpublisher.domain.com

12. Open a browser on the Connect server and go to localhost:4502/system/console/configmgr and log in as an administrator and edit the author externalizer name and statistics URL

  • Scroll to and edit the Day CQ Link Externalizer and edit the hostname value to reflect the FQDN of the Author server
  • cqauthor.domain.com
  • Scroll to and edit the Day CQ WCM Page Statistics and edit the localhost:4502 URL to reflect the FQDN of the Author server and HTTPS
  • https://cqauthor.domain.com/libs/wcm/stats/tracker

13. Open a browser on the Connect server and go to localhost:4503/system/console/configmgr and log in as an administrator and edit the publisher externalizer name and statistics URL

  • Scroll to and edit the Day CQ Link Externalizer and edit the hostname value to reflect the FQDN of the Publisher server
  • cqpublisher.domain.com
  • Scroll to and edit the Day CQ WCM Page Statistics and edit the localhost:4503 URL to reflect the FQDN of the Author server and HTTPS
  • https://cqpublisher.domain.com/libs/wcm/stats/tracker

14. Stop all services and and restart as shown in steps 8 & 9 or reboot the server

15. Log into Connect and test all features including the Events module.

Troubleshooting appendix:

  • Check to make sure all five  services are running and start any that are not running.
  • Once all the services are up, click on the stunnel.exe icon in the stunnel directory and insure that stunnel runs without errors
    • If stunnel.exe throws an error then examine the stunnel.conf for syntax problems
    • If stunnel.exe starts successfully then look elsewhere for problems
  • If  Firefox browsers Fail to Connect when stunnel is used to secure Adobe Connect, then double check to be sure that the
    • sslVersion = all
    • fips = no
  • To make certain the help files are served via SSL, follow the instructions in Jim’s blog article: Changing the Help Links to use HTTPS://
  • Make sure there is not a passphrase on stunnel: see Jim’s blog article Adobe Connect Stunnel prompting for passphrase when server/services restarts
  • If stunnel does not start with Connect upon reboot, this technique will help: Stunnel does not Startup with Connect
  • Depending on the version of Connect you are running, you may need to add the certificate to the java CA certificates in Connect in order to allow images in the AEM-based Events module to appear in Connect. Ignore this step unless you are running Connect 9.0.0.1 and even then, if at all possible, simply use a later version of Connect instead as this issue has been fixed and this workaround is made superfluous for later versions:
    • For 9.0.0.1, export and then import the SSL certificate: Log into Connect and click on the lock in the URL line to the left of HTTPS and click the button in the pop-up: More Information>View Certificates>Details>Export to export the SSL certificate. Save the certificate in the jre\bin directory in the root install directory for Connect: Connect\9.1.2\jre\bin
    • Use the command prompt to complete the importation: F:\Connect\9.1.2\jre\bin> keytool -import -trustcacerts -alias connect -file certificate-name -keystore cacerts
      • The default password is changeit.
      • Overwrite any existing certificate.
      • The italicized alias connect is a variable
      • The italicized certificate-name must match the name of the certificate