Posts in Category "Application"

On-premise Connect Installation Hangs Connecting to the Database

Symptoms: Installing with clean images on servers, the Connect Installation with the appropriate local Administrator permissions seemed to be successful but upon clicking “Done” its hangs indefinitely. Restarting the services does not help and the Connect Configuration Console on the local Connect server will not come up. Rebooting the VM will not bring Connect up. In the error.log, it reads:

“Start up error: java.lang.Exception: invalid backup folder: \\connectsharedstorage\connect.” START_UP    START_UP_ERROR….

Note: replace connectsharedstorage\connect with your UNC path to shared storage.

Solution: This error indicates that shared storage is expected by the database but is not configured on the Connect server. This may inadvertently be overlooked during an upgrade instance when a new server (perhaps with a new OS) replaces an older server. The fresh Connect installation, upon pointing to an existing upgraded database that has possibly been updated by script or maybe by the older server image, is expecting shared storage to be in place, but it is not yet configured on the new Connect server. To get past this, edit the Shared Storage entry in the PPS_Config table of the Connect Database to “NULL” and restart the services.

Configuring Secure SQL with Connect

It may be prudent to secure the connection between the Adobe Connect application servers and the SQL database.

Begin with the SQL server and then move onto the Connect server(s); if your SQL server is shared then begin with a change request to the DBA who has charge over the shared SQL environment. If your SQL database is already secure, you may skip Part I.

Part I. Securing the MS SQL Database Server:

First open the Certificates snap-in:

1. Open the MMC console, click Start, and then click Run; In the Run dialog box type:  MMC
2. From the  File menu, click Add/Remove Snap-in….
3. Click Add, and then click Certificates. Click Add again.
4. You are prompted to open the snap-in for the current user account, the service account or for the computer account. Select the Computer Account.
5. Select Local Computer, and then click Finish.
6. Click Close in the Add Standalone Snap-in dialog box.
7. Click OK in the Add/Remove Snap-in dialog box. Your installed certificates are located in the Certificates folder in the Personal container.

Use the MMC snap-in to install the certificate on the server:

  1. Click to select the Personal folder in the left-hand pane.
  2. Right-click in the right-hand pane, point to All Tasks, and then click Request New Certificate….
  3. The Certificate Request Wizard dialog box opens. Click Next. Select Certificate type is “computer”.
  4. In the Friendly Name text box you can type a friendly name for the certificate or leave the text box blank, and then complete the wizard. After the wizard finishes, you will see the certificate in the folder with the fully qualified computer domain name.

You are done now with installation of certificate on the SQL server, next you will need to export the certificate so that the same can be imported in the Connect application server.

  1. Open MMC, and then locate your certificate in the Personal folder.
  2. Right-click the certificate name, and then click Open.
  3. Review the Certification Path tab. Note the top most item.
  4. Navigate to the Trusted Root Certification Authorities folder, and then locate the Certificate Authority noted in step 3..
  5. Right-click CA, point to All Tasks, and then click Export.
  6. Select all the defaults, and then save the exported file to a location where the Connect application server can gain access to it.

Configure SSL encryption in the MS SQL instance:

1. On the SQL server start menu open Microsoft SQL Server>Configuration Tools> SQL Server Configuration Manager:

SQLsecure1.fw

2. Expand SQL Server Network Configuration, then right-click Protocols for MSSQLSERVER, and choose Properties. Select the Flags tab and change the Force Encryption setting to Yes.

sqlserverencryptionstep2

3. Under the Certificate tab, choose the certificate created earlier from the drop down list:

SQLsecure4

The database is now ready for secure connection with the Connect application server.

Part II. Configure the Connect application server to support a secure SQL connection:

Importing the certificate onto the Connect application server

  1. Copy the certificate from MS SQL Database server to the Connect application server(s) or to an accessible share.
  2. Navigate the Connect application sever by using the MMC snap-in, and then browse to the Trusted Root Certification Authorities folder.
  3. Right-click the Trusted Root Certification Authorities folder, point to All Tasks, and then click Import.
  4. Browse, and then select the certificate (.cer file) that you copied in step 1. Select the defaults to complete the remaining part of the wizard.

Create a Trust Store

1.  Be sure to have java installed on your Connect application server; at the command prompt, navigate to the bin directory of your JRE, and execute the following command:

keytool -import -file  <certificate file path> -alias firstCA -keystore <any name for trust store>
Note: This step will queue for a password, create and record a password for future reference.

2. In the ConnectProSvc.conf in the appserv\conf directory, add the following entries in the list of JAVA arguments:

wrapper.java.additional.28=-Djavax.net.ssl.trustStore= <path of Trust Store file created in step 1>
wrapper.java.additional.29=-Djavax.net.ssl.trustStorePassword=<password you created in step 1>

Configure the secure connection in Connect:

1. In custom.ini file under the root Connect installation directory, add the following entries:

DB_ENCRYPTION_METHOD=SSL
DB_VALIDATE_SERVER_CERTIFICATE=true

2. Cycle the services or reboot the server:

Adobe Connect Service
Flash Media Service

Note: For secure LDAP or LDAPS with Connect and for additional granularity around the paths and keystore see the following tech-note: Configure Connect Directory Services to use LDAPS

Stop Sharing Button On IE Is Not Available Any More.

Description : We use to get this button on IE when we share the screen.

StopSharinghowever now this button is no longer available.

Reason being it interfaces with the DWM (Glass effect of windows 7+).

DWM : Stands for Desktop Window Manager Click here

We used to support Windows XP which had no Glass effect and thus it was not a problem. On windows 7 we used to switch the DWM off before starting the screen share. Window 8 onwards the DWM cannot be programmatically switched off and thus this button was causing problems. Many applications change the Glass area and IE is one of them. Others include Chrome, FireFox, Office etc. In case the applications change the Glass area then it’s a matter of timing to Display the button or the custom title bar the application draws.

This was actually a bug 2943337 due to which the button

StopSharing

Intermittently disappears. The bug is only reproducible with the applications which have custom title bars. Ex. Real Player/Office Apps/Live messenger and media players. With the Office 2007 applications the title bar is custom drawn and thus it intermittently draws over the button and it disappears. This only happens with skinned title bars, Skinned apps try to redraw their title bars so button disappears until we redraw again.

The “Red Button” never worked for 64 bit processes. This will also not work for any apps which have skinned title bar as i said earlier. Moreover this feature will not work if the process in question is sandboxed (Acrobat for example).

Yes downgrading IE will help probably but it’s not something we can recommend in good faith as it will expose the users to all kinds of security bugs. (Not recommended)

o    Windows 8 and onwards the button is not even an option as DWM can’t be switched off by programs programmatically and the button itself has issues when DWM is on

o    As of today this button has been disabled permanently.

Hope this helps those users who are expecting the red buttons on their IE when sharing the Application or Windows and not desktop using Adobe Connect Meeting Room,

Thanks,

Remove “Review” message in training content (on-premise installs)

Once a training is completed you can review it. When in review mode a message is displayed at the top of the browser window and in the window title.

Here’s a screenshot of the message showing on a training item in review mode:

reviewMode

Here’s how to remove the message and window title on your on-premise server (tested with 9.3.1c).
The change will remove the review message and title from the content window. It will not remove the review button shown under “my training” within Connect central.

Find the file: C:\Connect\9.3.1\appserv\apps\system\content.xsl and take a backup copy of it.

Open it in an xml friendly text editor such as notepad++ and find the following section and comment it out:

<xsl:variable name=”is-review”>
<xsl:choose>
<xsl:when test=”/results/extra/is-review”><xsl:value-of select=”/results/extra/is-review”/></xsl:when>
<xsl:otherwise><xsl:text>false</xsl:text></xsl:otherwise>
</xsl:choose>
</xsl:variable>

Commented:

<!–
<xsl:variable name=”is-review”>
<xsl:choose>
<xsl:when test=”/results/extra/is-review”><xsl:value-of select=”/results/extra/is-review”/></xsl:when>
<xsl:otherwise><xsl:text>false</xsl:text></xsl:otherwise>
</xsl:choose>
</xsl:variable>
–>

Add the following just below:

<xsl:variable name=”is-review”>
<xsl:choose>
<xsl:when test=”/results/extra/is-review”><xsl:text>false</xsl:text></xsl:when>
<xsl:otherwise><xsl:text>false</xsl:text></xsl:otherwise>
</xsl:choose>
</xsl:variable>

Apply the change to all nodes in your cluster and restart the Adobe Connect service for the change to take effect.

Please note: This is an unsupported change. I tested it on a 9.3.1c on-premise install, but should you encounter any issues with the training module or with other features in Connect, please restore the original file and restart the services.

Verifying the Installation of the Adobe Connect Add-in

The Adobe Connect Add-in is a modified Flash Player that enables enhanced features for Adobe Connect Meeting. The add-in is not required unless the following functionality is needed in any Adobe Connect Meeting:

  • Screen sharing a client desktop, window or application
  • Offline recording downloadable to the client in the FLV format
  • Sharing any supported file by dragging and dropping onto a Meeting share pod
  • Toast windows for Meeting management are enabled within the add-in
  • The add-in provides greater real-estate for the Meeting by eliminating the browser and actual room itself

If you are in a Meeting room using the browser and the standard Flash Player instead of the Meeting add-in, you will see the following appended to the meeting room URL: ?launcher=false

FP.fw

If you are in the add-in, the URL line is not even seen as that real-estate is allocated top the Meeting room:

addin.fw

The add-in is always launched from a browser:

brow-addin-launch.fw

To force the installation and invocation of the add-in, append the following to any Meeting URL: ?lightning=true

If while using the browser in any Meeting, you invoke a feature that is only supported in the add-in, the lightning add-in installer will quickly offer you the option to install the add-in. The process is very fast and seamless. By default, the add-in is installed from the following external URL: http://www.adobe.com/go/adobeconnect_9_addin_win

Within any Meeting room you may also go to Help>Downloads and see links for the add-in among many other resources:

help-about.fw

https://platinum.adobeconnect.com/common/help/en/support/downloads.htm

dwnlds.fw

If your organization does not allow clients to download software from external servers, you can host Adobe Connect Add-in on-premise.

The add-in installs to the client’s user profile so it does not require local administrative privileges to install. It is safe to say that if a user has the required permissions to download the standard Adobe Flash Player and install it, the Meeting add-in will not present any problems as it only requires standard user rights. There are, of course enhanced security requirement enforced in many infrastructures that will prevent a user from downloading and installing the add-in and where the add-in will need to be rolled out by an internal IT or client/network administration team as part of a standard image.

The addin is installed to the following under the user directory:

  • Windows: %appdata%\Macromedia\Flash Player\www.macromedia.com\bin\adobeconnectaddin
  • Mac: ~/Library/Preferences/Macromedia/Flash Player/www.macromedia.com/bin/

If installation is successful, within the Adobe Connect addin installation directory there will be four files:

  • adobeconnectaddin.exe  (the primary executable file)
  • digest.s (the file used by Flash Player to verify that the add-in has not been modified)
  • meetingconvertor.dll  (the file used to manage PPTX file fidelity)
  • connecthook.dll  (the file used to manage screen sharing)

A partial or corrupted installation of the add-in will be missing some or all of these files.

On occasion, the mms.cfg file will cause problems with the add-in it is found in the following directories:

  • Windows 32: C:/Windows/system32/Macromed/Flash (32-bit Windows)
  • Windows 64: C:/Windows/SysWOW64/Macromed/Flash (64-bit Windows)
  • MAC: MainDisk:Library:Application Support:Macromedia

Renaming the mms.cfg to mms.old and reinstalling the add-in solves installation problems in some cases. For information about the mms.cfg file and how it can be used for troubleshooting issues within an Adobe Connect Meeting, see the following technote: http://helpx.adobe.com/adobe-connect/kb/enable-logging-acrobat-connect-professional.html

Deleting Corrupted Ghost Meetings on Adobe Connect On-premise Servers

Deleting Corrupted Ghost Meetings on Adobe Connect On-premise Servers

Perhaps due to network outages or hardware failures, etc., there are rare occasions when the Adobe Connect database may become disconnected from the Adobe Connect server while active Meeting sessions are ongoing. It is prudent to avoid database outages while Connect is in use and to publish maintenance schedules so that Meetings are not in session when the database is taken offline for administrative reasons. In most cases when the database is disconnected, once it is reconnected, Connect will be fine and all Meetings will be functional upon full recovery of all systems. In the rare instance, that a Meeting is corrupted through a database outage and cannot be deleted through the Connect Central GUI, you may need to manually delete the Meeting room from the content library directory structure and possibly also from the database itself. If you see displayed at the corrupted Meeting URL, a gray window without any menu or pods, or if you see the following error when you hit a corrupt Meeting URL, you may need to manually delete the Meeting:

Request Not Processes” – “For further assistance, please refer to the Adobe Connect support center or contact Adobe Connect support

If the Meeting cannot be deleted through the Connect Central GUI, delete the content folder for the corrupted Meeting. You can identify it by its sco ID in the Connect\content directory:

content.fw

Restart the Connect and FMS services. If that fails to remove remnants of the corrupt Meeting from the database, try recreating the folder mentioned, (even with empty content), then attempt to delete the room again. If that fails, you may need to delete the Meeting references from the database manually:

sco: update pps_scos set disabled = getUTCdate() where SCO_ID=XXXXX

Note: XXXXX represents the actual sco ID of the meeting.

On-premise Adobe Connect Servers and Java

The question occasionally comes up: May I freely update Java on my Adobe Connect on-premise server?

And actually this question should be split into two questions:

  • What version of Java may I use?
  • What update of that version may I use?

It is important to keep these two questions separated because going from 1.6.0_37 to 1.6.0_45 is different from (more trivial than) moving from Java 6 to Java 8 (whereby compatibility issues could result).

With reference to the shipping version with Connect, our standard is Java 7, and has been since 9.1.1. Since we make every effort to keep Adobe Connect up to date with its surrounding infrastructure,we will evaluate a move to Java 8 going forward, as eventually public Java 7 updates will come to an end.

With reference to the updaters, Oracle releases quarterly Critical Patch Updates (see http://www.oracle.com/technetwork/topics/security/alerts-086861.html), and we have been striving to keep up with these (although our release cycle does often mean that we are one or two quarters behind so as to allow for time to fully test). The version being packaged with 9.4 is 1.7.0_71, the Critical Patch Update from Oct 2014.

While we  don’t believe there is any particular compatibility issue with moving from JRE 6 to JRE 7, nevertheless we do not recommend that customers update the JRE separately from Connect itself. There are multiple reasons for this:

  • We have uncovered JRE bugs in the past during our performance/longevity tests.
  • We also moved from 32-bit JRE to 64-bit JRE and this necessitated sizing changes (heap size etc.).

Heap size is an important variable that warrants performance testing to ensure that the sizing is adequate for the target JRE version. All this is due diligence is done as part of our packaged Connect builds; by updating outside of our quality assurance and performance testing cycles, you add unnecessary risk. It is best to take full advantage the battery of testing accomplished by the Adobe Connect engineering team; by upgrading the JRE separately, you will create an infrastructure with variables that have not been fully tested and thereby assume commensurate risk.

Last Minute Managing of Large Adobe Connect Hosted Seminars

Currently, as of Connect 9.3.1, Adobe Connect hosted Seminars may launch on regular Connect Meeting server instead of their designated Webinar servers. If Seminar preparation keeps the Seminar room open for an extended period just prior to to the actual Seminar itself, the Seminar may remain on a Meeting server that is not rated for a large capacity Seminar. Simple precautions will avoid this from happening.

In order to avoid this, on the day of the scheduled Webinar, be sure to open the Seminar room only 30 minutes prior to the start of the Seminar session. By opening the Seminar earlier and keeping it open for final editing right up to the start of the Seminar session, you can lock the seminar onto a regular Connect Meeting server rather than on a Webinar server designed for large capacity sessions. While you can certainly spend as much time as needed to prepare your seminar room in advance of the actual session, you should close the Seminar room for at least seven minutes prior to the actual scheduled Seminar session. Seven minutes is the time it takes the Seminar room to process garbage collection from editing and preparation activities before opening up for the real event.

Adobe is looking at ways to automate the transition from a regular Meeting server to a Webinar server with an eye toward  future release. In the interim, just be sure to time your final Seminar preparation to allow for transition to a Webinar server where large Seminar concurrency is supported with robustness.

Adobe Connect Add-in Compatibility with the Google Chrome Browser

Updated January 27, 2015:

Note: This article only applies to Adobe Connect on-premise server deployments. Adobe Connect hosted clients are unaffected.

The Google Chrome browser is currently shipping with two versions of the Flash plugin.  The default PPAPI and also the NPAPI Flash plug-in. The following versions of Adobe Connect installations are incompatible out of the box with the default PPAPI plug-in:

  • 9.1.2
  • 9.1.1
  • 9.0.1 – 9.0.4
  • 9.0.0.1
  • 8.2.2.4
  • 8.2.2

PPAPI plug-in incompatibility results in the Adobe Connect Add-in not being detected and launched in Chrome when invoked in a Connect Meeting. Even if the Add-in is installed, the meeting opens in the browser and not in the Connect Add-in. Upon attempting to share ones screen (a Connect feature supported in the Add-in but not in the browser), the following message appears:

chrome-addin.fw

Google Chrome, with the release of Version 40, will no longer use their whitelist to allow NPAPI  plugins to run without requiring approval: http://googleappsupdates.blogspot.com/2015/01/upcoming-changes-to-npapi-support-in.html Chrome users will not be able to use the Adobe Connect Add-in for the above listed versions of Connect. To address this problem, Adobe is patching the following Connect versions for use with Chrome:

  • 9.1.2
  • 9.1.1
  • 9.0.4
  • 8.2.2

These patches will fix the incompatibility problems with the PPAPI plug in. Adobe Connect servers that are not running one of these versions (or a later version) will need to be upgraded to the nearest later version to the one currently installed and then apply the appropriate Connect PPAPI patch.

There should not be any change in the behavior for Flash Player NPAPI in January because Flash Player is not listed among the applications  that are going to be removed in January:  http://blog.chromium.org/2013/09/saying-goodbye-to-our-old-friend-npapi.html

Workarounds until the patches are available:

  • You can attend Adobe Connect Meetings without the Adobe Connect Add-in, however the Add-in is required for enhanced functionality like screen sharing and making offline recordings.
  • Turn off auto-upate in Chrome so that you do not upgrade to a version of Chrome that is problematic.
  • Alternatively you can use any browser other than Chrome with Adobe Connect.
  • Manually enable NPAPI by clicking on the “Plug-in blocked” message in the URL bar and choosing “Always allow plug-ins on [website]” http://www.chromium.org/developers/npapi-deprecation

 

chrome-enable.fw

Note: In April 2015, this will no longer be an option as NPAPI support will be disabled by default in Chrome and Google will un-publish extensions requiring NPAPI plugins from the Chrome Web Store. Google will however provide an override for advanced users in the form of an ‘enable-npapi’ flag and enterprise policy to temporarily re-enable NPAPI.

The Adobe Connect API Accepts Special Charaters (+,$,# etc) if Executed with Encoded Values

Description : The Adobe Connect Web Services API accepts special characters such as (+,$,# etc) if you encode the characters. For example:

If a user Login employs the credentials shown below on the User Interface, it will work without issue.
User Name :- abc+def@adobe.com
Password :- Passw0rd

However, when the user uses the following API “/api/xml?action=login&login=abc+def@adobe.com&password=Passw0rd”

The plus sign is interpreted as though it were a space and the Login looks like this “abc def@adobe.com” resulting in the following:

  • <results>
  • <status code=”no-data”/>
  • </results>

In order to employ these special characters, you must encode them and then execute the API.  For instance in the above case we will execute an API as shown below :

/api/xml?action=login&login=abc%2Bdef@adobe.com&password=Passw0rd

Special character encoding reference information is found under URL :- w3schools  This reference is useful for those users who are trying to run API with special characters.