CSO NA11 – DATE (14 May 2015)

The application VIP NA11 is currently down. It may not affect ongoing meetings, but currently the web app VIP is being redirected to the status page. We are investigating aggressively and will follow up shortly.

 

** UPDATE ** – Issue has been repaired at 10:58 AM PST.

Offline FLV Archives Fast-forward during Playback

With Flash Player version 17.0.0.169, the Nellymoser audio codec used within Connect offline FLV Meeting archives played automatically in fast forward. This issue is resolved in the latest Flash Player.

The solution is to install Flash Player version 17.0.0.188 (or later depending on when you run into this issue) and all effected Connect FLV meeting archives will play normally.

https://get.adobe.com/flashplayer/

 

 

 

The begin screen-sharing button in Connect is obscured by the task-bar when resolution on a laptop screen is set to 1366×768

The begin screen-sharing button in Connect is obscured by the task-bar when resolution on a laptop screen is set to 1366×768. You will see this happen, if you use a laptop with 1366×768 screen resolution, attempt to share your screen in Connect. The effect is that the start screen sharing button is hidden behind the Windows task bar at the bottom of the screen:

Small Res - High DPI

The expected behavior is for the start screen share button to be accessible.

The workaround options are to either move the task-bar or change the screen resolution in order to expose the button, but since the start screen-sharing button is already highlighted or in focus albeit unseen, if you simply hit the enter key, screen-sharing will begin. Keep in mind that 1366×768 is the default screen resolution for some laptops.

Note: This is only reproducible in high DPI mode and it is not limited to the Connect Screen-sharing dialog. See how the basic operating system “Save As” dialog exhibits similar behavior at the same resolution:

Small Res - High DPI Windows Dialog

Configuring Secure SQL with Connect

It may be prudent to secure the connection between the Adobe Connect application servers and the SQL database.

Begin with the SQL server and then move onto the Connect server(s); if your SQL server is shared then begin with a change request to the DBA who has charge over the shared SQL environment. If your SQL database is already secure, you may skip Part I.

Part I. Securing the MS SQL Database Server:

First open the Certificates snap-in:

1. Open the MMC console, click Start, and then click Run; In the Run dialog box type:  MMC
2. From the  File menu, click Add/Remove Snap-in….
3. Click Add, and then click Certificates. Click Add again.
4. You are prompted to open the snap-in for the current user account, the service account or for the computer account. Select the Computer Account.
5. Select Local Computer, and then click Finish.
6. Click Close in the Add Standalone Snap-in dialog box.
7. Click OK in the Add/Remove Snap-in dialog box. Your installed certificates are located in the Certificates folder in the Personal container.

Use the MMC snap-in to install the certificate on the server:

  1. Click to select the Personal folder in the left-hand pane.
  2. Right-click in the right-hand pane, point to All Tasks, and then click Request New Certificate….
  3. The Certificate Request Wizard dialog box opens. Click Next. Select Certificate type is “computer”.
  4. In the Friendly Name text box you can type a friendly name for the certificate or leave the text box blank, and then complete the wizard. After the wizard finishes, you will see the certificate in the folder with the fully qualified computer domain name.

You are done now with installation of certificate on the SQL server, next you will need to export the certificate so that the same can be imported in the Connect application server.

  1. Open MMC, and then locate your certificate in the Personal folder.
  2. Right-click the certificate name, and then click Open.
  3. Review the Certification Path tab. Note the top most item.
  4. Navigate to the Trusted Root Certification Authorities folder, and then locate the Certificate Authority noted in step 3..
  5. Right-click CA, point to All Tasks, and then click Export.
  6. Select all the defaults, and then save the exported file to a location where the Connect application server can gain access to it.

Configure SSL encryption in the MS SQL instance:

1. On the SQL server start menu open Microsoft SQL Server>Configuration Tools> SQL Server Configuration Manager:

SQLsecure1.fw

2. Expand SQL Server Network Configuration, then right-click Protocols for MSSQLSERVER, and choose Properties. Select the Flags tab and change the Force Encryption setting to Yes.

sqlserverencryptionstep2

3. Under the Certificate tab, choose the certificate created earlier from the drop down list:

SQLsecure4

The database is now ready for secure connection with the Connect application server.

Part II. Configure the Connect application server to support a secure SQL connection:

Importing the certificate onto the Connect application server

  1. Copy the certificate from MS SQL Database server to the Connect application server(s) or to an accessible share.
  2. Navigate the Connect application sever by using the MMC snap-in, and then browse to the Trusted Root Certification Authorities folder.
  3. Right-click the Trusted Root Certification Authorities folder, point to All Tasks, and then click Import.
  4. Browse, and then select the certificate (.cer file) that you copied in step 1. Select the defaults to complete the remaining part of the wizard.

Create a Trust Store

1.  Be sure to have java installed on your Connect application server; at the command prompt, navigate to the bin directory of your JRE, and execute the following command:

keytool -import -file  <certificate file path> -alias firstCA -keystore <any name for trust store>
Note: This step will queue for a password, create and record a password for future reference.

2. In the ConnectProSvc.conf in the appserv\conf directory, add the following entries in the list of JAVA arguments:

wrapper.java.additional.28=-Djavax.net.ssl.trustStore= <path of Trust Store file created in step 1>
wrapper.java.additional.29=-Djavax.net.ssl.trustStorePassword=<password you created in step 1>

Configure the secure connection in Connect:

1. In custom.ini file under the root Connect installation directory, add the following entries:

DB_ENCRYPTION_METHOD=SSL
DB_VALIDATE_SERVER_CERTIFICATE=true

2. Cycle the services or reboot the server:

Adobe Connect Service
Flash Media Service

Note: For secure LDAP or LDAPS with Connect and for additional granularity around the paths and keystore see the following tech-note: Configure Connect Directory Services to use LDAPS

Security scans flag FMS used in Adobe Connect

Multiple Adobe Connect on-premise customers have informed us that some of their security scans are reporting that the version of FMS used in Adobe Connect is unsupported. There are no known open security issues in the version of FMS used in Connect today. The FMS components that are embedded in Adobe Connect on-premise deployments are fully supported under the maintenance and support agreements for Adobe Connect.  If any vulnerabilities are discovered in these components of Adobe Connect, they will be addressed per the guidelines of those support agreements.

Reducing the Number of Ports Listening on an Adobe Connect Server

Some ports that are not being used can be shut off:

Port 1111 is listening as part of the Flash Media Administration Service.  It does not serve any needed function and may be shut off as part of hardening or simply conservation of resources.

Note: Do not confuse the Flash Media Administration Service with the Flash Media Server or FMS, while the former is unneeded, the latter runs the Meeting server.

Port 2222 may also be closed. The Flash Media Gateway (FMG) service may be listening on that port if is was installed with Connect. If you are not using FMG for Unified Voice Telephony, then you may shut off that service as well.

Shut off and set to manual or disable either of both under the services MMC:

fig04

You may also quickly use commands to stop the ports instantly from listening; go to the command prompt with elevated permissions:

  • Run net stop fmsadmin (or sc stop fmsadmin)
  • Run net stop fmg (or sc stop fmg)
  • Run netstat -an|find “1111” or netstat -an|find “2222”to make sure they are down (or sc query fmsadmin or sc query fmg )

Compliance and Control features reset to default after uploading a new license file

Title :   Compliance and Control keeps getting reset after uploading a new license

Problem: Compliance and control settings may get reset when you upload a new license file on your Adobe Connect server install.

Environment: Licensed

Reason/Error Message of behavior: This is expected behavior and is working as designed.

Possible Solution: If it is necessary to re-upload the license file, a possible solution is to save these settings somewhere either by taking a screen shot or creating a spreadsheet and reapply them later once the license has been uploaded.

Contact Support with any questions : http://helpx.adobe.com/adobe-connect/connect-support.html

Unable to create training groups in Adobe Connect

Title :   While creating a new training group, you get an error message ‘Not Found’.

Problem: When you try to create a new training group from users and groups option listed under training tab, you receive a Not Found error.

MeetingMonitor

Environment: Hosted/Licensed

Reason/Error Message of behavior: This was logged as a bug in Connect 9.3 bug# 3958892 and is tentatively fixed in Connect 9.4.2.

Possible Solution: Since this is logged as a bug, and in order to create this group you will have to be in Virtual Classroom Managers group.

In case you do not have this group and using the old license, here is a workaround for that.

Create a csv file as shown below, also you can have multiple entries in the below format to add multiple groups simultaneously.

login,name

Test,Custom Training Group

Import this csv under users and groups for training, having following options checked.

ImportTrainingGroup

You may encounter some errors however the import would be successful.

Successfull_Import

The group would list under users and groups for training.

Capture

Contact Support if you have any queries : http://helpx.adobe.com/adobe-connect/connect-support.html

Receiving multiple reset password emails

Problem: Receiving multiple reset password emails when requesting reset password link using Forgot your password? option.

Environment: Hosted/Licensed

Reason/Error Message of behavior: If the login policy of your account is set to No, i.e you have Use email address as login set to No, and you create multiple users(say 50) having the same email address, Adobe Connect does not validate for duplicate email addresses of users. The reason being it will not be marked as required field due to this policy.

Blog

Hence when a user tries to reset his password and specifies his email address, it gets correlated with all the users who have this same email address, then Adobe Connect would send 50 emails to these email addresses which would basically end up in the same mailbox, since they all are the same. It tries to match the email address to the email fields of all the users and starts sending emails one by one. That may result in floods of email in a single mailbox.

Possible Solution:

The only solution to avoid this problem is to make sure you are not entering the same email address while creating multiple users, when you have use email address policy set to no.

You may also turn off this policy if its not a hard requirement in your organization and then there would be no conflicts in the email address and that would be created as unique always.

 

 

Dialout/Dialin Disable feature explained on Adobe Connect Mobile Devices

There are situations when a meeting host would like to disable the Dial-in/Dial-out feature in a Connect meeting room.

Explained below are the steps that can be followed for disabling the feature and what is the expected behavior that should occur in the case of mobile devices :

  • On a computer, join the meeting as a Host (the meeting must have an audio conference associated with the meeting)
  • Click Meeting > Preferences > Audio Conference (see screen shot on how to set up the preferences) and click Done to save the changes

 

Image-2

 

 

  • On Computer, click Audio > Start Meeting Audio (on the desktop side, the Join Audio Conference dialog box opens up and this is expected)
  • On Connect mobile, join the same meeting as a guest or participant.
  • On Connect mobile, guest user would see a ‘Join teleconference’  dialog box popup which allows user to enter his phone number. However, when user enters a phone number and attempts to dial out (Call my phone), it will display a red text message stating “Dial out disabled by host”.

 

Dialout disabled

 

This is how the feature works for users on Mobile devices.

 

Broadcast Telephony audio : Is it expected  when dial-out is disabled ?

If the host has enabled Broadcast Telephony audio in the audio conference settings in the meeting, as soon as a user joins the meeting from a mobile device, he should start hearing the hold music and also all the conversation that happens on the bridge on his mobile, although he would not be allowed to dial in our dial out from the mobile device.

The behavior on computer when logged in to a meeting as a guest and joined on mobile is the same where people will hear audio coming from their computer speakers and from the mobile device’s speakers. This is expected behavior for both guests who join meeting on computer and on mobile device where they won’t be able to dial out or dial-in and yet they will hear audio since the “Broadcast Telephony audio” is enabled.

 

Image-4  

 

Special Note : 

If there are any users who have any confusion due to the audio broadcast for users who have dial-out disabled, they can add a note into a Note pod instructing people that they will hear only audio but cannot dial out or dial in.