Adobe Acrobat

bjohn · November 24, 2023, 12:17:22 PM

Even though the Adobe Acrobat command line says no reboot, we are finding that it's prompting for a reboot. Anyone else seeing this?
Adobe Acrobat DC Continuous Update 23.006.20380 (x64)

Raunak Desai (Patch My PC) · November 27, 2023, 12:11:20 AM

Hey Bjohn,

Let me check this internally if we have similar cases around this.

Regards,
Raunak

Raunak Desai (Patch My PC) · November 27, 2023, 12:18:11 AM

Hey Bjohn,

Also, can you please share the logs from one of the affected machine.

When troubleshooting Intune application installation errors on a client, we will need multiple client logs. Please include the following logs:

%ProgramData%\PatchMyPCIntuneLogs\PatchMyPC-ScriptRunner.log

This may be found in the %ProgramData%\PatchMyPC\ if the Install was initiated by the user from Company Portal.

%ProgramData%\PatchMyPCIntuneLogs\PatchMyPC-SoftwareDetectionScript.log
%ProgramData%\PatchMyPCIntuneLogs\PatchMyPC-SoftwareUpdateDetectionScript.log
%ProgramData%\Microsoft\IntuneManagementExtension\Logs\AgentExecutor.log
%ProgramData%\Microsoft\IntuneManagementExtension\Logs\IntuneManagementExtension.log
%ProgramData%\PatchMyPC\PatchMyPC-UserNotification.log
%ProgramData%\PatchMyPC\UISettings\UINotificationSettings.xml

Note: Some Patch My PC log files listed above may be found in %WinDir%\CCM folder if that folder exists.

Raunak Desai (Patch My PC) · November 27, 2023, 03:48:28 AM

There is an on-going issue with Adobe's CDN where the following URL downloads a different file in some parts of the world:

https://ardownload2.adobe.com/pub/adobe/acrobat/win/AcrobatDC/2300620380/AcrobatDCx64Upd2300620380.msp

Analysing the files downloaded in the US compared with the UK seems to suggest both files are identical, however the non-US .msp file has an invalid digital signature.

They're both signed with the same code signing certificate by Adobe, so we don't believe there is cause for concern and it is likely a mistake in Adobe's release pipeline. It's unclear why the digital signature is invalid in the non-US file, however, in any case the SHA256 value is different between the two files.

As part of our security validation process built into the Patch My PC Publisher, all packages published must pass hash validation before publishing the package into your environment/tenant. As Adobe's CDN is distributing a different file globally, some customers may experience a failure publishing the product "Adobe Acrobat DC Continuous (x64)" with the below error in PatchMyPC.log, or email or webhook alerts:

The hash of file downloaded is different than the file hash in our catalog. Hash errors happen when vendors release updates that aren't available in our catalog yet. This error should be resolved in the next catalog update. It could also have been induced by a firewall issue. Additional details:Hash from catalog [62Xvv9aL+eg2kDtlpFvdgVoXWtU=] doesn't match downloaded update hash of [Z2tLMqHBX3N47QnuNwewYccuqTY=]

We have notified Adobe of the issue in a support thread on their forum: Invalid digital signature on AcrobatDCx64Upd230062... - Adobe Community - 14246103 - kindly upvote, comment, or if you have the means to, escalate this thread to an Adobe contact.

In the mean time, you can workaround this by downloading the correct AcrobatDCx64Upd2300620380.msp (with the valid digital signature) using the below link hosted on our OneDrive and publishing it using your local content repository. Please make sure you have the option enabled to "Check the local content repository for content files before attempting to download content files from the Internet."

https://patchmypc-my.sharepoint.com/:u:/p/adam/EVTWVpoDBuFAitz7oJd4Sp4BNPuhkrRbc2xm-oOY6Q6-aA?e=9HV9o9

Andrew Jimenez (Patch My PC) · November 27, 2023, 12:06:30 PM

With regards to the reboot even though REBOOT=ReallySuppress has been set: Setting REBOOT=ReallySuppress only prevents the app/update from forcing a reboot on the endpoint, it does not negate the need for a reboot. A 3010 exit code is still provided to ConfigMgr/Intune, and those tools will determine if or when a reboot occurs.

You can set the deployment in either ConfigMgr or Intune to show no notifications, and this should prevent the reboot notification from appearing on the endpoints.

bjohn · November 27, 2023, 12:45:01 PM

OK, you are talking about the device restart behavior, correct?

Andrew Jimenez (Patch My PC) · November 27, 2023, 12:48:44 PM

Correct, the device restart behavior should be able to suppress the reboot that the update asks for.

lalanderj · March 14, 2024, 01:00:07 PM

The issue with Adobe Acrobat hash issue was also there in January 2024 and February 2024. I still have it for March 2024 (PMPC-2024-03-13)

Target computer is constantly downloading the source files, returning an file hash error and then re-downloading again.

It does not do that for targets downloading from an on-premise DP or from the CMG on internet only but it does that for a download from CMG while connected to the VPN through a split tunnel.

Where can we get the PMPC-2024-03-13 sources from?