0

downloads from adobe creative cloud blocked

Hi,

since I have installed NextDNS on Unifi USG, I can not download from sources like:

Adobe - update Creative Cloud Applications interrupts with an SSL Error. Adobe Error 113

Capture One - download interrupts immediately with an network error, assume SSL Error as well.

When I change the DNS to Google 8.8.8.8 on my Client both downloads are possible without issues.

Any idea where and what I can change in the NextDNS Settings on Webpage or Router?

I added all the adobe and capture one and phaseone pages to the allow section, but without success.

Thx for everyone who can support me there in advance.

Regards

Christian

6 replies

null
    • John_DeCarlo
    • 3 yrs ago
    • Reported - view

    Adobe Creative Cloud Network Endpoints

    https://helpx.adobe.com/enterprise/kb/network-endpoints.html

    Introduction

    This document contains lists of network endpoints for websites and specific services that are offered as part of Adobe Creative Cloud. The server and domains listed in this document must be accessible on ports 80 and 443 for the relevant applications and services to function correctly.

    Download network endpoints

    Download text file of CCE Network endpoints

    Adobe regularly updates the network endpoints detailed in this document. You will need the updated set of endpoints to ensure uninterrupted access to the various Adobe apps and services provided to the end users in your organization.

    Allowlist

    *.adobesc.com
    *.licenses.adobe.com
    *.adobelogin.com
    *.ftcdn.net
    *.behance.net
    *.adobedtm.com
    *.demdex.net
    *.demandbase.com
    *.adobeoobe.com
    *.macromedia.com
    adbemdigitalmediarebootprod2.112.2o7.net
    *.edgefonts.net
    *.adobejanus.com
    *.adobeccstatic.com
    *.adobess.com
    *.photoshop.com
    *.adobeexchange.com
    *.adobecce.com
    *.businesscatalyst.com
    *.worldsecuresystems.com
    *.digicert.com
    *.adobe.com
    *.adobe.io
    *.adobecc.com
    fonts.adobe.com
    *.typekit.net
    *.typekit.com
    *.omtrdc.net
    *.adobetag.com
    *.acrobat.com
    *.adobesign.com
    *.adobesigncdn.com
    *.echosign.com
    *.echocdn.com
    *.bam.nr-data.net
    *.cookielaw.org
    *.newrelic.com
    *.onetrust.com
    *.adbecrsl.com
    *.creativecloud.com
    adobe.ly
    *.adobeku.com
    *.symantec.com
    *.thawte.com
    *.geotrust.com
    *.omniroot.com
    *.verisign.com
    *.globalsign.com
    *.godaddy.com
    *.ctldl.windowsupdate.com
    *.symcb.com
    *.symcd.com
    *.omniture.com
    cc-api-cp.adobe.io
    s3*.amazonaws.com
    indd.adobe.com
    api.account.adobe.com
    account.adobe.com/
    accounts.adobe.com
    ccext.adobe.io/**
    ccext-public.adobe.io/**
    ccext-cdn.adobecces.com/**
    cc-ext-prod-pkgs.s3.amazonaws.com/
    scproxy-prod.adobecc.com
    cc-collab.adobe.io
    comments.adobe.io
    sharedcloud-production*.s3.amazonaws.com
    acpprodva7apollo.blob.core.windows.net/acp-prod-va7-data*
    cc-api-storage.adobe.io
    assets.adobe.com
    assets2.adobe.com
    helpx.adobe.com
    use.typekit.net
    adobeexchange.com
    polka.typekit.com
    wwwimages2.adobe.com
    sstats.adobe.com
    assets.adobedtm.com
    cdn.tt.omtrdc.net
    api.demandbase.com
    dpm.demdex.net
    cc-api-image.adobe.io/createagc
    cc-api-image-x.adobe.io/agctosvg
    stock.adobe.com
    *.astockcdn.net
    ims-na1.adobelogin.com
    adobeid-na1.services.adobe.com
    cc-api-assets.adobe.io
    a3.behance.net
    a5.behance.net
    api.behance.net
    adobe.demdex.net
    adobe.tt.omtrdc.net
    as.ftcdn.net
    as1.ftcdn.net
    as2.ftcdn.net
    p.typekit.net
    store1.adobe.com
    adobe.com
    bam.nr-data.net
    *s3*.amazonaws.com
    bat.bing.com
    c.betrad.com
    c.evidon.com
    googleads.g.doubleclick.net
    js-agent.newrelic.com
    snap.licdn.com
    www.everestjs.net
    www.facebook.com
    www.googleadservices.com
    www.googletagmanager.com
    match.prod.bidr.io
    scripts.demandbase.com
    cdn.inpwrd.net
    ct.pinterest.com
    d9.flashtalking.com
    pixel.quantserve.com
    fls.doubleclick.net
    api.typekit.com
    use.edgefonts.net
    ocsp.verisign.com
    adobetag.com
    ocsp.globalsign.com/rootr1
    ans.oobesas.adobe.com
    api.adobe.io
    adobeexchange.com/api
    api-cna01.adobe-services.com
    supportanyware.adobe.io
    www.adobe.com
    lcs-cops.adobe.io
    genuine.adobe.com
    prod.adobegenuine.com
    gocart-web-prod-*.elb.amazonaws.com
    na1e.services.adobe.com
    ims-prod06.adobelogin.com
    ims-prod07.adobelogin.com
    na1e-acc.services.adobe.com
    na1r.services.adobe.com
    ams.adobe.com
    oobe.adobe.com
    federatedid-na1.services.adobe.com
    awcm177.awmdm.com
    adobelogin.prod.ims.adobejanus.com
    services.prod.ims.adobejanus.com
    www-prod.adobesunbreak.com
    *.okta.com
    *.oktacdn.com
    *.oktapreview.com
    auth.services.adobe.com
    ccmdls.adobe.com
    ccmdl.adobe.com
    *.oobesaas.adobe.com
    mir-s3-cdn-cf.behance.net
    swupmf.adobe.com
    swupdl.adobe.com
    prod.acp.adobeoobe.com
    lm.licenses.adobe.com
    exception.licenses.adobe.com
    cs.licenses.adobe.com
    pubcerts.licenses.adobe.com
    *.productrouter.adobe.com
    workflow.licenses.adobe.com
    resources.licenses.adobe.com
    s3.amazonaws.com
    ffc-icons.oobesaas.adobe.com
    cdn-ffc.oobesaas.adobe.com/*
    acc.adobeoobe.com
    armmf.adobe.com
    ardownload.adobe.com
    ardownload2.adobe.com
    agsupdate.adobe.com
    amazonaws.com
    adobe.io
    cc-api-sharedproductions-prerelease.adobe.io
    cc-api-teamprojects.adobe.io
    cc-api-teamprojects-ue1.adobe.io
    cc-api-teamprojects-ew1.adobe.io
    cc-api-teamprojects-an1.adobe.io
    docs.aws.amazon.com/general/latest/gr/
    rande.html#s3_region
    creative.adobe.com
    spark.adobe.com
    myportfolio.com
    Behance.net.
    prosite.com
    story.adobe.com
    build.phonegap.com
    typekit.com
    use.typekit.com
    data.typekit.net
    state.typekit.net
    polka.typekit.net
    dnzuu5synxxfk.cloudfront.net
    businesscatalyst.com
    digitalpublishing.acrobat.com
    color.adobe.com
    Acrobat.com
    acrobat.com
    echosign.adobe.com
    adminconsole.adobe.com
    *.services.adobe.com
    lcs-entitlement.adobe.io/v1/user
    lcs-entitlement.adobe.io/v1/trial
    lcs-robs.adobe.io
    lcs-entitlement.adobe.io
    lcs-ulecs.adobe.io
    licensing.adobe.com
    wwwimages.adobe.com
    store.adobe.com
    store2.adobe.com
    store3.adobe.com
    photoshop.com
    access.imageclub.com
    play.google.com
    www.flickr.com
    chrome.google.com
    soundcloud.com
    www.freedb.org
    developer.apple.com
    subversion.tigris.org
    www.ietf.org
    framework.zend.com
    twitter.com
    www.microsoft.com
    ftp.yourdomain.com
    www.amazon.com
    www.mp3licensing.com
    itunes.apple.com
    www.apple.com
    www.python.org
    jquerymobile.com
    www.color.org
    www.rulesforuse.org
    maps.google.com
    www.eclipse.org
    www.shutterfly.com
    msdn.microsoft.com
    www.zoomify.com
    www.evidon.com
    www.betrad.com
    *.uservoice.com
    • Ruby_Balloon
    • 3 yrs ago
    • Reported - view

    https://helpx.adobe.com/x-productkb/policy-pricing/activation-network-issues.html#test-connection

    The Adobe activation server for Creative Cloud/CS6 might be blocked. For starters, try whitelisting the following Adobe license domain

    lm.licenses.adobe.com

      • Christian_Eigner
      • 3 yrs ago
      • Reported - view

      Ruby Balloon Hi Greg,

      thx a lot that was it for Adobe.

      I have no entries in the protocol that this server was blocked, added it now to the allow list and no more errors from the creative cloud 😀

      Guess for Capture One that would be same. Start now to discover the server which they use.

      Thx

      Christian 

    • Christian_Eigner
    • 3 yrs ago
    • Reported - view

    ok, I have access to the activation server from phaseone.

    No clue, what else could be the issue. This is the download link and I can see here nothing special.

    https://www.captureone.com/en/account/download/confirmation?os=Mac

    Domain captureone.com is added to allow-list. Looks like there is a SSL issue.

    In Capture One forum there is a thread regarding that topic and the solution is on Windows:

    This kind of problem concerns the TLS 1.2 protocol that is not enabled by default on Windows 7, Windows Vista, and Windows XP.

    As our security system uses TLS 1.2 protocol, creating a secure SSL/TLS is not possible when a client has such a security protocol as TLS 1.0, for instance.

    Is there a setting in NextDNS for that? 

    What could I try next?

    Thx in advance

    Christian

      • olivier
      • 3 yrs ago
      • Reported - view

      Christian Eigner NextDNS does not and will not support TLS version under 1.2 for obvious security reason. This can cause issue to old Windows versions when block page is enabled. You can try disabling the block page feature.

      • Christian_Eigner
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey Hi Olivier,

      thats ok and Capture One use TSL 1.2.  When I disable NextDNS and use 8.8.8.8 as DNS Server, I can do downloads from Capture One. Switch back to NextDNS, I get the SSL Error. So must have to do with a setting in NextDNS, but I don't know which one.

      I use the default NextDNS View & Tracking list as Blacklist. When I remove that, how long should I wait to test it again?

      To be sure, I'm working on a Macbook with Big Sur and newest updates not with windows.

      Regards

      Christian 

Content aside

  • 3 yrs agoLast active
  • 6Replies
  • 533Views
  • 3 Following