0

downloads from adobe creative cloud blocked

Hi,

since I have installed NextDNS on Unifi USG, I can not download from sources like:

Adobe - update Creative Cloud Applications interrupts with an SSL Error. Adobe Error 113

Capture One - download interrupts immediately with an network error, assume SSL Error as well.

When I change the DNS to Google 8.8.8.8 on my Client both downloads are possible without issues.

Any idea where and what I can change in the NextDNS Settings on Webpage or Router?

I added all the adobe and capture one and phaseone pages to the allow section, but without success.

Thx for everyone who can support me there in advance.

Regards

Christian

6 replies

null
    • John_DeCarlo
    • 3 yrs ago
    • Reported - view

    Adobe Creative Cloud Network Endpoints

    https://helpx.adobe.com/enterprise/kb/network-endpoints.html

    Introduction

    This document contains lists of network endpoints for websites and specific services that are offered as part of Adobe Creative Cloud. The server and domains listed in this document must be accessible on ports 80 and 443 for the relevant applications and services to function correctly.

    Download network endpoints

    Download text file of CCE Network endpoints

    Adobe regularly updates the network endpoints detailed in this document. You will need the updated set of endpoints to ensure uninterrupted access to the various Adobe apps and services provided to the end users in your organization.

    Allowlist 

    *.adobesc.com
*.licenses.adobe.com
*.adobelogin.com
*.ftcdn.net
*.behance.net
*.adobedtm.com
*.demdex.net
*.demandbase.com
*.adobeoobe.com
*.macromedia.com
adbemdigitalmediarebootprod2.112.2o7.net
*.edgefonts.net
*.adobejanus.com
*.adobeccstatic.com
*.adobess.com
*.photoshop.com
*.adobeexchange.com
*.adobecce.com
*.businesscatalyst.com
*.worldsecuresystems.com
*.digicert.com
*.adobe.com
*.adobe.io
*.adobecc.com
fonts.adobe.com
*.typekit.net
*.typekit.com
*.omtrdc.net
*.adobetag.com
*.acrobat.com
*.adobesign.com
*.adobesigncdn.com
*.echosign.com
*.echocdn.com
*.bam.nr-data.net
*.cookielaw.org
*.newrelic.com
*.onetrust.com
*.adbecrsl.com
*.creativecloud.com
adobe.ly
*.adobeku.com
*.symantec.com
*.thawte.com
*.geotrust.com
*.omniroot.com
*.verisign.com
*.globalsign.com
*.godaddy.com
*.ctldl.windowsupdate.com
*.symcb.com
*.symcd.com
*.omniture.com
cc-api-cp.adobe.io
s3*.amazonaws.com
indd.adobe.com
api.account.adobe.com
account.adobe.com/
accounts.adobe.com
ccext.adobe.io/**
ccext-public.adobe.io/**
ccext-cdn.adobecces.com/**
cc-ext-prod-pkgs.s3.amazonaws.com/
scproxy-prod.adobecc.com
cc-collab.adobe.io
comments.adobe.io
sharedcloud-production*.s3.amazonaws.com
acpprodva7apollo.blob.core.windows.net/acp-prod-va7-data*
cc-api-storage.adobe.io
assets.adobe.com
assets2.adobe.com
helpx.adobe.com
use.typekit.net
adobeexchange.com
polka.typekit.com
wwwimages2.adobe.com
sstats.adobe.com
assets.adobedtm.com
cdn.tt.omtrdc.net
api.demandbase.com
dpm.demdex.net
cc-api-image.adobe.io/createagc
cc-api-image-x.adobe.io/agctosvg
stock.adobe.com
*.astockcdn.net
ims-na1.adobelogin.com
adobeid-na1.services.adobe.com
cc-api-assets.adobe.io
a3.behance.net
a5.behance.net
api.behance.net
adobe.demdex.net
adobe.tt.omtrdc.net
as.ftcdn.net
as1.ftcdn.net
as2.ftcdn.net
p.typekit.net
store1.adobe.com
adobe.com
bam.nr-data.net
*s3*.amazonaws.com
bat.bing.com
c.betrad.com
c.evidon.com
googleads.g.doubleclick.net
js-agent.newrelic.com
snap.licdn.com
www.everestjs.net
www.facebook.com
www.googleadservices.com
www.googletagmanager.com
match.prod.bidr.io
scripts.demandbase.com
cdn.inpwrd.net
ct.pinterest.com
d9.flashtalking.com
pixel.quantserve.com
fls.doubleclick.net
api.typekit.com
use.edgefonts.net
ocsp.verisign.com
adobetag.com
ocsp.globalsign.com/rootr1
ans.oobesas.adobe.com
api.adobe.io
adobeexchange.com/api
api-cna01.adobe-services.com
supportanyware.adobe.io
www.adobe.com
lcs-cops.adobe.io
genuine.adobe.com
prod.adobegenuine.com
gocart-web-prod-*.elb.amazonaws.com
na1e.services.adobe.com
ims-prod06.adobelogin.com
ims-prod07.adobelogin.com
na1e-acc.services.adobe.com
na1r.services.adobe.com
ams.adobe.com
oobe.adobe.com
federatedid-na1.services.adobe.com
awcm177.awmdm.com
adobelogin.prod.ims.adobejanus.com
services.prod.ims.adobejanus.com
www-prod.adobesunbreak.com
*.okta.com
*.oktacdn.com
*.oktapreview.com
auth.services.adobe.com
ccmdls.adobe.com
ccmdl.adobe.com
*.oobesaas.adobe.com
mir-s3-cdn-cf.behance.net
swupmf.adobe.com
swupdl.adobe.com
prod.acp.adobeoobe.com
lm.licenses.adobe.com
exception.licenses.adobe.com
cs.licenses.adobe.com
pubcerts.licenses.adobe.com
*.productrouter.adobe.com
workflow.licenses.adobe.com
resources.licenses.adobe.com
s3.amazonaws.com
ffc-icons.oobesaas.adobe.com
cdn-ffc.oobesaas.adobe.com/*
acc.adobeoobe.com
armmf.adobe.com
ardownload.adobe.com
ardownload2.adobe.com
agsupdate.adobe.com
amazonaws.com
adobe.io
cc-api-sharedproductions-prerelease.adobe.io
cc-api-teamprojects.adobe.io
cc-api-teamprojects-ue1.adobe.io
cc-api-teamprojects-ew1.adobe.io
cc-api-teamprojects-an1.adobe.io
docs.aws.amazon.com/general/latest/gr/
rande.html#s3_region
creative.adobe.com
spark.adobe.com
myportfolio.com
Behance.net.
prosite.com
story.adobe.com
build.phonegap.com
typekit.com
use.typekit.com
data.typekit.net
state.typekit.net
polka.typekit.net
dnzuu5synxxfk.cloudfront.net
businesscatalyst.com
digitalpublishing.acrobat.com
color.adobe.com
Acrobat.com
acrobat.com
echosign.adobe.com
adminconsole.adobe.com
*.services.adobe.com
lcs-entitlement.adobe.io/v1/user
lcs-entitlement.adobe.io/v1/trial
lcs-robs.adobe.io
lcs-entitlement.adobe.io
lcs-ulecs.adobe.io
licensing.adobe.com
wwwimages.adobe.com
store.adobe.com
store2.adobe.com
store3.adobe.com
photoshop.com
access.imageclub.com
play.google.com
www.flickr.com
chrome.google.com
soundcloud.com
www.freedb.org
developer.apple.com
subversion.tigris.org
www.ietf.org
framework.zend.com
twitter.com
www.microsoft.com
ftp.yourdomain.com
www.amazon.com
www.mp3licensing.com
itunes.apple.com
www.apple.com
www.python.org
jquerymobile.com
www.color.org
www.rulesforuse.org
maps.google.com
www.eclipse.org
www.shutterfly.com
msdn.microsoft.com
www.zoomify.com
www.evidon.com
www.betrad.com
*.uservoice.com
    • Ruby_Balloon
    • 3 yrs ago
    • Reported - view

    https://helpx.adobe.com/x-productkb/policy-pricing/activation-network-issues.html#test-connection

    The Adobe activation server for Creative Cloud/CS6 might be blocked. For starters, try whitelisting the following Adobe license domain

    lm.licenses.adobe.com

      • Christian_Eigner
      • 3 yrs ago
      • Reported - view

      Ruby Balloon Hi Greg,

      thx a lot that was it for Adobe.

      I have no entries in the protocol that this server was blocked, added it now to the allow list and no more errors from the creative cloud 😀

      Guess for Capture One that would be same. Start now to discover the server which they use.

      Thx

      Christian 

    • Christian_Eigner
    • 3 yrs ago
    • Reported - view

    ok, I have access to the activation server from phaseone.

    No clue, what else could be the issue. This is the download link and I can see here nothing special.

    https://www.captureone.com/en/account/download/confirmation?os=Mac

    Domain captureone.com is added to allow-list. Looks like there is a SSL issue.

    In Capture One forum there is a thread regarding that topic and the solution is on Windows:

    This kind of problem concerns the TLS 1.2 protocol that is not enabled by default on Windows 7, Windows Vista, and Windows XP.

    As our security system uses TLS 1.2 protocol, creating a secure SSL/TLS is not possible when a client has such a security protocol as TLS 1.0, for instance.

    Is there a setting in NextDNS for that? 

    What could I try next?

    Thx in advance

    Christian

      • olivier
      • 3 yrs ago
      • Reported - view

      Christian Eigner NextDNS does not and will not support TLS version under 1.2 for obvious security reason. This can cause issue to old Windows versions when block page is enabled. You can try disabling the block page feature.

      • Christian_Eigner
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey Hi Olivier,

      thats ok and Capture One use TSL 1.2.  When I disable NextDNS and use 8.8.8.8 as DNS Server, I can do downloads from Capture One. Switch back to NextDNS, I get the SSL Error. So must have to do with a setting in NextDNS, but I don't know which one.

      I use the default NextDNS View & Tracking list as Blacklist. When I remove that, how long should I wait to test it again?

      To be sure, I'm working on a Macbook with Big Sur and newest updates not with windows.

      Regards

      Christian 

Login to reply

Content aside

  • 3 yrs agoLast active
  • 6Replies
  • 409Views
  • 3 Following