Adobe Connect Support Blog

Updated December 20, 2021

Suppress LDAP Lookup In Log4j in Adobe Connect

Updated: 12/20/2021

Since the writing of this article, Adobe Connect engineering has released the following patch which addresses the Log4j issues: https://www.adobe.com/go/Connect11_log4j

The patch listed above supersedes the procedure listed below. This is an evolving concern; the procedure below was the first response and the patch above a subsequent remediation.

We recommend you apply the following configuration change on your Adobe Connect servers immediately. We’re applying this configuration change ourselves now on all Adobe Connect Hosted and ACMS clusters. The change fully addresses an emerging log4j issue.  It requires a full system restart of Adobe Connect to implement.  Do this on all Adobe Connect servers and restart. 

Note: Please be careful of using copy/paste from this article; it may not format correctly.  Please confirm syntax when pasting. And always make a backup copy of any files before editing.

Here are the steps that need to be done on all Adobe Connect origin servers, (not on AEM, ACTS, etc). A restart is of Adobe Connect is needed:

For Adobe Connect, target the following two files:

1\ CPS wrapper service config – appserv/conf/ConnectProSvc.conf –> add the following java system property line after the current line with index “.63”

wrapper.java.additional.63=-Dlog4j2.contextSelector=org.apache.logging.log4j.core.async.AsyncLoggerContextSelector
wrapper.java.additional.65=-Dlog4j2.formatMsgNoLookups=true

2\ TelSvc wrapper service config –> TelephonyService\conf2\ TelSvc wrapper service config –> TelephonyService\conf\TelephonyService.conf –> add the following java system property line after the current line with index “.56”

wrapper.java.additional.55=-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager
wrapper.java.additional.56=-Dlibrary.service=WIN32
wrapper.java.additional.57=-Dlog4j2.formatMsgNoLookups=true

In case there is any clash with existing indexes above (65 or 57) for some reason, please choose a non-conflicting one. A service restart will be required afterwards.

To be clear, only the following config is needed:

-Dlog4j2.formatMsgNoLookups=true

In the wrapper service config file, it needs to be added to the block that has the comment “# System property definitions… with the next higher index so as to not clash.

      wrapper.java.additional.xx=‐Dlog4j2.formatMsgNoLookups=true

“xx” should be higher than the last index in that block. If it is 63 then simply add 64 or 65 or something like that. If it is 56 they can add 57 or 58 or something like that. Be sure to not comment out anything else. The “AsyncLoggerContextSelector” etc. was just added in the post as a placeholder for example; if you do not already have that then do not add it.

Clustering, General, Install, LDAP, Meeting, Security, SSL, Technotes, Uncategorized

Join the discussion

  • By Matthew Cervi - 7:27 AM on December 17, 2021  

    Are there plans to release a patch for Adobe Connect with log4j 2.16 or later soon?

    • By Matthew Cervi - 10:57 AM on December 20, 2021  

      Update: Adobe released updated files on 12/18.

    • By Frank DeRienzo - 11:30 AM on December 20, 2021  

      The patch is here for on-premise Adobe Connect servers: https://www.adobe.com/go/Connect11_log4j All SaaS hosted is patched. Note: Adobe Connect versions prior to 10.1 are not vulnerable since they use log4j 1.x.