Details for the NATIVE_ERROR notification

Native error code from the AVE.

These codes represent the following:

• DRM errors (codes 3300 to 3367). These are the same as the equivalent Flash Player error codes
• Video playback errors (-1 to 89)
• Cryptography errors (300 to 307)

Position (in milliseconds) sought (double).

• What the distributor's software should do:
  • If you are using Google Chrome, and you are in Incognito mode, and your Flash Player version is less than 11.6, this error might occur.

    We recommend that the player check the browser's version number and advise the user to exit Incognito mode.

  • Request the license again.

    If the request is successful, you do not need to log or escalate. If the request is unsuccessful, log the content that caused the error. subErrorId contains a line error if present.

• What the distributor should do:
  • If retries are unsuccessful on configurations other than Chrome with Flash less than version 11.6, a failure might have occurred in the packaging.
  • Check whether the issue is specific to certain content and repackage.

The server failed to authenticate or authorize the client.

• The distributor's software should take any action necessary to re-establish user's credentials or guide the user to acquire access to the content.
• The distributor should confirm that distributor's authorization and authentication mechanism is working correctly.

  If the distributors are not planning to use the authentication or authorization features, they should check whether the policy of the offending content requires authentication and see Diagnosing policy / license discrepancies.

For more information about this error code, see DRM error 3301 causes and resolution.

On Access 4.0 and above, this error is thrown on iOS when the remote key URL does not use HTTPS as the scheme. HTTPS is required.

• If distributor is using a version older than Access v4, or the version at least 4 but the platform is not iOS, the distributor's software should log the error.

  The error is thrown only on iOS.

• If the distributor's software is at least Adobe Access version 4, and the platform is iOS, distributors must change the remote key server URL that they are using to HTTPS.

  If they were only using HTTP, distributors might have to set up an HTTPS server. Otherwise, the distributors need to submit the logged information to Adobe and escalate the issue.

The content you are viewing has expired according to the rules set by the content provider. subErrorId contains a client-specific error or line error.

• The distributor's software should attempt to reacquire license from the server once to determine whether a new non-expired license is available.

  If no license is available or the license has expired, allow the user to acquire new license, or inform user that the content cannot be watched.If the content has been packaged with a policy that has a lapsed expiration/end date, the license server logs report a PolicyEvaluationException and state that the Policy End Date has lapsed (Server Error code 303). Check the server's log files to verify.

  If possible, customers should check the policy that they used during packaging to see whether it has expired. The Java command line tool is: java -jar libs/AdobePolicyManager.jar   detail demo.pol

• The distributor should confirm whether license expiration dates are configured as intended.

For more information about this error code, see 3303 (Content Expired) with AMS/FMS using a Live Stream?.

The connection to the license or domain servers timed out, either due to network delay or the client being offline. Normally subErrorId contains HTTP return code.

• The distributor's software should attempt a network connection to a known good server.

  If the attempt fails, prompt the user to reconnect to the network. If the attempt is successful, log it.

• The distributor should verify that any license and domain servers in use are online and visible from the client's network.

For more information about this error code, see DRM 3305 [ServerConnectionFailed] causes and resolution.

The current client cannot complete the requested action, but an updated client might be able to complete the request.

This can have several causes:

• A shared domain was used that is not available on this client. This is likely the case when playback works on Chrome, but not any other browser and vice versa.

  Tip: Chrome uses a different PHDS/PHLS key than the other browsers use. For more information, see https://adobeprimetime.zendesk.com/agent/tickets/2891.

• The application is trying to add multiple DRMSessions when running on an iOS version that is earlier than 5.0.
• The metadata has a version of 3 or higher when only version 2 is supported.

• The distributor's software should alert the user and abort the operation.

  If the software has a way of determining whether an upgrade is available, direct the user to that upgrade in the appropriate manner for the platform.

• If the issue occurs because of a shared domain, the distributor will need to check with Adobe for an updated runtime or library.

  For Flash runtime, the distributor can force the upgrade in their application directly. In the case of a library, the distributor will need to obtain an updated library, rebuild their application and deploy it to their users.

  If the issue occurs because of multiple DRMSessions, the distributor will need to update their application to check the iOS version number prior to adding multiple DRMSessions. Or they can restrict distribution of their application to iOS v5 and above.

  if the issue occurs because the metadata version is higher than version 2, the issue is probably corrupted metadata. They can try rebuilding the metadata and looking at the results. If they continue to see the problem, log the issue and escalate to Adobe.

For more information about this error code, see How to remedy a 3306 DRMErrorEvent Error Code

This generally represents a bug in Adobe Access code and is unexpected, unless there's a known bug, as below. subErrorId contains a client-specific error or line error.

• If the browser is Chrome on Windows and Flash version is 11.6 (SWF version 19 or greater), the distributor's software should assume that the user pressed Deny on the infobar and treat the same as a 3368.
• If 3307 occurs when browser is not Chrome or Flash version is not 11.6, the distributor should escalate to Adobe.

Important: 3307:1107296344 (FailedToGetBrokerHandle) might happen with Chrome browser versions 24-28.

This error is throw whenever the license being used contains the wrong key to decrypt the content. subErrorId contains a client-specific error or line error.

There seem to only be two ways of generating this bug:

• The customer has modified the standard Adobe tooling for generating licenses (for example, the licenser server Java framework).

  In this case, the license contains a bad key which might not correspond to any content.

• The customer has issued multiple licenses with the same license ID.

  In this case, there are multiple licenses that are available on the client that match the content metadata and the Access code has selected the wrong one for use.

• The distributor's software should attempt to reacquire license from the server.
  • If no license is available or license is expired, provide workflow for user to acquire new license, or inform user that the content cannot be watched and log the issue.
  • If this was a domain bound content (for AIR), provide a way for the user to join the domain.
• The distributor should:
  • Verify that they have not customized the license issuance portions of the Access License server.
  • Verify that they are issuing unique license IDs for all licenses.
  • Escalate the issue with Adobe.

This will occur if the header is larger than 65536 bytes.

• The distributor's software should Log which piece of content caused the error.
• The distributor should confirm that error is reproducible with specific pieces of content. Repackage broken content.

The correct AIR application or Flash SWF is not being used.

This issue occurs when the system cannot write to the file system. subErrorId contains a client-specific error or line error.

On Microsoft Windows, error 3313 might be thrown by Active X or NPAPI plug flash player when the encrypted content has a licenseID or a policyID that is too long. This is because of the maximum path length in Windows. (Pepper plugin does not have this problem.)

See watson 3549660

• The distributor's software should prompt the user to confirm that their user directory is not locked nor on a volume that is full or locked.
• If the distributor is using AIR, rather than Flash, the issue might be caused by a path length limitation.

  Distributors should shorten the name of their AIR applicaiton to something reasonable. Also, publish contents again with a shorter licenseID and a policyID.

This error often indicates that the content was packaged with test PKI certs, and the player is built with production PKI or vice versa. subErrorId contains a client-specific error or line error.

• The distributor's software should log which piece of content caused the error.
• The distributor should confirm that the error is reproducible with specific pieces of content.

  You might have to repackage broken content.

There are known bugs in which this error code is thrown when a 3305 is intended. For more information, see DRM 3305 [ServerConnectionFailed] causes and resolution.

Remote SWF loaded by AIR is not allowed to access Flash Access functionality. This error code can also be thrown if a security error occurs during network access. Examples include the destination server does not the client to connect by using crossdomain.xml, or the crossdomain.xml is not reachable.

For more information, see DRM error 3315 possible root cause and resolution.

Important: This is a rare error and usually does not occur in a production environment.

If the error does occur, you can do one of the following:

• If you are using AIR, reinstall it.
• If you are using Flash Player, download the AdobeCP modules again.

The process of provisioning the client with keys failed. subErrorId contains a client-specific, server-specific or line error.

• The distributor's software should retry the operation at least once.

  If you are using Google Chrome on Windows, provide an explanation about how to allow plugin access that is not in a sandbox. Google Chrome's unsandbox access denied.

• The distributor should complete one of the following tasks:
  • If the error is consistent across platforms, you should escalate the issue with Adobe.
  • If the error is confined to Chrome on Windows, guide the user to allow unsandboxed plugin access.

  Distributors should update their SWF to version 19 or later, and the Chrome-specific 3321 error, a 3368 error is thrown. Error 3368 can be handled more specifically by the distributor's software. This change was introduced in Chrome Stable channel version 26.0.1410.43.

  Tip: Error 3321:1090519056 might happen with Flash Player versions 11.1 to 11.6. We recommend that you upgrade to the latest Flash Player version.

For more information, see DRM error 3321 Causes & Resolution.

The device does not appear to match the configuration that was present when initialized. subErrorId contains a client-specific or line error.

The distributor's software should complete one of the following tasks:

• If the device is not using Flash Player, and is using AIR, iOS, and so on, call DRMManager.resetDRMVouchers().

  If the issue occurs on iOS in a development phase, ask the developer to confirm whether the issue is observed when switching between builds that were downloaded from third-party, pre-release distribution systems (for example, HockeyApp) and a local build from Xcode. Attributes of a previous installation are not entirely overwritten when switching between a build distributed from HockeyApp and a build from Xcode. This situation might trigger the 3322 error.

  To resolve this issue, the developer should remove the older build from the device before installing the new build.

• If the device is using Flash Player, and it is unusable from a 3322 or 3346 error codes, see the instructions from Adobe about how to programmatically reset your DRM license store on DRM Error 3322/3346/3368 in Chrome (Info-Bar Problems).

This error is not expected to occur frequently. In corporate environments that uses roaming profiles, if a user was viewing content that is protected by DRM, the chances error 3322 occurring increases as the user logs in from different machines. If possible, distributor should try to get this information from user.

If the error occurs frequently, escalate to Adobe. You must notify Adobe whether resetting license store did (or did not) solve the problem and tell Adobe on which browsers the error is occurring.

For more information, see the following articles:

• https://forums.adobe.com/message/5520902
• https://forums.adobe.com/message/5535911
• https://forums.adobe.com/message/5748618
• https://forums.adobe.com/message/6061165

Files used by the DRM client have been modified unexpectedly. subErrorId contains a client-specific or line error.

• The distributor's software should guide the user to reset in the same way as for 3322.
• If the GlobalStore is failing at a rate greater than the expected failure rate of the hard drives of your user base, escalate the issue to Adobe.

The license server might not be able to connect to the Certificate Revocation List (CRL) server to refresh its CRL files, or the client machine is requesting a license/authentication that has been revoked by the license server.

In the server logs, an error code 111 is MachineTokenInvalid. However, at the client level, error code 111 is translated to error code 3324.

The DRM license server administrator should check whether the customer's license server has ever been able to retrieve the Adobe CRL files. If the customer is using Tomcat, the customer can check the tomcat/temp/ directory to see whether there are 4 CRL files.

• If the files are in this directory, double-click the files in Windows Explorer and in the CRL viewer application, determine whether any of the files have expired.
• If there are no files in tomcat/temp/, then it can be assumed this license server has never been able to reach the Adobe CRL server due to a firewall/routing issue. For more information, see Firewall rules.

If the CRL files are not available or have expired, you must confirm whether the license server can be reached. Open a network sniffer on the customer's license server, restart the server, and have a client attempt to request a license from the server. You can observe the network traffic to see whether calls to the following URL endpoints are successful:

Tip: You can also enter the following CRL URLs in a browser to see whether you can manually download each file.

• crl2.adobe.com/Adobe/FlashAccessIndividualizationCA.crl
• crl2.adobe.com/Adobe/FlashAccessIntermediateCA.crl
• crl2.adobe.com/Adobe/FlashAccessRootCA.crl
• crl3.adobe.com/AdobeSystemsIncorporated FlashAccessRuntime/LatestCRL.crl

If the firewall rules are open and there are no current 3324 errors, there might have been a temporary network issue. Check the customer's server logs, which are probably in the /tomcat/logs/ directory, to determine whether an error occurred when the license server tried to fetch the Certificate Revocation Lists.

Important: An error might occur when a large number (or a burst) of clients report a 3324 error to a temporary network issue when renewing a CRL file. When the network issue was resolved, the 3324 issues were also resolved.

If all 4 of the CRL files exist in the tomcat/temp/ directory, and clients are still getting 3324 error codes, there might be file access issues to the CRL files. To resolve this issue, you might want to review the logs and purge the existing CRL files.

If there are no server issues, prompt the user to reset in as described in 3322.

Files used by the DRM client have been modified unexpectedly. subErrorId contains a client-specific or line error.

• The distributor's software should retry the operation again, because AdobeCP has deleted the offending server store internally, and a retry should succeed. If retry fails, log the issue.
• If retries are failing at a rate greater than the expected failure rate of the hard drives of your user base, escalate the issue to Adobe.

The License store has been tampered/corrupted and can no longer be used.

The distributor's software should guide the user to reset in the same way as described in 3322.

This is a server-side error where the server was unable to complete the request from the client. This error can occur when, for example, the server is busy, HTTP/500, the server does not have the needed key to decrypt the request, and so on.

On the client, there is no way to determine what went wrong. The customer must review the Adobe Access server logs, which are usually called AdobeFlashAccess.log, to determine what went wrong. There is always a descriptive stack trace in the log to indicate the problem. subErrorId contains a server-specific or line error.

The distributor should look at server logs to identify which server is sending this error. For 3328 errors that has a sub-error code 101, the server cannot decrypt the request. The customer must validate that the license / transport server certificates that are installed on the license server match and correspond with the certificates that is used during packaging.

In addition, if customers are using the Reference Implementation, they must ensure that there are no typos in the flashaccess-refimpl.properties file where the primary and additional certificates are specified.

The application-specific sub error code is not known to Flash Access. subErrorId contains a server-specific error from the publishers customized license server. The server returned an error in the application-specific namespace.

This error occurs when the content is configured to ask clients to authenticate before getting the licenses.

• The distributor's software should authenticate the user and then acquire the license again.

  If your service does not intend to use authentication, log the identify of the content that is causing this error.

• This error should not require an escalation, unless the content is not supposed to be configured to require authentication.

  In this case, repackage the offending content with proper policy. If the content is packaged correctly, see Diagnosing policy / license discrepancies.

The acquired license is not yet valid. To resolve this issue, check whether the client clock is not set correctly. To set the client clock, repackage the content or modify the license server configuration.

You must notify users that they cannot play this content till the policy expires.

This platform is not allowed to playback the content because, for example, the content provider has configured Adobe Access to deny content to Adobe Access on a platform or a shared domain-bound license is bound to a shared domain token that is meant for a different partition.

CDM might throw this error if content was not packaged by using an appropriate (CDM feature gated) packager certification.

If the content is packaged with an incorrect PHDS/PHLS certificate, the content might work in Chrome but not other browsers (or vice versa).

Tip: This is because Chrome uses different PHDS/PHLS certificates.

To resolve this issue, complete one of the following tasks:

• Upgrade AIR
• For Flash Player, upgrade the AdobeCP module and retry playback.

This platform is not allowed to playback the content because, for example, the content provider has configured Access to deny content to FP/AIR on a platform.

This occurs if the content or the server is configured to deny playback to a particular version of the Flash or AIR runtimes.

• If the user is on an operating system on which Flash can be upgraded, the distributor's software should prompt the user to upgrade Flash and try again. Otherwise advise the user to use a different machine.
• If error 3337s is suspected, identify whether it is occurring for specific content and repackage that content. If content is packaged correctly see Diagnosing policy / license discrepancies

Unable to detect the connection type, and the policy requires you to turn on Output Protection. This issue is expected only if the content is packaged to require digital or analog output protection.

An issue in versions of Flash Player older than version 11.8.800.168 caused error 3338 to occasionally occur on content for which the policy indicated that content protection is USE IF AVAILABLE. This issue is fixed in version 11.8.800.168 and later.

• The distributor's software select a variant of the content that does not require output protection (for example SD variant of an HD stream).

  If error 3338 is occurring on USE_IF_AVAILABLE content, check for player version number. If the player version is less than 11.8.800.168, advise the user to upgrade Flash Player. If error 3338 is occurring on versions above 11.8.800.168, log which content caused the error.

• The distributor should check which content is causing this error and validate that the content's policy is setting NO_PROTECTION or USE_IF_AVAILABLE for analog and digital outputs.

  If content is inadvertently packaged with NO_OUTPUT or REQUIRED, repackage the content. If content is packaged correctly see Diagnosing policy / license discrepancies. Otherwise escalate to Adobe.

For more information, see Getting unexpected 3338 errors when your DRM policy is set to USE_IF_AVAILABLE?

Important: This issue should not happen in a production environment, because content publishers should not disallow digital playback.

Not applicable for Android.

This error is currently known to happen initially after a new version of Flash is released. It occurs because Flash upgraded while Flash was open, which puts Flash in a bad state until browser restarts.

• The distributor's software should complete the following tasks:
  • Recommend that the user close or quit all browsers and then reopen.
  • Check if the version of Flash is current.

    If the version is not current, advise the customer to upgrade, close all tabs in their browser, and reopen.

• If error appears to occur after a successful browser restart, escalate to Adobe.

  When a new version is released, we recommend that you contact Adobe Support to see whether the background updates issue has been fixed.

Not applicable for Android.

This error occurs when part of Flash or AIR was not installed correctly.

The distributor's software should do one of the following:

• Ask the user to uninstall and reinstall AIR.
• For Flash Player, call System.update.

• The distributor's software should do one of the following:
  • If AIR, call DRMManager.resetDRMVouchers()
  • If Flash has is unusable because of errors 3322 or 3346 error code, users should go to https://forums.adobe.com/message/5535907#5535907 and follow the Adobe article's instructions to programmatically reset their DRM license store.
• If this error occurs frequently, the distributor should provide the details about the frequency player version and the browser version to Adobe.

For more information, see the following forum articles:

• DRM Error 3322/3346/3368 in Chrome (Info-Bar Problems)
• 3322 or 3346 error after hardware change

The primary meaning of this error is that the license has a constraint which the clients' DRM certificate indicates it cannot satisfy. The following "hardware capabilities" are defined when the clients DRM certificate is issued:

• Non-User Accessible Bus. If true, the decrypted media never flows across a bus or into main memory where an application can access to it.

  If false, content might be accessible to the application after decryption.

• Hardware Root of Trust. If true, all software that is loaded at boot time on the device was validated against a key or digest that is only available in hardware.

  Both of these constraints are checked on the client side when the license is opened against the DRM certificate for the client and failure is immediate. These constraints can also be checked on the server side prior to issuing the license.

The secondary meaning of this error is that the license has the "Jailbreak Enforcement" policy set and a jailbreak has been detected on the device. This check is done periodically on the client side and cannot be checked on the server side.

The distributors can update the policies and remove the restrictions. For device capability policies, issue the policy update command with the -devCapabilitiesV1 flag and no arguments. For jailbreak enforcement, set policy.enforceJailbreak=false.

The framework requested the device ID, but the returned value was empty.

The user should not select the Allow identifiers for protected content check box in Chrome settings.

This browser/platform combination does not allow DRM-protected playback in Incognito mode.

The distributor's software should advise the user to exit Incognito mode or use a different browser. For more information, see DRM error 3365 cause and resolution.

The host runtime called the Access library with a bad parameter.

The user cancelled the operation or has entered settings that disallow access to the system.

This error is only thrown when the SWF version is 19 or later. For backward compatibility, 3321 is thrown when the SWF is version 18 or earlier.

The distributor's software should guide the user to an explanation of how to allow unsandboxed plugin access. Google Chrome's unsandbox access denied and DRM Error 3322/3346/3368 in Chrome (Info-Bar Problems).

A required browser interface is not available. This issue occurs only on Pepper. There could be a mismatch between the Flash plugin and the browser version.

The distributer's software should guide the user to ensure that they have the latest version of the browser installed.

If the incidences of this error are increasing, and corresponds to a browser update being released, escalate to Adobe.

The user has disabled the Allow identifiers for protected content setting.

Tip: This error appeared with Pepper versions 13.0.0.x or greater.

The distributor's software should guide the user to enable the Allow identifiers for protected content setting.

The distributor's operations team should guide the user to enable the Allow identifiers for protected content setting.

For more information, see https://forums.adobe.com/message/6518323#6518323.

Malformed resolution based on output protection constraints in the license.

The distributor's software should display an error message. Ask user to report the problem to the distributor with a content title.

The distributor should repackage content with a valid policy.

The content's resolution is larger than the maximum resolution that is specified in the output-protection constraint.

If the distributor's operations team sees this error in their logs, they should review the resolution-based output protection policy, and if necessary, repackage the content.

The content's resolution is larger than the resolution that is specified by the currently active output-protection constraint.

If the distributor's operations team sees this error in their logs, they should review the resolution-based output protection policy, and if necessary, repackage the content.

Failed during client-side communication processing, for example, request generation, response processing, bad auth token, and so on.

If the distributor's operations team sees this error in their logs, they should review the resolution-based output protection policy, and if necessary, repackage content.

• The bufferTime is too high (equal to or higher than the live window duration).
• A combination of one or more of insert/erase API replaced more media than it added.
• The next period is a live period with a pending media replacement (due to InsertBy API call)