Server Version#: 1.42.1.10060
Player Version#: 4.148.0
I built a new Plex server using an AD domain user (aka service) account** and everything is working fine. However, I noticed something odd which somebody might be able to explain? While using app.plex.tv to configure my server settings, everything seems to work fine except granting my users library access. When I tried to do this, I kept getting a “You don’t have any connected servers“ error, even though I can access my sever just fine both locally and remotely (e.g. cell phone not on WiFi). I decided to try the same procedure while logging onto the Plex PC with my service account, and I no longer got the error and proceeded to grant access to all my users w/o issue. Is this normal?
I thought there might be an issue with my Plex account (lifetime sub), but now I’m thinking that it’s somehow instead tied to some hidden credentials. I even remoted into the PC with my svc acct, and that worked fine as well. Remoting with my own acct saw the same error. Further, I restarted Plex (the service and the server) using my own acct and Plex just gave me a 401 auth error in the browser. So it definitely looks like a credentials issue. Perhaps there’s some way to link the 2 accts so Plex treats them both as the admin role?
Anyone’s thoughts would be very welcome here.
* Windows 11 Pro, Dell Optiplex, i7-13700 13th Gen, 16GB RAM, C: NVMe , and D: 500GB SATA SSD for metadata, 1Gbps fiber WAN, 10Gbps wired LAN.
** My AD acct has local admin rights, was used to install PMS software, and is configured with auto-login + auto desktop locking upon login.
The PC was entirely installed & configured with my personal acct (domain admin rights), but I logged onto the PC with my svc acct (local admin rights) to install and configure most of Plex. The PC owner is my own AD acct, the PMS owner is my svc acct, and the only Plex creds were just my Plex acct.
Later the same day, after adding all my libraries from a separate laptop logged into app.plex.tv with my same Plex acct, I was able to recreate all my libraries and more.
I know that PMS needs to run under the Windows acct it was installed with, probably because it uses %APPDATA% and reg entries are under CURRENT_USER as per installation user. That’s why I used an AD svc acct, not my regular acct, and configured the PC to auto-login & auto-lock using the svc acct.
PS I used the Task Scheduler method for auto-locking and the SysInternals app to create the auto-login so the acct pswd is safer.
Ok Plex normally only operates within a single user scope, and thus does not know about your personal account. So PC owner vs Service account means nothing.
I would suggest trying the 127.0.0.1 address and seeing if that has different results
Yes, it is true. Your service is either running under Local System, Network Service, or a manually-selected Windows acct, either a local (to the PC) or a domain acct. Those 1st two are several of Windows’ built-in accounts and Local System is the default used when creating a service, scheduled Task, or anything else. (I’ve been a Windows system developer for over 3 decades, specializing in IAM, Identity and Access Management, and I know Windows & ‘nix IAM quite well.)
Account ‘SYSTEM’ would be foolish to use. I’ve read many posts of users who did this, but why would you use such a privileged account for a remotely accessible server? It’s not necessary for the things Plex is doing. Even hardware transcoding is working with the restricted user account.
Wait, are you saying that Plex can run under any acct? If so, has that changed over the years? When I first started running Plex many years ago, people jumped all over me for suggesting running PMS with a svc acct without any 3rd party addons/extensions/etc., so I’ve run it under my desktop acct all these years. Last I’d heard, running under as a service caused problems with updating, requiring spc’l steps like manually shutting down, updating, and restarting.
There’s definitely something odd going on if I log onto the PC under the svc acct with which PMS was installed with vs. logging on with my own desktop acct. With the svc acct, it shows my server as connected, but with my desktop acct, it said no connected servers. This seems odd since I can manage everything else with my installation from a browser on another PC just fine, thus my original post.
If you use something like NSSM, you’ll have to perform updates manually, yes.
But there is PMS as a service which should handle the updates as well. But I don’t know if it was ever tested with AD accounts.
