Its Another Sign In Issue

Server Version#: 1.19.5.3112
Player Version#: I don’t have a clue, whatever loads in web browser

TL:DR “Unhosted PMS behind a convoluted network path that doesn’t want to sign in properly unless using FireFox 79 Private window on Windows 10”

Login at app.plex.tv/desktop works without issue.
Login at :32400/web yields a successful login, followed by a redirect, spinning circle of indecision, then it tells me that there was an error and to log in again. This is on Firefox 79.0.

Similar experience occurs using Chrome. And Chromium. And Opera. I haven’t tried it on Internet Explorer (Disabled) and that mess of new Microsoft Edge.

I did notice, however, that if I use a private window under FFox to login with, I finally get in after 3 or 4 tries. Using a regular window, I have lost count beyond 24 attempts all ending with same pattern and frustration.

I am also seeing a warning that server is not hosted by Plex yadda yadda and to proceed only if I recognize it ( I do ). Not sure what all that is about, I have not seen it before on any of my previous machines. Speaking of which, my account only has the 1 server now, all devices / apps have been removed.

I have had login issues before, wasn’t able to do so locally, just through the web (app.plex.tv etc). No problem with private content, was even able to access server on phone and friends’ televisions (Roku). Remote access is disabled, with no plans to enable.

Server is a new build hosted by OMV 5.5.5 (installed 5.3.9 and updated to 5.5.5) but is NOT a docker / portainer / whatever. For reasons I don’t care to go into, was an overall bad experience. Lets just say updates didn’t update.

More background…
Remote computer (this one) is wifi running Windows 10 Pro, all updates, FFox is #79, Ghostery is in effect but passing Plex Metrics and Google Tracker. FFox in private window is blocking those. Maybe that has some bearing.

Server is hardline to WRT3200ACM running OpenWRT 19.?, both computers are on same subnet and share same IP range (192.168.1.xxx) and same DNS.

WRT3200ACM Router is fed by a Winegard WF3000 extender/bridge, and creates a 10.11.12.xxx network which is passed to WRT3200ACM WAN port.

WF3000 connects to RV Park Wifi which runs over NextLink Microwave / Fixed Wireless and creates a 192.168.1.xxx network. Yup, this is a mobile setup here since my Tablo absolutely sucks when on the move.

To make matters even more complicated, I am not familar with Linux at all whatsoever and is the primary reason why I am using a near-turnkey package such as OMV. Took me a while to find a work around for updating the plex repository key using wget instead of curl so I could install the plex media server package. If logs are needed, I have no problem providing as long as you are specific in telling me what to look for. I have, I think, found all the server logs located in /var/lib/plexmediaserver path.

I have also searched for similar issues, and beyond the authentication server issue in 2018 and making sure that my time is same between computers (synced to ntp.org). The logs that I have found do not have certificate or authorization errors as featured in examples of other posts. I did have similar issue, as mentioned early on, but was on very old hardware over dedicated Comcast Internet (ex-hippa network) but using same router / openwrt (v18). And for what it is worth, the wrt3200acm router was just wiped and OpenWRT installed. There has been very little changes made other than passwords and static ip for various devices. Oh, and IP6 was disabled. Completely.

Any other Full Time RV’ers that are at the end of a convoluted network path and more familiar with Linux ( than I am ) want to take a stab at this? If I had another license for Windows, I would try plexserver that way but I don’t. And no, Plex Media Server will not install into ReactOS. Yet.

I assume you like RV life because you can “get away from it all”? Hahaha. OK, phew. So many details.

If you can log in directly to app.plex.tv, but not via the PMS server, it sounds like it would be useful to review the Plex Media Server logs. Can you gather & share those?

You mentioned two networks using 192.168.1.xxx addresses - I think. Depending on which devices are doing NAT, that could be a challenge. Let’s put a pin in that. (I’m glad you aren’t hoping for remote access.)

The warning message is normal, and was added somewhat recently.

I immediately think of DNS Rebinding protection as a potential issue. I’m assuming that’s enabled on the WRT. Can I assume your Plex Server and client workstation are using the WRT3200ACM for DHCP and DNS? You may need to either permit/exclude plex.direct from DNS rebinding protection, or you may need to disable DNS Rebinding protection on that device.

Could you draw a picture, showing the different devices, their roles, and IP addresses?

How to easily gather Plex Media Server logs:

Screenshot of OpenWRT DNS Rebind Protection setting (disable):

What? You want logs AND a picture? Yeah, I guess a network map would be beneficial. Particularly since I am behind not 1, not 2, but 3 routers before I hit the internet.

Linksys WRT3200ACM / OpenWRT is what all of our lifesupport to / through.

Winegard WF3000 is the extender / bridge between WRT3200ACM and whatever hardware the RV Park uses. Guess what? It is a router of sorts as well, and has been completely dumbed down.

RV Park Equipment. No Idea of what is here, but I know that there are at least 4 nodes and what appear to be a couple of $50 Netgear WiFi extenders.

I have been thinking, and though that gets me in trouble, I might be on to something. I suspect that isolation is turned on on the Winegard WF3000, my stuff is turned off. It is almost guaranteed that isolation is enabled on the park’s hardware. The thinking is would it be worth the effort to change adapters on the OMV-Plex server from hardline ethernet to wireless 802.11(garbage goes here)? It basically means reinstall unless I can find how to run wireless setup again.

I did see in one of the media logs that path was not being recognized / followed. I also saw a bunch of SQL errors / aborts. Of course, I have not a clue what they mean.

Logs Attached.Plex Media Server Logs_2020-08-04_03-10-37.zip (168.0 KB)

I’m amazed that this is working at all, certainly causing problems for TLS/SSL. I suspect that since the PC is going to sleep, when it wakes up the ip path has changed and the cert is no longer valid forcing you to login multiple times till it can sort things out. Do you have secure connections disabled on the server and clients?

You can either keep the server up all the time and watch for dropped internet (one of the issues) or just shut the server down when not used so Plex will do a startup each time. You could also try restarting the plexmediaserver.service when you are having the issue to speed up network discovery.

You are amazed now? Wait until you see the simple diagram, then you will truly be amazed that it works at all. Oddly enough, everything else works like a charm, and the ping times are in low 20’s (ms) according to my son’s xbox.

My VPN (acknowledgments enabled) does not have any problems at all, no dropped packets.

All my devices are static ip. It helps with the VPN, as well as access / time control on my son’s xbox. That kid plays all night if I let him…

Regarding secure connections, not exactly sure what you might be referring to. Given that I do a lot of work with HIPPA, I have not gone out of my way to turn anything off that would allow someone to sniff / capture packets. That being said, I am also not doing anything special beyond using the VPN to connect back to the servers. VPN is not used all the time, nor on all devices. Just a secure laptop.

Server has been up all the time, with the exception of restarts to get omv and plex installed / setup. Also to get OMV working correctly with the correct adapter. As Plex scans the library every time it starts, I leave the machine running. Library is now over 6K movies and shows, incl a lot of Tablo recordings. I am a sucker for old Westerns. Kids hate it when I turn them on. So I use a laptop as a server. Doesn’t get hot, load hardly exceeded 5% even when transcoding locally and rarely went above 20% when transcoding for remote. Laptop = built in redundant power + External Battery (Trailer) if/when needed. I would have left well enough alone except lost the drive while moving the trailer. Upgraded to SSD, should have just restored a backup.
Currently the media drive is not connected / folders not assigned.

Simple Network Diagram attached. I hope it makes sense and is clear enough.

Network Simple1600×996 50.9 KB

Just to further convolute, and perhaps show path better, I just did a tracert to google.

Tracing route to google.com [172.217.9.78]
over a maximum of 30 hops:

1 1 ms <1 ms <1 ms 192.168.1.1 *****Linksys WRT3200AC
2 1 ms <1 ms <1 ms 10.11.12.2 *****Winegard WF3000 Indoor
3 64 ms 34 ms 13 ms 192.168.88.1 *****RV Park Router / Nodes
4 15 ms 10 ms 9 ms 10.7.254.77 *****NextLink Node
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 29 ms 24 ms 34 ms v149.core1.dal1.he.net [184.105.63.85]
10 40 ms 25 ms 25 ms 100ge7-2.core1.mci3.he.net [184.105.64.214]
11 30 ms 29 ms 28 ms 100ge10-2.core1.oma1.he.net [184.105.65.166]
12 38 ms 37 ms 35 ms 100ge8-1.core1.blp1.he.net [184.105.65.98]
13 43 ms 40 ms 36 ms 100ge8-2.core1.msp1.he.net [184.105.64.97]
14 42 ms 40 ms 55 ms as15169.micemn.net [206.108.255.141]
15 59 ms 59 ms 54 ms 108.170.243.193
16 52 ms 94 ms 48 ms 72.14.239.123
17 128 ms 47 ms 37 ms ord38s09-in-f14.1e100.net [172.217.9.78]

Trace complete.

Oh Yeah, Rebind Protection.
Turned it off, tried to connect locally, and IT WORKED!

Thinking that was too easy, I signed out and tried to login again.
6 attempts later, still same problem with rebind protection turned off.
Just turned it back on.

I would set things up for no internet: [HowTo] Use Plex with No Internet

The logs had time gaps which usually indicate disk/system going to sleep, worry about that last.

I’ll actually look at your Logs later - hopefully somebody else will get there first.

Many of the “Plex with No Internet” suggestions are good.

If you have isolation between WiFi and Wired, that’s definitely worth disabling. Obviously that can interfere with communication between the two.

I think you want to leave DNS Rebinding protection disabled (or configure an exception for plex.direct. When Plex uses DNS to find the server, DNS Rebinding can cause the responses to be dropped.

Why are you signing out again after you get connected?

Isolation / AP Isolation
On my router (wrt3200acm), isolation is off meaning that the various devices are able to see each other. The only way to turn it on (isolate devices) is to create rulesets. Not that difficult with wired / wireless paths, but can be a chore with individual devices.

On my wf3000, things get very interesting. According to Winegard, there is isolation present but between the indoor and outdoor networks. IE, supposedly indoor devices can see each other, but a device on the WAN would not be able to see devices on the indoor. Best way to describe is a NAT Bridge. That being said, devices that are connected on the indoor network are not able to see the others. I will have to make sure devices are discoverable. As it is, I cannot print wirelessly to my Lexmark Pro915 over wifi when connected to the WF3000. But I can when it and devices are connected to the WRT3200ACM.

Just finished speaking with Winegard TS. They finally returned my call. It was explained to me that there is NAT occurring in the outdoor, but they could not tell me if it is 1 IP used across multiple MAC or 1 IP per MAC. I suspect it is the latter as they mentioned that the RV Park Network Equipment would not see the booster / extender from their side, only I can see it on my side. I am still trying to wrap my head around that statement.

NextLink equipment also uses “Carrier Grade NAT” via managed routers. I was able to determine that via their website and drawing conclusions based on what I have seen and the intelligence level of the Park Office.

DNS Rebinding
I will turn this back off then until I can figure out how to create an exception. Thinking further, my devices are typically configured to use OpenDNS servers over DHCP. Now that I am static for most (all?), there may be some DNS discrepancies. Nextlink (Park WISP) has its DNS, those propogate to WF3000, which obfuscates and replaces with gateway as DNS server. I am not 100% sure that DNS remains true as I don’t know how to check at the moment.

Why Are you signing out after connected?
I am not, and that is the problem I think. When I login, it says that I am connected, but upon redirect, a message indicating an error has occurred pops up and wants me to sign in again. Note that this does not occur when signing in from app.plex.tv but almost always occurs when signing in from :32400/web. Interestingly enough, when I am signed in via app.plex.tv server status indicates as “Nearby”.

Plex With No Internet
Well, now I face a conundrum. I didn’t realize that Plex requires internet. Understood that it is able to work for a while without it, but ultimately will need it. In the past, it hasn’t ever been a problem as I had 2 independent internet sources with automatic fail-over between them (Comcast, AT&T, BGAN Satellite), several weeks of battery backup, and the ROKU devices never burped. But outages were relatively short lived, less than a few hours and almost never overnight.

Though I am only a couple of years perhaps into my LifeTime PlexPass, I will be looking at other options.

Its interesting though that I can login locally to Plex if I use a private window on FireFox (v79) but cannot if I use a regular window. Ghostery reports 2 trackers (Plex Metrics, Google Tag Manager), but Firefox has its own sort of filtering as well by default.

I agree that this whole network conglomeration leaves a lot to be desired ( A LOT!), but what could possible change between a private and regular window on the same browser? Note that this has been duplicated using other browsers.

OK - I think you want it off; you want the things on the same network to be able to communicate with each other. I thought you said it was enabled before. Sounds good.

As complicated as your connectivity is, isolation betwixt other networks shouldn’t matter. As long as your server and client can talk directly.

I made the assumption you were using your Router’s DNS … I believe that OpenDNS has a DNS Rebinding protection feature too. Basically all this does is block RFC1918 (“internal” or “private”) IP addresses from DNS responses. These responses are a feature that Plex uses. Google DNS doesn’t block these, or you could disable the feature on OpenDNS.

It definitely needs it for authentication and for media details.

You can disable the authentication requirement for local LAN Networks, and you should be able to browse and play back media without any LAN connection at all.

I still haven’t looked at logs. Tonight.

I agree that your comments about it changing in “Private Mode” browser windows are interesting. My experience with Private Mode windows is just that they forget cookies and make me log in again all the time, but they otherwise work identically.

I wonder if you might have some additional browser filtering/security/adblocking that is interfering.

I wonder if you might have some additional browser filtering/security/adblocking that is interfering.

Well, that is the definition of a private window. All is blocked, no cookies, etc.

Usually a private window does run javascript, accept cookies, etc., but they delete them at the end of the session.

You mentioned Ghostery. But you also mentioned testing a bunch of different browsers - I assume at least one of those browsers didn’t have any add-ons installed.

I don’t think this is the root of anything anyway.

True, a private window does have various elements, but is not supposed to be stored.

You are correct in that I have tested it on various browsers, and I have. But, all have been adulterated with addons and customizations of varying degrees. The only browser I had that hasn’t been excessively messed with is…the “new” Microsoft Edge.

So… 192.168.1.195:32400/web … login with my credentials … and it connects as it should. Alright, been down this road before. Close tab, open browser back up, lather rinse repeat 6 or 8 times.

AND IT WORKS: EVERY . SINGLE . TIME.

So…What the hell am I looking at now? Are Firefox / Chrome / Chromium / Opera / Fennec all so corrupted and adulterated that they are pooching redirects? That is my guess. I can’t even use Fennec, (Open Source FireFox on my Android), to open it. And I think it is because my FireFox account / settings are imported once I sign in. As far as Chrome / Chromium / Opera, I don’t have a clue.

Clearly, it is something in my oft-used browsers that is screwing with the sign in process and getting sideways on whatever redirect there is.

For the meantime, my workaround is going to be to use the “new” Microsoft Edge (isn’t that built on Chromium btw?) to access pms locally. I would prefer another browser, but this works. Of course, time will tell if things decide to go sideways. Again.

I still have network issues to iron out, that much was clear once I started delving into it. Thanks for asking for the drawing, I didn’t realize just how bad it was. Tiberious is correct, it is amazing that it is working.

Now that pms is working as it should, I need to finish setting it up: adding media drives, cofiguring folders, getting ready for the 17 hour folders scan, etc. Maybe scan will go faster now as I am now on a drive that is not Shingled, runs at 10K RPM, and is direct SATA3 vs running on a USB adapter plugged into a USB 2.0 port.

Hahahah, ohhh, the endless binge-and-purge cycle of browser extensions and customizations. I know it well.

You’re going to get a kick out of the new Plex agent. It’s a good order of magnitude faster than the old one was.

Okay, got to thinking about differences and commonalities among the browsers. Chrome / Chromium / MS Edge don’t use Ghostery. That eliminates that possibility. Browser extensions consist of items that are called only when requested, such as Mirror Site and PDF Full Page Printing.

But what is the 1 commonality between them all - which MS Edge didn’t have? Stored sign in information.

Deleted stored login entry on FFox, closed tab, restarted browser and went to 192.168.1.195:32400/web to login. Guess What?

IT WORKS: EVERY. SINGLE. TIME.

Just like MS Edge did. Chrome / Chromium / Opera were just removed, I don’t really use them anymore - except when I needed a virgin browser.

Can’t quite understand how a login script can cause SOOO many issues.

Now I will see what I can do about setting up PMS for use without internet, once I get everything else setup.

Just for the sake of clarity, you mentioned above that you were able to access your server successfully using app.plex.tv, using your browser of choice, correct? And that it showed the server as “Nearby.” If so, that is local access. The only difference between using your server’s local IP address and using app.plex.tv (in this case, since the server is shown as nearby) is where the web client is loaded from.

Even when using app.plex.tv, a local connection to your server is used if available. You can verify this by playing some media and checking the Dashboard to see if it is shown as “Local,” “Remote,” or “Indirect.” If it shows “Local,” then the web client has local access to the server.