The old (circa 2007) machine I was using for my Plex server finally died. However, I have the Plex data folder on a separate drive, used by nothing but Plex. When I set up the new machine, I had hoped to install the Plex Media Server software and point it to the Plex data drive and have it be the “same” server. (Oh, I discovered [sadly] that the setting that once existed in the Advanced settings for the server for the data location must now be manually changed by creating a registry entry – at least on Windows. Why would such an important setting be hidden? Also, why isn’t the code smart enough to discard a trailing backslash on a folder path it it doesn’t want one!)
Alas, that did not happen. Instead, all of my Plex clients show two servers with the exact same name. One is (normally) shown as unreachable, but it was the default, but I cannot find any way to make it “cease to exist” so some clients still need to be reminded to use the “new” instance instead. Additionally, because the players are seeing the new (same name) server as new, all players require me to remove all of the old libraries that were pinned and pin the exact same libraries from the (not actually) new server.
Overall, this was a VERY unpleasant experience.
I’m hoping that I was just unable to find the proper instructions for replacing the CPU *and boot/program drive) to have the replacement server assume the role of its dead predecessor. Could someone help point me to those instructions, please? I’ll bookmark them for future reference.
Also, it would be great if there was some way to tell my account to “forget” about servers that no longer exist or that I just don’t want to use any longer. I’m again assuming that I cannot guess the necessary search keywords to find the documentation for the necessary procedure and I’m hoping for help finding it. Please?
IIRC this was due to security issues where somebody who gained access to your Plex Media Server could point the AppData folder to a prepared folder to either compromise Plex or access system files.
Thanks, I’ve bookmarked those instructions in case I ever voluntarily choose to move to new hardware. However, even if I had found them, the preparation steps would’ve been rather difficult to perform on the TOTALLY DEAD source machine.
IIRC this was due to security issues where somebody who gained access to your Plex Media Server could point the AppData folder to a prepared folder to either compromise Plex or access system files.
So the change was made to protect Plex (somehow) from someone who already has full access to the server’s file system (in order to “specially prepare” a folder)? Sorry, but I really don’t see that as very much protection for me – certainly not balanced by the difficulty of finding and correctly creating the setting manually.
You should be able to remove the old server from the list of authorized devices – otherwise it should go away after some time by itself.
Thanks! Luckily the linked screen shows how many days since the server was last accessed, otherwise there would’ve been no way to distinguish between the three that were listed – if anything else shown was different, I couldn’t find it.
It was solely to protect your server and your files/data. It never posed a threat to plex.tv
The security researcher who found this issue, saw fit to list it in the CVE database and thus pretty much forced Plex Inc’s hands. Security: Regarding CVE-2020-5741
As long as the hard drive or SSD(s) which held the Plex data folder and the Windows registry are still intact, you can connect them to the new machine and salvage the data this way.
OK, not your fault that the change from useful to obscure/hidden setting needed to be made. But I’ve gotta say that the people who pointed it out seem to be rather slow…
By definition, the system must have already been compromised if the “attacker” was able to point my Plex server to a compromised (i.e. “specially crafted”) directory.
The issue appears to ignore the “attacker’s” ability to “specially craft” the files in the already defined Plex Data directory.
Those statements assume that the actual bug was to protect against directory content. If the fix was required because a specially crafted path string in the field could cause the Plex Server to, say, compromise the security on the computer running it, then I understand completely why the setting needed to be hidden in order to keep Plex from trying to use such a string. Of course, the input could’ve been sanitized…
I had forgotten that one can supposedly access the registry from an externally mounted Windows system drive – largely because I was never successful in getting anything useful from a registry mounted that way in the past. The tools have probably improved in the past 25 years, so thanks for reminding me of a possibility I had written off many years ago.
I moved the physical drive that contains ONLY the Plex Data folder to the new server, not realizing that Plex was also storing some critical information about itself in the registry. I’ve located and bookmarked articles about backing up the Plex registry and about all of the hidden settings (that may be?) stored in the registry. Thanks!
