Observations and Solution for Plex PMS Remote Access Issues

Over the last few days, I have been assisting many members on this forum with their remote access issues. The majority of those users I assisted to resolve broken remote access had the following traits in common:

• Windows 10 is the host OS
• A more recent version of PMS installed
• No static IP assigned or no DHCP reservations created
• Reliance on UPnP to handle the private to public NAT port mappings

It seems to me that if things were working just fine but suddenly not–there must be something a miss. Microsoft in their infinite wisdom has decided with Windows 10 to force updates down your throat. With little to no documentation on many of their forced updates, its been hard to pinpoint whether or not they broke UPnP or changed the way it works. There is also the possibility that Plex devs may have overlooked something in the PMS code that is causing UPnP to intermittently fail. Either way it looks like UPnP is not reliable for the many users I assisted. I suggest the following as best practice.

1. Assign your Windows 10 PMS host a static IP. If you can’t then at the very least reserve its IP in your DHCP server
2. Manually specify public port for PMS within the Plex Web App under Settings | Server | Remote Access | Show Advanced
3. In your firewall/router, manually port forward the private TCP port 32400 to whatever number you decided for the public port in Step #2

For all that I have assisted, if you are reading this, please provide some feedback on the stability of your remote access since the changes.

Additional support information can be found on this Plex Support Page.

FWIW, I have always had W10 and Plex set up the way you suggested, and have never had remote access problems. Not saying it will work for everyone, but it has for me.   B-)

Can someone help me with instructions for number 1,2 & 3 above? I am new to all this computer stuff? I just downloaded and can’t get remote access or share.

@jmarvullo said:
Can someone help me with instructions for number 1,2 & 3 above? I am new to all this computer stuff? I just downloaded and can’t get remote access or share.
Sorry, I couldn’t assist you further. Unfortunately you have a Double NAT scenario with no management into the first router. Your connection will be hit and miss with Plex Relay servers. Try to request your ISP to open that custom port.

I use Raspian on a Pi3 and have the same problem where it used to work perfectly. I have always used a manual IP address for the Pi running PMS and a port forward on my router. I have changed the public port to manually selected 32400 but this made no difference. I updated to 1.3.3.3148 to resolve it but I don’t know what version it was prior but I update it when i see a new update so it was probably the one prior.

@lqvnguyen, I’ve had the peculiar issue of being able to remote access via my iPhone and iPad, but my laptop has an issue.

It will load plex.tv, login in and launch the web player, but just refuses to connect to the server either by secure or insecure methods. Yet my iPhone app on the same wifi network as the laptop can access and watch without any issues at all…

As per above, PMS is on a Win10 64bit machine that has an assigned IP and all the port forwarding setup.

Cheers,
Josh

My setup is as follows:

TWC/Spectrum 300/20
Static IP locally set on my server (Ubuntu Server 16.04 LTS fully patched)
32400 port forwarded on my OnHub router
32400 manually specified in PMS settings.

From time to time (with nothing in the error logs, btw), I have to restart PMS in order to get remote access back up and running again. Once I do, it’ll stay available for ~72 hours and then I’ll have to restart PMS again. So, I wouldn’t limit it to just Windows 10 as the possible culprit.

Windows 10 is the host OS
A more recent version of PMS installed

I fit into this category and for a few months at least I have noticed that access, even local would be flakey. It would affect several devices where I would log in and only see my friends server, which is shared with me. From memory, Xbox One, Web App, And Fire TV Stick all had this happen. Most of the time I would refresh the app sever times until my server appeared. One on a few occasions did I need to restart the server.

I’m hoping that

Reliance on UPnP to handle the private to public NAT port mappings
is the cause.

I am going to check

In your firewall/router, manually port forward the private TCP port 32400 to whatever number you decided for the public port in Step #2
later tonight.

Question regarding this. I believe that I have my port set to 32400 in the server settings. Should I change this to a different port?

@JDIacobbo said:
Question regarding this. I believe that I have my port set to 32400 in the server settings. Should I change this to a different port?

• Only for obscurity purposes if you have just one server on your LAN
• Required if you have more than one server on your LAN with just one public IP. TCP 32400 can only be port forwarded to one internal server. A second server would need to use a different public port.

I have always had my PMS setup exactly as stated in OP, but since upgrading to v1.3.4.3285 I have been unable to get remote access to work. I have restarted PMS, restarted Windows, restarted router, changed static IP address, added server to DMZ, switched from port forward to UPnP, and returned all settings to original values, and my PMS still refuses to establish remote access.

I’m open to other ideas right now.

Update: Repairing the installation and restarting my computer did not resolve the issue. However, a full uninstall and reinstall of PMS finally resolved the remote access issue.

I have a similar setup and always had a static ip for the server, but found later that the authenticating local ips caused some problems. In the network settings I put in the local ip in the list of ips that don’t require authentication. Haven’t had issues since.

I do not know how to set my router up it is a netcom NF4V were do I find or how do I change my settings its doing my head in please

Try this emulator first to get familiar then follow my instructions above. If you still have specific further questions – ping the thread.
http://emulators.netcomm.com.au/NF4V/Resources/main.html

on asus routers plex has never particularly worked well with upnp … further upnp (on the router) being enabled is quite a security risk and not worth having enabled in my opinion.

to have plex work acceptably… ususally the following work well on asus routers and should work equally as well on others

on the router

disable upnp

set a static reserveration in dhcp for you plex server so it always gets the same address

set a port forward for that address and 32400 or whatever port you want to use (caution make sure you know the port is not being used for other services if you change it)

reboot router

on plex server

under settings - remote access - advanced

set a static port … even if it reports the correct on … in this case 32400

reboot plex server to ensure it picks up its new static address and check its connectivity

because of local and remote caches of this data it may take either a couple reboots or tuning on and off remote access… .the turnaround time is pretty long… and 15 seconds or more are required for all changes to propigate when say turning on and off remote access or changing the port… so let it stew and marinate when you make changes.

plex dancing of certs may be required …

log onto plex.tv and launch your account

delete your server/s device

reset router

reboot plex server

will have to log back in, discover plex server again but this will force a cleanup of routes, certificates etc

@dragonmel Thanks for the observations and contribution.

Or just install asuswrt-merlin firmware that has a good upnp implementation.

first… upnp can be flakey and unstable regardless of the codebase

2 … I use merlin

3 using upnp takes you out of control on what your software is doing and how its doing it… its a lazy mans way of punching firewalls manufacturers had to use because their customers are not smart and they would have huge support call volume because their software cant reach the internet

4 … you have given software coders… like plex… one more thing to break and not work correctly… like this post showing that many people on 1.7.5 are suffering a bug introduced by plex on the latest release that drops the port to 0 and the sever can no longer communicate

ChuckPA Members, Plex Pass, Plex Ninja, Plex Team MemberPosts: 14,050 Plex Team Member July 7 Accepted Answer It's aggravating something but, since my last post, I've chatted with Engineering. They are investing what does appear to be a bug in 1.7.5. PMS maps a port and all is good. During the next refresh of that connection, somehow the port becomes 0 and drops the connection but thinks it's mapped (green). The known work around for now is to switch to manual mapping (manually specify port and do the port forwarding from your modem/router). It will fuss with you as you make it flip over (they are seeing this behavior now) . To quote them: There may be timing issues initially in transition from uPnP to manual selected port but a few browser refreshes and a PMS restart should get it to bed in and as long as you do not touch it - it should be ok

running a specified port would have alleviated this issue all together

5 upnp is weak and a known attack surface that allows programs (including malware) to punch bidirectional holes in your firewall… plain and simple

`Over a five-and-a-half-month period last year, the researchers scanned every routable IPv4 address about once a week. They identified 81 million unique addresses that responded to standard UPnP discovery requests, even though the standard isn’t supposed to communicate with devices that are outside a local network. Further scans revealed 17 million addresses exposed UPnP services built on the open standard known as SOAP, short for simple object access protocol. By broadcasting the service to the Internet at large, the devices can make it possible for attackers to bypass firewall protections.

another excellent excerpt…

OVER 4.1 MILLIONS DEVICES VULNERABLE According to the security researchers, about 38 percent of the 11 million Internet-facing UPnP devices, i.e. over 4.1 million devices, in use are potentially vulnerable to being used in this type of reflection DDoS attack. "The number of UPnP devices that will behave as open reflectors is vast, and many of them are home-based Internet-enabled devices that are difficult to patch," said Akamai security business unit senior vice president and general manager Stuart Scholly. "Action from firmware, application and hardware vendors must occur in order to mitigate and manage this threat."

In all, Rapid7 identified 6,900 products sold by 1,500 separate vendors that contained at least one UPnP vulnerability. Rapid7 CTO HD Moore told Ars home networks that connect UPnP-enabled devices are generally safe as long as the firewall included in the Internet-facing router is enabled and working properly. The problem is that many routers include vulnerable implementations of UPnP, in which case they provide an easy way for attackers to get around that protection.`

the last security cameras that I installed tried to make contact with more than 30 servers in china. I had the mac addresses fully firewalled before I plugged them in… because on top of upnp they can now use peer to peer to tunnel the network firewall even with upnp off.

if people know half of what was going on ‘out on the net’ they would never plug their routers in

you will find zero IT professionals that would allow upnp to run on an edge appliance … its just stupid

I would agree most brand name routers are running out of date code for UPnP and NAT-PMP. For me the only viable implementation for these protocols is pfSense. It allows for use of ACLs with UPnP and NAT-PMP. There are some very legitimate uses for these protocols–mostly with realtime video/audio services and gaming. Outside of those, static port mapping is much more secure.

@dragonmel

What is the meaning and intent of:

@dragonmel said:
4 … you have given software coders… like plex… one more thing to break and not work correctly… like this post showing that many people on 1.7.5 are suffering a bug introduced by plex on the latest release that drops the port to 0 and the sever can no longer communicate

ChuckPA Members, Plex Pass, Plex Ninja, Plex Team MemberPosts: 14,050 Plex Team Member July 7 Accepted Answer It's aggravating something but, since my last post, I've chatted with Engineering. They are investing what does appear to be a bug in 1.7.5. PMS maps a port and all is good. During the next refresh of that connection, somehow the port becomes 0 and drops the connection but thinks it's mapped (green). The known work around for now is to switch to manual mapping (manually specify port and do the port forwarding from your modem/router). It will fuss with you as you make it flip over (they are seeing this behavior now) . To quote them: There may be timing issues initially in transition from uPnP to manual selected port but a few browser refreshes and a PMS restart should get it to bed in and as long as you do not touch it - it should be ok

running a specified port would have alleviated this issue all together

@ChuckPA

The meaning is just that. Why use uPNP or any other mechanism which is susceptible to error or malfunction when manual port forwarding is precise and secure.

I mearly referenced your post to make my point that uPNP failed in that instance and is causing an issue. Nothing more. Nothing less

I very rarely use auto settings when manual settings are an option as it takes someone else’s idea of what i want out of the equation.

Autopilot is great until it fails…