Plex inaccessible from same local network on web app through browser

Server Version#: 1.41.0.8994
Player Version#: 4.140.1

Hi all,

I have a weird one that has me almost pulling my hair out.

I have a Plex server on the local network with remote access enabled as well.

Works:

Outside access through android app
Outside access through browser

Local access from TV
Local access from android app
Local access from Windows Plex App (from windows store)

Doesn’t work:

Local access from any browser (https://app.plex.tv/desktop) it just says Media Server is currently unavailable. WTF? What the hell is happening?

if I go https://192.168.x.x:32400/web/ it works as well but not through https://app.plex.tv/desktop (if I am on another network outside my home network, https://app.plex.tv/desktop works fine).

I tried uninstall and install again, no luck.

Please help!

I have been using Plex for 14 years and have not had this issue ever.

Thank you.

You may be experiencing some form of DNS rebinding protection. See down the bottom of https://support.plex.tv/articles/206225077-how-to-use-secure-server-connections/.

Plex will give you a plex.dirext DNS address for your PMS which will resolve to your local subnet. DNS rebinding protection stops this from working.

Go to https://plex.tv/api/resources?X-Plex-Token=<plextoken> and it will show you the list of remote and local IP addresses it has for your PMS. Refer to the article https://support.plex.tv/articles/204059436-finding-an-authentication-token-x-plex-token/ to find your Plex token.

In the same step you used to find the Plex token it will also give you the plex.direct URL for your PMS in the browser address bar. Copy that, modify it to reflect your PMS local IP and try that in your browser.

The plex.direct URL is what gets returned to your browser when you access Plex via app.plex.tv.

Also try doing a DNS lookup on the local PMS plex.direct hostname to see if any errors are returned.

Hey kesawi,

thank you very much for the response, however, I really didn’t understand what I need to do, apologies

Ok, I will try to break the steps down a little, and I’ve edited my post as I’d missed a step.

You need to find your X-Plex-Token using the steps in this article. It will be a 20 chracter long alpha-numeric string. For example aBcd1234efGHijkl5678. Make sure that you access your PMS through the app.plex.tv address.

You then need to use the token and enter the following URL into your browser https://plex.tv/api/resources?X-Plex-Token=aBcd1234efGHijkl5678, substituting your token for the dummy one given here. This will show the IP addresses that plex.tv has registered for your PMS. Check that your local IP address for your PMS is listed.

Here’s an example of mine:

image1234×405 107 KB

I have two servers, one called MARS and another called plex-test. Under the <Connection> lines it gives the local and remote IP addresses for accessing the servers You’ll see at the end of these lines there’s a flag which will be either local="1" or local="0" which indicates whether it’s a local or remote IP address respectively. I also have a custom URL for my MARS server to get remote IPv6 access working (you won’t have this). It also shows that I have an active Plex Player.

When you found your token by viewing the XML, the URL in the browser was hopefully a plex.direct URL.. It will be in the format https://xxx-xxx-xxx-xxx.32digithexcode.plex.direct:32400/ where xxx-xxx-xxx-xxx is your IP address with the . replaced by a - and the 32digithexcode is a unique 32 digit hexidecimal code assigned by Plex to your PMS, and 32400 is the port used to connect to PMS. This is mine.

image1100×150 18.9 KB

So for example if your local PMS IP address is 192.168.1.10, your remote PMS IP address is 123.123.123.123 and the unique PMS code is bf658e1d611416eba666c369b045b064 then it would appear as either https://192-168-1-10.bf658e1d611416eba666c369b045b064.plex.direct:32400/ for your local PMS IP and https://123-123-123-123.bf658e1d611416eba666c369b045b064.plex.direct:32400/ for your PMS remote IP.

If it isn’t showing that type of address, but just an IP address then you can find the 32-bit hex code for your PMS by examining the SSL certificate of your PMS when you access it directly rather than through app.plex.tv. This guide shows you how to get the details of the SSL certificate for any web server which you can use to get the details of your plex server. The common name (CN) will be your PMS plex.direct subdomain and includes the 32 digit hex code for your PMS. An example for my PMS when I access the local IP via Microsoft Edge Browser below and view the certificate. The PMS plex.direct subdomain is highlighted.

image1002×733 32.1 KB

image534×656 18.3 KB

So, now you know your PMS local plex.direct URL, which keeping with my example here is https://192-168-1-10.bf658e1d611416eba666c369b045b064.plex.direct:32400/ you can post it in your brower and see if it navigates to your PMS. Let us know whether it does or doesn’t work.

A further test is to open a command prompt and type the comment nslookup 192-168-1-10.bf658e1d611416eba666c369b045b064.plex.direct, substituing in your own plex.direct PMS server address.

If it works, it willl return the local IP address of your server, which in this example is 192.168.1.10. If it doesn’t work it will error, which indicates the issue is likely to do with DNS rebinding protection. An example of a successful lookup below.

image718×210 14.3 KB

Based on what outcomes you get from both tests will depend on what is suggested next.

Hi kesawi,

really appreciate you posting in details what I need to do.

So, here we go:

image1920×182 18 KB

After getting my client identifier, I did your steps, and here are the results:

image935×574 13 KB

image938×577 12.4 KB

I did the nslookup on both local and remote IP:

image962×326 66.3 KB

Here’s how my port forwarding on router looks like:

image756×341 30.6 KB

So, I am not sure if there’s anything you can read out from the exercise I did, but I would welcome any suggestion.

Thank you in advance.

Front what I can see it looks like you have DNS rebinding protection enabled on your router.

This is indicated by two things. Firstly the response from the Plex API query returns dnsRebindingProtection="1" which indicates Plex detects that this is likely the case. It also appears to be listing the local IP for your server so devices should be finding it otherwise.

image1711×158 82.4 KB

Secondly the plex.direct local hostname for your PMS is not resolving.

If you use the command nslookup 192-168-0-3.your32digithexcode.plex.direct 8.8.8.8 then hopefully it should return 192.168.0.3. Adding 8.8.8.8 to the end of the command tells nslookup to use the Google DNS server rather than your router. This would confirm that it’s likely DNS rebinding that’s causing the issue.

You could try turning off Enable DNS rebinding protection on your Asus router to check whether this lets you access your PMS locally through app.plex.tv. Step 10 of this link gives you instructions on enabling it, so it’s the opposite to disable it.

I don’t believe you can keep DNS rebind protection enabled under the Asus firmware and add an exception for plex.direct. You can if you are using ASUSWRT-Merlin firmware but that requires a certain level of technical knowledge and you should fully inform yourself of the pros and cons before heading in that direction.

Hi kesawi,

thanks a lot again for the reply.

DNS Rebinding has always been off on my router, it was one of the first things I checked:

While checking rebinding, I realized that a router where my Plex server is connected to has fallen out of ASUS AiMesh. Anyway, I readded the router to the mesh, however, that did not help solve the issue.

I also did the nslookup with Google dns 8.8.8.8 and voila, that resolved the nslookup without any problems.

So, the final solution was to assign Google DNS servers to my main router and voila, everything works as it should. I mean WTF? I had this internet provider for two years, had no issue, and all of a sudden their DNS servers began to cause an issue with Plex? I don’t get it.

image750×168 38.3 KB

So, anyway, now I am able to access Plex through browser via app.plex.tv from internal network.

Thank you for guiding me through this process and thank you for taking your time to respond, kudos to you!

Happy to assist.

Some internet providers enable DNS rebinding protection on their DNS servers. Your provider may have made the decision to adopt it recently which is why it changed overnight.

Personally, I find Google DNS or Cloudflare DNS quicker than my internet provider’s service and have always used that instead.

You may also want to consider enabling DNS Privacy Protocol on your router so that your DNS queries between the router and Google DNS can’t be snooped on or spoofed.

DNS rebinding protection is generally a good thing.
See if there is a list where you can put exceptions, to which the protection doesn’t apply. That’s where the domain plex.direct goes.

I have enabled DNS Privacy Control on the router, everything still works fine:

image756×662 70.9 KB

As for enabling DNS Rebind Protection, I am unable to find the exception list when DNS Rebind Protection is turned on, so I will keep it off until I find a way to create an exception for any URLs I wish to add to the exception list. Had a quick look at Google but was unable to find where this exception list is located.

Thank you guys.

Careful, there is a DNS cache on pretty much every device.
I would hold back my verdict until several days have passed, and/or all involved devices have had a restart.

From what I can see there isn’t with the standard Asus router firmware. You’d need to install a third party firmware such as Asuswrt-Merlin.

You would then need to create a /jffs/configs/dnsmasq.conf.add file as discussed here with the entry rebind-domain-ok=/plex.direct/. You could then enable DNS rebind protection from within the router’s menu but with it now giving an exception for plex.direct.

I’m not familiar with your router and haven’t run Asuswrt-Merlin in a while so I don’t know whether it would impact any other functionality that your router currently has with the factory firmware.

EDIT: As an alternative if you didn’t want to use a third party firmware you could leave DNS Rebind Protection disabled on your router and use OpenDNS Home rather than Google DNS on your router. From the OpenDNS dashboard you would enable DNS rebind protection and then add a web content filtering exception for the plex.direct domain.

Easy way to check, just do a DNS query for some random site that wouldn’t have been visited and therefore won’t be cached.

DoT on the ASUS router is only encrypting the DNS query between the router and the Google DNS server. It shouldn’t interfere with any results returned to the router when it forwards a DNS query from a client.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.