Re-installed Plex- Not authorized You do not have access to this server

Server Version#: 1.27.1.5916-7000
Player Version#: N/A

Hi- have been a plex pass subscriber for a few years with no issues. I run Plex on 2 synology NAS on 2 continents and sync the data files using synology sync

This weekend I rebuilt one NAS and mistakenly mirrored the Plex app folders as well. Chaos ensued as both NAS thought they were the same Plex server. I deleted all the data in the Appdata folder on both NAS and reinstalled the latest Plex build for synology 64bit on them. The result is I am locked out of both NAS and after authenticating with my PIN receive message that says

Not authorized

You do not have access to this server

I have checked the Preferences.xml file and there is nothing about user, media home server of the other things that solutions show online. I’m stumped and logged out of both of my servers, Help appreciated, Happy to post logs but don’t know the protocol

Open https://app.plex.tv/desktop

Now go to settings - Authorized Devices
Change the ALL (dropdown) to SERVER

You’ll see the server you duplicated.
REMOVE the one you don’t want.

Before closing the tab, SIGN OUT of Plex/web (upper right)

On the synology which you accidentally duplicated the Preferences.xml on,

1. Uninstall the app (KEEP what’s there)
2. Install the SPK again.
   – Use the “Plex Claim Token” option
   – Click “Get Plex Claim Token” hyperlink
   – It will open a new tab in your browser
   – COPY that claim token
   – RETURN to the installer page
   – PASTE the token in the small window on the installer menu (the token’s value)
   – NEXT NEXT NEXT and it will start installing.

Installing & claiming adds 15-30 seconds to the install time.
(it negotiates new credentials for the NAS)

When it finishes, Open it by the LAN IP .
DO NOT USE QuickConnect (The QuickConnect domain name used by Synology interferes with initial claiming security)

Thanks for the quick reply. When I look at Authorized devices I do not have an options for SERVER, just for All, Apple TV, iOS, other and web. Any thoughts?

Did you remove/delete both BigPapa servers ?

Hi- I deleted both local installs, one on each NAS, and have reinstalled the latest spk on both NAS. All the app data files were deleted prior to re-installing as I suspected I had copied all the metadata, and did not mind losing history et al

When I ran the new install it asked me to authenticate as a home user on my account before giving the perms error. It does not ask me to auth my plex account and link the server install to my account. I am only accessing the local server by it’s IP address, which gives me the error. I see no servers in my plex.tv account

Are either of the two machines on the same subnet as you ?
Are all machines on RFC-1918 compliant subnets?

If not, because of how PMS works on Synology, we’ll need to make a manual edit to Preferences.xml then do all the work in an incognito browser window

Each machine is on it’s own subnet, and I have an SD-WAN so am able to access both locally.

One is for sure RFC compliant- 192.168.1.0/24

Second is 192.168.40.0/24 so I think compliant as well

My degree is in computer science, okay to edit files, etc

All 192.168.x.x are RFC-1918 compliant.

The ranges are: 192.168.x.x, 10.x.x.x, and 172.16.x.x → 172.31.x.x

You having them on different subnets is creating the problem.

The PMS machine, being on a different subnet than you, sees you as “remote” and will not allow claiming.

That software-defined WAN clearly is pushing things OUT of your LOCAL LAN space.
If anything, you want SD- LAN (not WAN).

It’s been my experience (I was also that way in school), comp-sci doesn’t include networking to the level needed

For the purposes of getting these machines working again, you can trick them all into thinking they’re on the same LAN —OR— use SSH tunnel.

If you were to make all subnet masks: 255.255.0.0 —

1. All machines would think everything else is “local”.
2. your routers and switches would handle the actual moving of traffic.

I do not know how your SD-WAN will react.
Personally, I hate that crap because when it fails… you have to get hands-on to fix it.
It’s been my experience that setting up a VPN tunnel between the sites works regardless the topology.

• your local traffic is routed down the tunnel as needed
• when it arrives on the other side, it’s mapped to a local LAN address.
• replies are sent to your local address – which gets mapped back to tunnel
• Transits the tunnel and exits as your true local address.

The alternative…

1. SSH tunnel into the machine
   e.g. ssh -l username -L 8888:127.0.0.1:32400 IP.addr.of.syno

2. In incognito browser window
   http://127.0.0.1:8888/web

If the syno complains of port forwarding being administratively disabled, you can enable it in /etc while in the SSH session then restart sshd (and the session) and you’ll be good to go.

Using SSH tunnel is the safest course of action . it requires no changes to any existing networking.

Thanks that makes sense, shoulda taken the networking elective instead of operating systems…

One thing though- I am on the same LAN as one of the servers now and yet it doesn’t try to link to my account. Also I am confused as both machines worked great prior to deleting the installs with my site to site vpn. Nothing changed other than me deleting the installs of the servers

Feels to me like I have bad keys on ~/.ssh but I cannot edit or delete them or force the new key to be generated.

Will try the ssh approach that you mention above and report back

If you fail to achieve success,

stop PMS
manually make a ZIP of the Logs directory and attach please.

EDIT:

I did the follow-on work for a full C.E. (Computer Engineering) which includes HW and SW (OS, drivers, system apps, and all the hardware to make it happen). As part of that, the networking turned out to be invaluable.

Okay had some time and did the ssh method above. Looked good in that I got asked to auth to my plex account on plex.tv but then it just sat there hung with gray background and spinning yellow circle. So I guess that failed. Will leave it running for a while just in case it’s just taking more time than I would expect. Trying to launch plex via a regular browser still leads to the Not authorized message

In the meantime, here are my logs from the NAS where I attempted this approach
Logs-2.zip (264.0 KB)

Ah I failed to stop before pulling logs above, here is another pull after stoping pms

Logs-5.zip (265.7 KB)

hah funny, for unrelated reasons I reset/wiped one NAS and when I set up Plex there just to see it worked first try. So halfway back I suppose. It seems pms uses some id or key from the Synology and assumes it knows but has not authorized the NAS, and that the reset changed that so that it did not assume it knew the NAS and correctly ran the auth process. Any advice on how to resolve other NAS with logs above appreciated, that one is a production system and reseting is not a good option

Hey how’s it going besides the Plex

I took a look at your Logs-5, and your PMS gets:

• an IP addr of 192.168.1.2
• a network interface called bond0

Jun 30, 2022 10:56:47.375 [0x7fb7906dc0d0] DEBUG - Detected primary interface: 192.168.1.2
Jun 30, 2022 10:56:47.375 [0x7fb7906dc0d0] DEBUG - Network interfaces:
Jun 30, 2022 10:56:47.375 [0x7fb7906dc0d0] DEBUG -  * 1 lo (127.0.0.1) (00-00-00-00-00-00) (loopback: 1)
Jun 30, 2022 10:56:47.375 [0x7fb7906dc0d0] DEBUG -  * 5 bond0 (192.168.1.2) (00-11-32-B4-1B-E9) (loopback: 0)
Jun 30, 2022 10:56:47.375 [0x7fb7906dc0d0] DEBUG -  * 1 lo (::1) (00-00-00-00-00-00) (loopback: 1)

Jun 30, 2022 10:56:47.377 [0x7fb78c1aab38] DEBUG - NetworkService: Browsing on interface 192.168.1.2 on broadcast address 192.168.1.255 (index: 1)

Later you try to connect to the NAS over http (good!) but

• The client IP address is 192.168.40.226 – oh no
• and that’s treated as WAN
• claiming over WAN is not allowed.

Jun 30, 2022 11:03:32.002 [0x7fb78c090b38] DEBUG - Request: [192.168.40.226:51759 (WAN)] GET /web (3 live) GZIP
Jun 30, 2022 11:03:32.002 [0x7fb78c750b38] DEBUG - Completed: [192.168.40.226:51759] 302 GET /web (3 live) GZIP 0ms 283 bytes (pipelined: 1) -> http://192.168.1.2:32400/web/index.html#!/setup/f8d9f76eae7dcef64f3a0af5e1c01eca36b2d602
Jun 30, 2022 11:03:32.193 [0x7fb78c090b38] DEBUG - Request: [192.168.40.226:51759 (WAN)] GET /web/index.html (3 live) GZIP

The good news, I think you can fix it with some JB Weld.

Thanks for looking, huh maybe the ssh tunnel did not work as I hoped for claiming the server. The tunnel was set up but it just hung

I connected via vpn earlier today and was definitely on the same subnet. It attempted to auth the server and after it ran the process the server was not in my account. Will likely try that again, possibly with a clean plex install

SSH tunnel does not “hang” unless there is a connectivity issue.

When you claim the server

curl -X POST 'http://127.0.0.1:32400/myplex/claim?token=PASTE_TOKEN_HERE'

It will take 15-30 seconds for PMS and Plex.tv to handshake and establish new credentials. curl will wait until PMS replies.

When PMS is complete with its Plex.tv exchange, you will get

1. An error code
   -or-
2. A block of XML flags. ( These are your account feature flags )

This is predicated on previously clearing out PlexOnlineUsername, PlexOnlineMail, PlexOnlineToken, and PlexOnlineHome from Preferences.xml (with PMS stopped while editing)

Thanks for the curl command and edit instructions above. The tunnel did not hang, the browser did as it accessed plex through the tunnel

Will try the above, to clarify - am I typing in a plex token where you have PASTE_TOKEN_HERE above?

@B_Dick

When you’re in the shell, with the SSH command,

In another browser tab: Claim | Plex

It will present you your Plex Claim Token.

COPY that into your browser clipboard

Now return to the SSH window,

PASTE that token string where I’ve indicated PASTE_TOKEN_HERE.

The token from plex.tv will expire in 5 minutes so don’t waste time

Thanks, the claim token and curl command resolved my issue, and both plex instances are up and running again

Thank-you!!!