Server Version: 1.42.2.10156-f737b826c
Player Version: Web Interface (latest)
Debug Logging: Enabled (not verbose)

Request for Admin/Expert Review: Server Claimed but All Tokens Return 403 Forbidden

Requesting assistance from a Plex administrator or expert who can review account-level permissions, as this appears to be an account authentication issue rather than a server configuration problem.

Problem Summary

After migrating a Plex Media Server (working perfectly for years) to new hardware, the server successfully claims to the account via proper API procedures, but all authentication tokens returned have zero permissions - every plex.tv API call returns 403 Forbidden, making the server completely inaccessible through the web interface despite being claimed.

Current State

What Works:

• Server claims successfully via /myplex/claim API (returns HTTP 200)
• Server reports claimed="1" in identity endpoint
• Server responds to local API calls
• All 19 libraries accessible via local API with authentication token
• MyPlex response shows signInState="ok", mappingState="mapped", subscriptionActive="1"

What Doesn’t Work:

• Web interface access: “Not authorized - You do not have access to this server”
• All plex.tv API calls return 403 Forbidden:
  • https://plex.tv/api/v2/server/users/features → 403
  • https://plex.tv/api/v2/server/access_tokens → 403
  • http://localhost:32400/myplex/account?X-Plex-Token=TOKEN → 403 (even basic account info)

Platform Details

• OS: Linux (Debian-based)
• Installation: Standard APT package
• Network: Standard local network, no VPN/proxy
• Subscription: Active Plex Pass
• Libraries: 19 libraries, all intact from previous server

Detailed Troubleshooting Performed

Attempt 1: Standard API Claim Process

Steps:

1. Backed up Preferences.xml

2. Stopped Plex Media Server

3. Removed authentication attributes: PlexOnlineToken, PlexOnlineUsername, PlexOnlineMail

4. Obtained claim token from https://www.plex.tv/claim

5. Exchanged via API:

   curl -X POST https://plex.tv/api/claim/exchange?token=CLAIM_TOKEN \
     -H "X-Plex-Client-Identifier: PROCESSED_MACHINE_ID"
   

6. Received full XML response with authToken

7. Updated Preferences.xml with credentials

8. Corrected file permissions (chown plex:plex)

9. Restarted server

Result:

• Server claimed successfully

• Immediate 403 errors in logs:

  ERROR - MyPlex: Error 403 requesting XML from:
    https://plex.tv/api/v2/server/access_tokens?auth_token=xxxx
  ERROR - MyPlex: Couldn't get list of access tokens from myPlex.
  

Attempt 2: Local Network Access Configuration

Steps:

1. Added allowedNetworks="127.0.0.1,LOCAL_NETWORK/24" to Preferences.xml
2. Restarted server
3. Attempted access via local IP with LocalAdminToken
4. Tested web access from same subnet

Result: Still “Not authorized” despite proper network configuration

Attempt 3: Multiple Complete Unclaim/Reclaim Cycles

Steps performed 3 times:

1. Stopped server

2. Completely removed all auth attributes from Preferences.xml

3. Restarted server (verified claimed="0")

4. Generated fresh LocalAdminToken

5. Obtained new claim token from plex.tv/claim

6. Used LocalAdminToken to claim:

   curl -X POST "http://127.0.0.1:32400/myplex/claim?token=CLAIM_TOKEN" \
     -H "X-Plex-Token: LOCAL_ADMIN_TOKEN"
   

7. Received HTTP 200 OK with complete MyPlex XML response

8. New authToken created

Result (all 3 attempts):

• Claim succeeds (HTTP 200, proper XML response)
• Server shows claimed="1"
• But authToken has zero permissions - all API calls return 403

Attempt 4: Account Device Cleanup

Steps:

1. Logged into plex.tv account
2. Removed ALL authorized devices from account
3. Signed out everywhere
4. Completely unclaimed server
5. Obtained fresh claim token post-cleanup
6. Claimed server with new token

Result:

• Same issue persists
• New tokens still have no permissions
• 401/403 errors continue

Log Evidence

Successful Claim Response:

<MyPlex authToken="[TOKEN_RECEIVED]"
        username="[ACCOUNT]"
        mappingState="mapped"
        mappingError="publisherror"
        signInState="ok"
        subscriptionActive="1"
        subscriptionState="Active">

Server Identity Confirms Claimed:

<MediaContainer claimed="1"
                machineIdentifier="[ID]"
                version="1.42.2.10156-f737b826c">

But Consistent Log Errors:

ERROR - MyPlex: Error 401 requesting JSON from:
  https://plex.tv/api/v2/server/users/features

ERROR - MyPlex: Error 403 requesting JSON from:
  https://plex.tv/api/v2/server/users/features

ERROR - MyPlex: Error 403 requesting XML from:
  https://plex.tv/api/v2/server/access_tokens?auth_token=xxxx

ERROR - MyPlex: Couldn't get list of access tokens from myPlex.

Token Completely Unusable:

# Even basic account info fails
curl "http://localhost:32400/myplex/account?X-Plex-Token=AUTH_TOKEN"
# Returns: <h1>403 Forbidden</h1>

Technical Analysis

The pattern suggests an account-level permission issue rather than server configuration:

1. Claim process works correctly:

   • Proper HTTP 200 responses
   • Valid XML with all expected fields
   • Server reports as claimed
   • Tokens are created

2. But tokens lack ALL permissions:

   • Cannot access /api/v2/server/users/features
   • Cannot access /api/v2/server/access_tokens
   • Cannot access /myplex/account
   • Cannot perform ANY plex.tv API operations

3. Local operations work fine:

   • Server healthy and responding
   • Libraries accessible with token locally
   • No network/firewall issues

Questions for Plex Team

1. Account-level restrictions: Could removing all authorized devices have triggered some account security lockdown?

2. Token permissions: Why would tokens obtained through proper claiming (with HTTP 200 success) have zero API permissions?

3. API 403 pattern: Is there a known issue where migrated servers receive tokens without proper permission scopes?

4. Recovery method: How can an account be reset/verified to ensure tokens receive full permissions?

Additional Context

• Library worked perfectly for years on previous hardware
• Only hardware/OS changed - library structure identical
• No unusual network configuration (no VPN, proxy, or firewall issues)
• Account in good standing with active Plex Pass
• Problem persists across multiple fresh claim attempts
• Even brand new tokens after device cleanup show same issue

Request

Could a Plex administrator please review the account to identify why authentication tokens are being created without proper permissions? This appears to be an account-level issue that cannot be resolved through standard claiming procedures.

Thank you for any assistance!

The preferences.xml file contains a unique machine identifier for the server you are running. Copying the file over to a new server will not work. A couple of options.

Manually:

1. In Authorized Devices, delete the server (if listed)

2. Stop PMS on the server

3. Rename preferences.xml to preferences.bu

4. Start PMS

5. Login and re-claim the server. http://pms-ip-address:32400/web

Or, use the User Credential Reset Utility

@darganbright56 i have already try everything (manual,script), even completly reinstall from sratch by removing complete /var/lib/plexmediaserver. It always stuck on “Not authorized

You do not have access to this server.

You may be able to claim it by choosing “Open Plex…” from the Plex menu in the macOS menu bar or Windows system tray. For more troubleshooting tips, see our .”

I think there is something wrong on my account

Thanks for help

@darganbright56 Thank you for your response!

I have already performed all the steps you mentioned:

1. Authorized Devices:

• Removed all authorized devices from my Plex account before attempting to reclaim

2. Fresh Installation:

• Performed a complete Plex Media Server reinstall from scratch (not just renaming preferences.xml)
• This created a brand new preferences.xml with a new machine identifier: 04e162c17ded62e5a889ac25ed0f8661319fa282

3. User Credential Reset Utility:

• Successfully used the UserCredentialReset tool from GitHub - ChuckPa/UserCredentialReset: User Credential Reset utility for Plex
• The tool completed without errors and confirmed my username/email

4. Multiple Claim Attempts:

• Successfully claimed the server multiple times using fresh tokens from plex.tv/claim
• Server shows claimed="1" when querying the identity endpoint
• Claim API returns HTTP 200 OK with an authToken

Current Problem:

Despite all these steps, I still get “Not authorized - You do not have access to this server” when accessing via web interface.

The logs show persistent HTTP 403 errors on the Plex API:

ERROR - MyPlex: Error 403 requesting XML from: https://plex.tv/api/v2/server/access_tokens
ERROR - MyPlex: Couldn't get list of access tokens from myPlex.

Summary:

• Server is claimed successfully (claimed=“1”)
• AuthToken is generated and stored in Preferences.xml
• But the token lacks permissions to access Plex APIs (403 Forbidden)
• This prevents web access despite technical claim success

This persists even after:

• Complete fresh reinstall
• Waiting over 1 hour for rate limiting to expire
• Multiple reclaim attempts with fresh tokens

Could this be an account-level restriction or issue that requires Plex Support intervention?

Hopefully, @ChuckPa will be checking in and can offer some assistance.

I expect that he will want to see server logs. Post the logs here if possible.

@ChuckPa Hello, here is the informations:
Server Information

Plex Media Server Version: 1.42.2.10156-f737b826c
Platform: Linux (Debian 12 Bookworm)
Machine Identifier: 04e162c17ded62e5a889ac25ed0f8661319fa282
Plex Pass: Active

Server Status:

• myPlexMappingState=“mapped”
• myPlexSigninState=“ok”
• myPlexSubscription=“1”
• Server is claimed (claimed=“1” confirmed via /identity endpoint)

Problem:
Despite successful claim, receiving “Not authorized - You do not have access to this server” when accessing via web interface (app.plex.tv).

Relevant Log Excerpts (Last 100 lines filtered)

Persistent 403 Errors on Plex APIs:

Oct 16, 2025 17:11:33.495 [127497158650680] DEBUG - [HttpClient/HCl#21] HTTP/1.1 (0.0s) 403 response from GET https://plex.tv/api/v2/server/access_tokens?auth_token=xxxxxxxxxxxxxxxxxxxx (reused)
Oct 16, 2025 17:11:33.495 [127497150184248] ERROR - MyPlex: Error 403 requesting XML from: https://plex.tv/api/v2/server/access_tokens?auth_token=xxxxxxxxxxxxxxxxxxxx
Oct 16, 2025 17:11:33.495 [127497182534456] ERROR - MyPlex: Couldn't get list of access tokens from myPlex.

Oct 16, 2025 19:31:38.575 [127497158650680] DEBUG - [HttpClient/HCl#65] HTTP/1.1 (0.0s) 403 response from GET https://plex.tv/api/v2/server/users/features (reused)
Oct 16, 2025 19:31:38.575 [127497150184248] ERROR - [Req#2c] MyPlex: Error 403 requesting JSON from: https://plex.tv/api/v2/server/users/features
Oct 16, 2025 19:31:38.575 [127497109564216] WARN - [Req#2c] FeatureManager: Couldn't get features. Trying again soon.

Oct 16, 2025 19:42:29.429 [127497158650680] DEBUG - [HttpClient/HCl#6a] HTTP/1.1 (0.1s) 403 response from GET https://plex.tv/api/v2/server/users/services?auth_token=xxxxxxxxxxxxxxxxxxxx
Oct 16, 2025 19:42:29.430 [127497150184248] ERROR - [Req#2c/ViewStateSync] MyPlex: Error 403 requesting XML from: https://plex.tv/api/v2/server/users/services?auth_token=xxxxxxxxxxxxxxxxxxxx

Previous Rate Limiting (429) - Now Resolved:

Oct 16, 2025 13:43:18.589 [126697335339832] DEBUG - [HttpClient/HCl#8b] HTTP/1.1 (0.2s) 429 response from POST https://plex.tv/servers.xml?auth_token=xxxxxxxxxxxxxxxxxxxx
Oct 16, 2025 13:43:18.589 [126697309518648] DEBUG - MyPlex: Published Mapping State response was 429
Oct 16, 2025 13:43:18.589 [126697309518648] WARN - MyPlex: Invalid response when mapping state (code=429)
Oct 16, 2025 13:43:18.589 [126697309518648] DEBUG - MyPlex: mapping state set to 'Mapped - Not Published (Bad Response)'.

(Note: The 429 errors occurred earlier during multiple claim attempts but have since stopped. The 403 errors persist.)

What Has Been Tried

1. Complete Fresh Reinstall:

   • Removed Plex completely and reinstalled from scratch
   • Created brand new Preferences.xml with new machine identifier
   • No migration of old files

2. User Credential Reset Utility:

   • Used ChuckPa’s UserCredentialReset tool successfully
   • Tool completed without errors

3. Multiple Claim Attempts:

   • Claimed server 7+ times with fresh tokens from plex.tv/claim
   • Each claim returns HTTP 200 OK
   • Server shows claimed=“1”
   • AuthToken is generated and stored in Preferences.xml

4. Authorized Devices:

   • Removed all authorized devices from Plex account before reclaiming

5. Wait Period:

   • Waited over 1 hour for rate limiting to expire
   • Rate limiting (429) errors have stopped
   • But 403 errors persist

Current State

Server is claimed but token lacks API permissions:

• Server responds to /identity endpoint with claimed=“1”
• LocalAdminToken works for local access
• Claim API returns HTTP 200 OK
• AuthToken is present in Preferences.xml
• AuthToken gets 403 Forbidden on all Plex APIs
• Cannot access via app.plex.tv (shows “Not authorized”)

The pattern: The claim process succeeds technically, but the generated authToken doesn’t have permissions to access Plex’s v2 APIs (access_tokens, users/features, users/services).

This appears to be an account-level or token permission issue that persists even after fresh installation.

Question for ChuckPa

Could this be related to:

1. Account restrictions after multiple claim/unclaim cycles?
2. Token permission scope issue during claim process?
3. Something that requires Plex Support intervention to reset account status?

Any guidance would be appreciated!

forget to say that server is on hetzner also ( Trouble with Installation on Hetzner CPX Instance )

is hetzner still blocked?

Yes, it is.

what the hell why?

It happened two years ago. Search the forum or google it. You’ll find the details.

Bottom Line: The block exists. It is not going away. Host Plex elsewhere.

i’m frustrated that i cannot use a product that i’ve paid for lifetime the way i want, anyway i’ve fixed this limitation with a crappy vpn on my server and it work.

Thanks for help

See Not Allowed to use Hetzner