Samsung TV securely connects to only ONE server!

Hey,

I m getting crazy with our TV : Samsung NU7192.

We have 2 Plex servers ; and the TV connects only to ONE of the 2.

All the others Plex clients can connect to both servers.

Both servers have same configurations :

• ipv4
• Plex certificate (no personal one)
• Both certificate appear to present the same caracteristics
• Strict TLS option on (changing it didn’t solve the problem)
• Relay option off (we don’t want to use this to solve the pb)
• Secured connexions : mandatory (we don’t want to use ‘prefered’)

The server (wich is detected by the plex client on the TV and successfully connected) is on the exact same network with the TV

The other one is in another network but ports are open on the router/firewall (mooving of network isn’t easy)

WHY the TV client does connect in a secure way to only ONE server ??

Any idea ?

Thanks !

Hey ; any idea @ChuckPa or anyone ? Thank u

@Seb_stien

I see one server on your account.
I also see one shared server.

Have you checked with that other server owner?

Hello @ChuckPa

Yeah my server is the one in another network

The shared server I have access to is the one on the exact same network

We (both owners) use the same TV and did the previous observations

@Seb_stien

“In another network” ?

I see your server in the 192.168.3.x subnet
I see the shared server in the 192.168.1.x subnet

Info: Network broadcast packets (apps looking for servers on the LAN) do not cross subnet boundaries.

Which subnet is the Samsung TV on?

Is it necessary to use two subnets ? I put all players and servers on the same subnet.

Tv is in 192.168.1.X

Unfortunately yeah I need to keep my server in the other subnetwork

It is not a problem for other devices which connect correctly to both servers from 192.168.X…

And the Tv can connect to my server when i use the unsecure (http) mode

But I don’t want it and the tv does connect in secure mode to the server in the same network (but only to this one ; i guess the certificate validation fails with mt server ? but if so, I can’t understand why)

Plz help me @ChuckPa

@Seb_stien

Which subnets & netmasks are you using?
Which subnet is the TV on?
The server is on 192.168.1.x/24 ?

my server : 192.168.3.x/24

Shared server : 192.168.1.x/24

Tv : 192.168.1.x/24

@Seb_stien

Do you see the bitmap / netmask change you can make ?

192.168.0.x on a /24 == 192.168.0.x only
192.168.0.x on a /23 == 192.168.0.x and 192.168.1.x (subnet is wider)
192.168.0.x on a /22 == 192.168.0.x, 192.168.1.x, 192.168.2.x, 192.168.3.x

Presuming you don’t have routers between TV and PMS server,
All you need to do is change the PMS server HOST (’ .3’ ) netmask to /22 instead of /24

It will now see the .1 subnet as the same subnet and not Remote.

If you do have routers / switches with tagged vlans then a fair amount of work will need be done.

Alternative: Move your server to 192.168.0.x/23

If you have a DHCP server and make an IPreservation for the TV, you can also set its Netmask in that reservation (VERY easy to do and more effective)

FYI: RFC-1918 addresses (e.g.192.168.1.1) are not publicly routeable so they are perfectly safe to fully disclose (my server is 192.168.0.20, along with others on my LAN)

Yeah but my network is separed with distincts subnetworks volontary

And needed protocols/ports are open on the firewall for Plex

Why the Tv can connect safely only to a server on the same subnetwork ?

Broadcast packets do not cross subnet boundaries.

Did you open (cross-network forward rules) for all PMS ports listed here?

(The UDP is the most important for discovery. Plex clients then use the TCP ports for all other operations)

https://support.plex.tv/articles/201543147-what-network-ports-do-i-need-to-allow-through-my-firewall/

This (pfsense) rule allows the non-server subnet to pass through the firewall (pfsense which manages all subnets) to get to the server.

Note the ports

Screenshot from 2025-11-15 15-33-551229×1168 103 KB

This rule, applied to the subnet where the PMS server is, would allow other clients (different subnets, eg DMZVTOR in this case) to pass through to reach PMS.

Interesting but not clear for me why it would be a network problem as :

• the TV is able to connect to my server on the other subnetwork when i use unsecure parameters on the server & tv If mandatory, these UDP ports should be needed for unsecure connections aswell ?
• other equipements (like a smartphone) on the Tv subnetwork is able to connect on a secure way to my server

Let me back up.

Is the problem because you’re manually specifying the Manual Server (IP address) and only able to connect using http:// ??

If so, you can’t use https://LAN.IP.of.Server (IPv4 addresses do not have certificates. Only FQDN’s have certificates. You can’t have HTTPS without a certificate)

What PMS does..

1. HTTP://LAN.IP.of.Server makes initial connection
2. PMS looks at the client (signed in)
3. PMS itself is signed in
4. Connection is reconnected using HTTPS . It will still show HTTP

Think I need more info here. Please advise

No Manual Server (IP address) configured.

Just servers and tv signed in with plex account.

I summerize :

• TV : Samsung NU7192.
• TV connects with secure connection to the shared server in the same network with the TV
• TV connects to my server (on distinct subnetwork) ONLY when using unsecure connection (config in the tv player and « Secured connexions » set to ‘prefered’ in my server)
• All the others Plex clients can connect to both servers with secure connection
• port tcp 32400 is open on the router/firewall

When using a secure and normal config, both servers have same configurations :

• ipv4

• Plex certificate (no personal one)

• Both certificate appear to present the same caracteristics

• Strict TLS option on (changing it didn’t solve the problem)

• Relay option off (we don’t want to use this to solve the pb)

• Secured connexions : mandatory (we don’t want to use ‘prefered’)

what’s the router you’re using to instantiate/control the subnets?

Which subnet(s) does it create ?

What do you mean by “shared server” ?
– is it one shared with you which comes into your LAN via VPN ?
– is it a server you use for sharing media with the main kept strictly private ?

Here is a view :

                      +-----------------------------+
                      |        INTERNET BOX         |
                      |  Public : xxx.xxx.xxx.xxx   |
                      |  Private: 192.168.1.1       |
                      +--------------+--------------+
                                     |
                           Network: 192.168.1.0/24
                                     |
               +---------------------+---------------------+
               |                                           |
       +-------+-------+                          +--------+--------+
       | SHARED SERVER |<-- HTTPS -- SUCCESS ---->|      TV          |
       | 192.168.1.x   |                          |   192.168.1.x    |
       +---------------+                          +------------------+
                                                            |   \
                                                            |    \
                                                            |     \
                                                            |  HTTPS (FAIL)
                                                            |  --> MY SERVER
                                                            |
                                                            |HTTP(SUCCESS)
                                                            |--> MY SERVER
                                     |
                                     |
                              +------+------+
                              |  ROUTER / FW |
                              | 192.168.1.x  |
                              |   NAT  ON    |
                              | 192.168.3.x  |
                              +------+------+
                                     |
                           Network: 192.168.3.0/24
                                     |
                            +--------+--------+
                            |    MY SERVER    |
                            |   192.168.3.x   |
                            +-----------------+

“Shared server” is my friend’s server ; who shared librairies with me ; no VPN. Tv is signed on with my account.

Router/FW is reallized by a Debian/iptables ;

For me it shouldn’t be a routing/fw problem as HTTP connexion from TV to My Server is OK ;

Maybe a certificate or configuration issue as the TV is not able to manage the HTTPS with My Server but is able to manage it with the Shared Server …

It s really a mystery to me

Does this make things clearer for you? @ChuckPa