Server Version#: 1.14.1.5488
repeatedly get ‘unable to claim server’http://127.0.0.1/web/index.html , and claiming againplex.tv using nslookup. I am able to get to plex.tv in a browser. Logs have curl error 28
That link didn’t work. (google rarely does)
sudo tar cfz /tmp/Logs.tar.gz "/var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Logs"
Attach that zip.
Before you do this:
Stop PMS
sudo chown -R plex:plex /var/lib/plexmediaserver sudo rm "/var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Preferences.xml" Start PMS
Open http://127.0.0.1:32400/web
I had a similar issue and resolved it by logging into my plex account from http://127.0.0.1:32400/web as mentioned
ChuckPa
January 21, 2019, 12:42am
6
@HiRez_L
You have a problem with PMS being unable to verify the MAC address of your machine.
Jan 18, 2019 01:41:11.385 [0xb460d780] ERROR - CERT: PKCS12_parse failed: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
Jan 18, 2019 01:41:11.385 [0xb460d780] ERROR - CERT: Found a certificate, but couldn't install it.
Verify Ubuntu itsseslf is up to date on all updates.
I will caution you now, The CPU you are attempting to use is 17 years old. Any sense of compability will be limited at best
I suspect, it’s missing the required CPU instructions needed to decode the certificate. properly or it’s libraries are just not compatible enough
OK if the hardware is just too old, we will scavenge some newer hardware somewhere and start again.
you want a 64 bit capable CPU.
My working PMS is running on a 12 year old 2 core 3.2GHz Pentium D, so clearly it will work on older hardware. It is 64 bit, though.
HiRez_L
January 21, 2019, 7:02pm
10
Doing a little research, the mac verify failure does not seem to be hardware related, but instead a bug specific to linux openssl when using certs without passwords.
opened 03:27PM - 22 Aug 16 UTC
closed 12:12PM - 31 Jan 20 UTC
bug
area-System.Security
help wanted
If you have a PKCS#12 file which is not protected with a password, and which doe… s not have a MAC entry, opening the file will work on Windows but fails on Linux and Mac (which use OpenSSL).
The following program reproduces the behavior:
```
using System;
using System.IO;
using System.Security.Cryptography.X509Certificates;
namespace ConsoleApplication
{
public class Program
{
public static void Main(string[] args)
{
byte[] rawData = Convert.FromBase64String(
"MIACAQMwgAYJKoZIhvcNAQcBoIAkgASCA+gwgDCABgkqhkiG9w0BBwGggCSABIID6DCCBRUwggURBgsqhkiG9w0BDAoBAaCCBMAwggS8AgEAMA0GCSqGSIb3DQEBAQUABIIEpjCCBKICAQACggEBAJ9Iw1KuIXuQBnQA3GvlPu2yvXZU8BbM6yBwuypsUdOk4isb8S2+CI/p3Ez8yWMb+HZLQ1QBXDvk2VzZUIJH+xY1oWqu7Hvo9iADkltKbfZ1yjfG5Dy7FatNnVHlGoq7HTK9WlxEVZutrHdpBKHNdHWoXr0xqxS4YtcXnnBZMLlDpVhxUJ6L/X0WRHY52QcLp6ZYfAObU1+l+Ihh7OVP1r8c0HmIH+qL3FaQplhrNjFr6qrCarA42DZjcgShuNOfuvhEJejmgOL7QS0j8h2sT/Fa5oDNwRNJV5vrni8GPbjd4Sbch+90+Oz39tyO8ecvIsKKak67oUbR80EyXNjb0eMCAwEAAQKCAQA8C/AmQSK6NAdav+BYhGl+rj0iWM7RqZqR9i14xrDqOmRQoA4Bknwj1KOKGlnJFQhLf//3sTOWGKWgjQP+uSf8rWcWkq7v31i5pN8NrzdZC/qZoE72XgjDNVUzRE0HM5bERAHGerRTJdu4gEyQuqVGnZxpcknuW7xXHb5K2DS4AiIDfkU9iqkUxa/hEG4HpueBgXv14oRa5z4hPzTbiIcej18f1n3IJA1SsATZ3RjU5B52ni/lYALufdnAJeBycLDU9m7UbqTfXSpb2uWM9yJKCOALHQZzE50/pW3DRQpdfbkoaMucoHqUSsLSbTLkYduHoxb9Bi7A6tgRTQFtOvfhAoGBANC639cEiE4xScrD3s9A/5/8pRoN8ojLEVDk44igGMHz+usHfxxp8YQvmYd5US1P6qPAX1scHKqHDbokd7aDh/5L7TKlwxo+iv7aOPQWJbpEmtsXASsMYfKneifUUxA47GtEYLHQ9Yy3kAratTaHH9K3a6x3wbsk815p77hlRygbAoGB" +
"AMNbRSmmx/53b1YV6LxOuxzRSyCP5qYswlG2i7H6A+MLmUnxYurFvSptk+vEngmbOJW9rd49bHrK6PUtKBNYLxRWjRUtkgK2Z9PQguc8GD0W7SjHZafpFPETVdKxIVP6a18RB5jNvIuOPA8Z09/Kh80dw9dEPXs1EFQubxEFQ6nZAoGAOZsJgcb/c00JB4vNJzfSFK5eRnWI9RXOHpw864z7qDOUkV7NRuM6Q3f7kDb8H1xJ7o1+A6AbjTieojvESju8wYLk4LB8yvZt1+4T/9FI8kJS1ppfuSi+s4BjJzDjB7weC3CgmxKHYiGbAFPh5T2fm8EBV2Tps6N8AxeLkEFrBIID6ET3AoGAWmveYV7+5rtlXxUY+j/+v2HoBIIBMUIUGRAFW5PyyEoCjNYEQllFTyGXkO0YdwUDppqPq+szNkzNZW6YiKci1Y/Om0vwm7CXvSNgRkJ2GoDpAdcUy4S6dkT3z2eeKXUx41k5aYVBHqENaR23IfljXPwShDTeeA0lWseyUfKE44efRihRAoGAYn+PAVLDWmSKMm6rJDbJne12NYviqOa6n3ZJg0N9I8o0C/xFX1o/IzJF0EPdyVlCj/laIYoUX3O1P5I8YeubcR/JvY/LnCMutgsWlkdbz5c9gfbFVaEXXQPFyKuSaMea6pn+kv9EYtVfgiQ4rZ4aZwe0CWkzfDvIE6AGYgMICMIxPjAXBgkqhkiG9w0BCRQxCh4IAGMAZQByAHQwIwYJKoZIhvcNAQkVMRYEFO3z0SLPYjzwz8nNImJh6EFag+YwAAAAAAAAMIAGCSqGSIb3DQEHAaCAJIAEggPoMIIGETCCBg0GCyqGSIb3DQEMCgEDoIIFvDCCBbgGCiqGSIb3DQEJFgGgggWoBIIFpDCCBaAwggSIoAMCAQICCBulrjADvm1lMA0GCSqGSIb3DQEBBQUAMIGWMQswCQYDVQQGEwJVUzETMBEGA1UECgwKQXBwbGUgSW5jLjEsMCoGA1UECwwjQXBwbGUgV29ybGR3a" +
"WRlIERldmVsb3BlciBSZWxhdGlvbnMxRDBCBgNVBAMMO0FwcGxlIFdvcmxkd2lkZSBEZXZlbG9wZXIgUmVsYXRpb25zIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE1MDExMjEyMTIxMFoXDTE2MDExMjEyMTIxMFowgZMxGjAYBgoJkiaJk/IsZAEBDApSSlhWVEU4NjUzMTgwNgYDVQQDDC9pUGhvbmUgRGV2ZWxvcGVyOiBGcmVkZXJpayBDYXJsaWVyICg4VDlVS1VCR1k5KTETMBEGA1UECwwKVENESzVFTEFINzEZMBcGA1UECgwQRnJlZGVyaWsgQ2FybGllcjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfSMNSriF7kAZ0ANxr5T7tsr12VPAWzOsgcLsqbFHTpOIrG/EtvgiP6dxM/MljG/h2S0NUAVw75Nlc2VCCR/sWNaFqrux76PYgA5JbSm32dco3xuQ8uxWrTZ1R5RqKux0yvVpcRFWbrax3aQShzXR1qF69MasUuGLXF55wWTC5Q6VYcVCei/19FkR2OdkHC6emWHwDm1NfpfiIYezlT9a/HNB5iB/qi9xWkKZYazYxa+qqwmqwONg2Y3IEggOgBKG405+6+EQl6OaA4vtBLSPyHaxP8VrmgM3BE0lXm+ueLwY9uN3hJtyH73T47Pf23I7x5y8iwopqTruhRtHzQTJc2NvR4wIDAQABo4IB8TCCAe0wHQYDVR0OBBYEFO3z0SLPYjzwz8nNImJh6EFag+YwMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUiCcXCam2GGCL7Ou69kdZxVJUo7cwggEPBgNVHSAEggEGMIIBAjCB/wYJKoZIhvdjZAUBMIHxMIHDBggrBgEFBQcCAjCBtgyBs1JlbGlhbmNlIG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNjZXB0YW" +
"5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJkIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5IGFuZCAEggItY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjApBggrBgEFBQcCARYdaHR0cDovL3d3dy5hcHBsZS5jb20vYXBwbGVjYS8wTQYDVR0fBEYwRDBCoECgPoY8aHR0cDovL2RldmVsb3Blci5hcHBsZS5jb20vY2VydGlmaWNhdGlvbmF1dGhvcml0eS93d2RyY2EuY3JsMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAzATBgoqhkiG92NkBgECAQH/BAIFADANBgkqhkiG9w0BAQUFAAOCAQEAaIuMydHST4l1fMsaXr51Ejqa00fB3PNY9Rw6oG1cWkSS6RgxAz7AJ7dJCO0tZdqPCX6VKnTHhgMlQrI8tIfU2WcG+sV3tvnAysqRtDPqhHWiR4judlp0ETzoLHJFDbbnEph3NpOYVfUwyCthYL/xv3cF9ohcHvfS02O4MsQl1QKhUzLXEOnjUGgPIb7xmGIP54+TNePhEdOi05ijKr1AO4BgCKjeu7tHYvIuyY9HGOfGyuXsoDrP6F+Jj3VRvYCCZuKIvDnocGHsi9AgaxuOSdp5GQOD6OQvXaOPeJNLf8+1Z1S4h/9lS6VubqH+tp9nvgUuq+zbmHv5iqRadMmz4TE+MBcGCSqGSIb3DQEJFDEKHggAYwBlAHIAdDAjBgkqhkiG9w0BCRUxFgQU7fPRIs9iPPDPyc0iYmHoQVqD5jAAAAAAAAAAAAAAAAAAAAAA");
File.WriteAllBytes(@"rawData.bin", rawData);
var certificate = new X509Certificate2(
rawData: rawData,
password: null,
keyStorageFlags: X509KeyStorageFlags.Exportable);
Console.WriteLine(certificate.SerialNumber);
}
}
}
```
The output on Windows:
```
1BA5AE3003BE6D65
```
and on Linux:
```
Unhandled Exception: Interop+Crypto+OpenSslCryptographicException: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
at Internal.Cryptography.Pal.OpenSslPkcs12Reader.Decrypt(String password)
at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(OpenSslPkcs12Reader pfx, String password, Boolean single, ICertificatePal& readPal, List`1& readCerts)
at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(Byte[] rawData, String password, Boolean single, ICertificatePal& readPal, List`1& readCerts)
at Internal.Cryptography.Pal.CertificatePal.FromBlob(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
at ConsoleApplication.Program.Main(String[] args)
```
You can get the same error message by running OpenSSL directly on the `rawData.bin` file (don't provide a password):
```
openssl.exe pkcs12 -info -in rawData.bin
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Enter Import Password:
Mac verify error: invalid password?
20876:error:2307E06C:PKCS12 routines:PKCS12_verify_mac:mac absent:.\crypto\pkcs12\p12_mutl.c:119:
20876:error:2307E06C:PKCS12 routines:PKCS12_verify_mac:mac absent:.\crypto\pkcs12\p12_mutl.c:119:
```
However, OpenSSL will correctly inspect the file if you pass the `-nomacver` option:
```
openssl.exe pkcs12 -info -in rawData.bin -nomacver
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Enter Import Password:
PKCS7 Data
Key bag
Bag Attributes
friendlyName: cert
localKeyID: ED F3 D1 22 CF 62 3C F0 CF C9 CD 22 62 61 E8 41 5A 83 E6 30
Key Attributes: <No Attributes>
Enter PEM pass phrase:
PKCS7 Data
Certificate bag
Bag Attributes
friendlyName: cert
(...)
-----END CERTIFICATE-----
```
The issue seems to be caused by the absence of a MAC entry in the file. Based on [RFC7292](https://tools.ietf.org/html/rfc7292#section-5.1), I believe that's valid, and BouncyCastle [creates PKCS#12 files without MAC entries if no password is provided](https://github.com/bcgit/bc-csharp/blob/master/crypto/src/pkcs/Pkcs12Store.cs#L959).
So net, because
- This file was created by Bouncy Castle, which emits the MAC entry if it is not password protected
- That seems to be compliant with the RFC
- The file loads correctly on Windows
- The file loads correctly using OpenSSL if you specify the `-nomacver` flag
I would expect .NET Core on Linux & Mac to also be able to read this file.
HiRez_L
January 21, 2019, 7:05pm
11
This link is specific to this error, PMS, passwords and certs. Is there a specific file I can modify to make the registration work, or an openssl command?
HiRez_L
January 21, 2019, 7:15pm
12
I am a Linux Engineer with more than 20 years experience working for a major hosting company, so you can assume I have a little knowledge
Ubuntu is up to date (for the version - I am hesitant to go with a newer version on this hardware)
Welcome to Ubuntu 16.04.5 LTS (GNU/Linux 4.15.0-43-generic i686)
0 packages can be updated.
New release ‘18.04.1 LTS’ available.
Cert locations:
root@dyson-plex:~# dpkg -L ca-certificatesG3.crt -R5.crt -G2.crt -G2.crt -G2.crt -G4.crt -Autorité_Racine.crt -G3.crt -G2.crt -G2.crt -G3.crt -2008.crt -R4.crt -Root_CA.crt -EC1.crt -G2.crt -Sürüm_3.crt -G5.crt -G2.crt -Surum_1.crt -G2.crt -G2.crt -2008.crt -R2.crt =Class_Gold=Főtanúsítvány.crt -G3.crt -_R3.crt
ChuckPa
January 21, 2019, 7:17pm
13
The PMS cert does not involve the user and is “password-like-string” protected.
HiRez_L
January 21, 2019, 7:24pm
14
Looking at this:
Is it possible to have to running Plex Servers on different computers on the same network? I want to run another instance on a different machine to do some testing.
When I attempt start the second server, my first server suddenly becomes unavailable.
I do have 2 plex servers on the same internal network, both would present the same external IP. Do I need to configure the one I giving me problems with a different port, and set up port forwarding rules? Is it possible this would help?
ChuckPa
January 21, 2019, 7:27pm
15
Absolutely!
Both must have a distinct port for full direct Remote Access to work.
Should one desire to have both remotely accessible, a common configuration is to use is:
External -> Internal
32400 -> 32400 Internal #1 #2
1 Like
ChuckPa
January 21, 2019, 7:38pm
17
Just to clarify this point:
PMS works on older hardware to a point
The 32 bit runtime libraries are not well maintained anymore by major distributions.
PMS has a minimum GLIBC version.
I stated the desired age solely for the benefit of HW transcoding. Intel processors approximately 5 years old or newer (the -5xxx series and higher) have significantly more mature H.264 and HEVC transcoding ASICs which result in significantly better output image quality.
HiRez_L
January 21, 2019, 7:49pm
18
Well, it appears you have to claim a server before changing the port number is available, I can see where it is specified in Remote Access screen, but the checkbox and port number field to change it are greyed out, says I have to sign in to change it. SInce I am already signed in, I am assuming this really means I have to claim the server first . . . which is the part that is failing.
ChuckPa
January 21, 2019, 7:51pm
19
I need your DEBUG log file ZIP. capture it now please
As you are unable to download it (since unclaimed).
Stop PMStar.gz or a ZIP of “/var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Logs”:
Please upload / attach that file here.
HiRez_L
January 21, 2019, 7:53pm
20
Another bit of weirdness, the same screen that say “Claim server” (The general tab), says my plex 1.14.1.5488 is out of date and that there is an update . . . when i click the “Please update manually” link and go to plx.tv/downloads , the latest version it shows for Ubuntu 32 bit . . . is 1.14.1.5488.
