jplobao 0 Posted March 15 Share Posted March 15 Hi, So, i am migrating Emby to other server, and now i noticed that, to be SSL available, i have to run Emby as an administrator. However, doing this i will loose access to the mapping drive to access all the library content. Therefor, can you help me to configure a way, to Emby enable SSL, with my user account that has the mapping drives created, as i had in old server? Thank you for your help Link to comment Share on other sites More sharing options...
Luke 37125 Posted March 15 Share Posted March 15 Hi, starting as admin is not required for ssl. What makes you think this? Link to comment Share on other sites More sharing options...
jplobao 0 Posted March 15 Author Share Posted March 15 Because when i start as admin it looks like this: But when i run without admin rights stays like this: Link to comment Share on other sites More sharing options...
jplobao 0 Posted March 15 Author Share Posted March 15 I found an workaround. Creating the mapping drive while administrator solved the issue: Run CMD as admin and use NET USE and adding a regestry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System New DWORD named: EnableLinkedConnections Set value to 1 Restart PC Link to comment Share on other sites More sharing options...
darkassassin07 429 Posted March 15 Share Posted March 15 A server log would help, but absent that; I'd guess the non-admin user doesn't have permission to access the ssl cert thus can't start the https listener. Running emby server (or any web service) as administrator is not a good idea. Link to comment Share on other sites More sharing options...
jplobao 0 Posted March 15 Author Share Posted March 15 If you wanna go deep dive on it, i appreciated. Logs in attach embyserver.txt Link to comment Share on other sites More sharing options...
Happy2Play 8309 Posted March 15 Share Posted March 15 Per that log there shouldn't be an issue. 2024-03-15 19:34:16.566 Info App: Adding HttpListener prefix http://+:8096/ 2024-03-15 19:34:16.566 Info App: Adding HttpListener prefix https://+:443/ Link to comment Share on other sites More sharing options...
jplobao 0 Posted March 15 Author Share Posted March 15 (edited) it was running as admin... Attached with regular user Edited March 15 by jplobao Link to comment Share on other sites More sharing options...
Happy2Play 8309 Posted March 15 Share Posted March 15 (edited) 3 minutes ago, jplobao said: it was running as admin... Attached with regular user Please remove log do to what you named your cert. But as suspected user did not have access to cert. Error loading cert from xxxxxxxxxxxxxxxx Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access denied. Or is unable to load do to permissions but dev might be able to interpret it correctly. Edited March 15 by Happy2Play Link to comment Share on other sites More sharing options...
jplobao 0 Posted March 15 Author Share Posted March 15 The certificate is on a folder where all users have access! it is a standard folder... Link to comment Share on other sites More sharing options...
Luke 37125 Posted March 15 Share Posted March 15 Adding HttpListener prefix https://+:443/ Maybe this is your issue. Emby Server does not need admin rights for SSL, but binding to port 443 is a special case that might special authorization on the system. Link to comment Share on other sites More sharing options...
Luke 37125 Posted March 15 Share Posted March 15 FYI the default ssl port for emby server is 8920. Link to comment Share on other sites More sharing options...
Happy2Play 8309 Posted March 15 Share Posted March 15 1 minute ago, Luke said: Adding HttpListener prefix https://+:443/ Maybe this is your issue. Emby Server does not need admin rights for SSL, but binding to port 443 is a special case that might special authorization on the system. That log was loaded as admin user. Removed log was User got access denied. 2024-03-15 20:17:19.503 Error App: Error loading cert from C:\Cert\xxxxxxxxx.pfx *** Error Report *** Version: 4.8.3.0 Command line: C:\Users\Administrator\AppData\Roaming\Emby-Server\system\EmbyServer.dll Operating system: Microsoft Windows 10.0.19045 Framework: .NET 6.0.27 OS/Process: x64/x64 Runtime: C:/Users/Administrator/AppData/Roaming/Emby-Server/system/System.Private.CoreLib.dll Processor count: 4 Data path: C:\Users\Administrator\AppData\Roaming\Emby-Server\programdata Application path: C:\Users\Administrator\AppData\Roaming\Emby-Server\system Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access denied. at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags) at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password) at Emby.Server.Implementations.ApplicationHost.GetCertificate(CertificateInfo info) Source: System.Security.Cryptography.X509Certificates TargetSite: Internal.Cryptography.Pal.Native.SafeCertContextHandle FilterPFXStore(System.ReadOnlySpan`1[System.Byte], Microsoft.Win32.SafeHandles.SafePasswordHandle, Internal.Cryptography.Pal.Native.PfxCertStoreFlags) So is it a User cannot load or just doesn't have permission to the cert? 1 Link to comment Share on other sites More sharing options...
Luke 37125 Posted March 15 Share Posted March 15 Ok so @jplobaowe cannot tell you why access is being denied. We can only confirm that it is happening and give you steps to try and resolve it, but there is no way for us to determine why as it is specific to your enviornment. My suggestion would be to make a certificates subfolder underneath C:\Users\Administrator\AppData\Roaming\Emby-Server\programdata And put the pfx there. Link to comment Share on other sites More sharing options...
jplobao 0 Posted March 15 Author Share Posted March 15 For testing porpuses, i changed the port to the default one, but the issue is the same. Regarding to pfx file, i added security for "Everyone" , Full control. The folder also Full contro for user "Everyone". The same still continues to happen. As i said, because of an issue with addin "Trailers" (you can see it in other post of mine), today i migrated from Windows 8 to Windows 10. In windows 8 the same configurarions were working fine. In Windows10 i got this issue... I will test putting the certificate on the folder mentioned by @Lukeand i will give you some feedback about it Link to comment Share on other sites More sharing options...
jplobao 0 Posted March 15 Author Share Posted March 15 The result was the same. If you want i can paste here the logs... But the results were the same Link to comment Share on other sites More sharing options...
Luke 37125 Posted March 16 Share Posted March 16 7 hours ago, jplobao said: The result was the same. If you want i can paste here the logs... But the results were the same Hi, yes please and thanks. Link to comment Share on other sites More sharing options...
jplobao 0 Posted March 16 Author Share Posted March 16 Sure, Where it is embyserver .txt Link to comment Share on other sites More sharing options...
Luke 37125 Posted March 17 Share Posted March 17 On 3/16/2024 at 8:48 AM, jplobao said: Sure, Where it is embyserver .txt 39.93 kB · 3 downloads Hi, this might be your issue: https://github.com/Microsoft/dotnet-framework-early-access/issues/25#issuecomment-394419380 So the access denied is not about the pfx file but about the machine keystore. Link to comment Share on other sites More sharing options...
jplobao 0 Posted March 19 Author Share Posted March 19 Hi, I reviewed that post, and checked my machine and the default permissions are set!. This "server" it was not an upgrade, but a fresh windows 10 install. I use "certifytheweb" to generate the certificate, and it goes with no issue. Do you still think this is the issue? Thanks Link to comment Share on other sites More sharing options...
Luke 37125 Posted March 19 Share Posted March 19 Quote and it goes with no issue. "goes with no issue" doesn't really matter. The problem is related to how the certificate is configured, not whether it succeeds to generate or not. The certificate is configured to use the local machine keystore, and this is what is throwing the access denied errors. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now