jplobao 0 Posted March 15, 2024 Posted March 15, 2024 Hi, So, i am migrating Emby to other server, and now i noticed that, to be SSL available, i have to run Emby as an administrator. However, doing this i will loose access to the mapping drive to access all the library content. Therefor, can you help me to configure a way, to Emby enable SSL, with my user account that has the mapping drives created, as i had in old server? Thank you for your help
Luke 40082 Posted March 15, 2024 Posted March 15, 2024 Hi, starting as admin is not required for ssl. What makes you think this?
jplobao 0 Posted March 15, 2024 Author Posted March 15, 2024 Because when i start as admin it looks like this: But when i run without admin rights stays like this:
jplobao 0 Posted March 15, 2024 Author Posted March 15, 2024 I found an workaround. Creating the mapping drive while administrator solved the issue: Run CMD as admin and use NET USE and adding a regestry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System New DWORD named: EnableLinkedConnections Set value to 1 Restart PC
darkassassin07 619 Posted March 15, 2024 Posted March 15, 2024 A server log would help, but absent that; I'd guess the non-admin user doesn't have permission to access the ssl cert thus can't start the https listener. Running emby server (or any web service) as administrator is not a good idea.
jplobao 0 Posted March 15, 2024 Author Posted March 15, 2024 If you wanna go deep dive on it, i appreciated. Logs in attach embyserver.txt
Happy2Play 9442 Posted March 15, 2024 Posted March 15, 2024 Per that log there shouldn't be an issue. 2024-03-15 19:34:16.566 Info App: Adding HttpListener prefix http://+:8096/ 2024-03-15 19:34:16.566 Info App: Adding HttpListener prefix https://+:443/
jplobao 0 Posted March 15, 2024 Author Posted March 15, 2024 (edited) it was running as admin... Attached with regular user Edited March 15, 2024 by jplobao
Happy2Play 9442 Posted March 15, 2024 Posted March 15, 2024 (edited) 3 minutes ago, jplobao said: it was running as admin... Attached with regular user Please remove log do to what you named your cert. But as suspected user did not have access to cert. Error loading cert from xxxxxxxxxxxxxxxx Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access denied. Or is unable to load do to permissions but dev might be able to interpret it correctly. Edited March 15, 2024 by Happy2Play
jplobao 0 Posted March 15, 2024 Author Posted March 15, 2024 The certificate is on a folder where all users have access! it is a standard folder...
Luke 40082 Posted March 15, 2024 Posted March 15, 2024 Adding HttpListener prefix https://+:443/ Maybe this is your issue. Emby Server does not need admin rights for SSL, but binding to port 443 is a special case that might special authorization on the system.
Luke 40082 Posted March 15, 2024 Posted March 15, 2024 FYI the default ssl port for emby server is 8920.
Happy2Play 9442 Posted March 15, 2024 Posted March 15, 2024 1 minute ago, Luke said: Adding HttpListener prefix https://+:443/ Maybe this is your issue. Emby Server does not need admin rights for SSL, but binding to port 443 is a special case that might special authorization on the system. That log was loaded as admin user. Removed log was User got access denied. 2024-03-15 20:17:19.503 Error App: Error loading cert from C:\Cert\xxxxxxxxx.pfx *** Error Report *** Version: 4.8.3.0 Command line: C:\Users\Administrator\AppData\Roaming\Emby-Server\system\EmbyServer.dll Operating system: Microsoft Windows 10.0.19045 Framework: .NET 6.0.27 OS/Process: x64/x64 Runtime: C:/Users/Administrator/AppData/Roaming/Emby-Server/system/System.Private.CoreLib.dll Processor count: 4 Data path: C:\Users\Administrator\AppData\Roaming\Emby-Server\programdata Application path: C:\Users\Administrator\AppData\Roaming\Emby-Server\system Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access denied. at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags) at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password) at Emby.Server.Implementations.ApplicationHost.GetCertificate(CertificateInfo info) Source: System.Security.Cryptography.X509Certificates TargetSite: Internal.Cryptography.Pal.Native.SafeCertContextHandle FilterPFXStore(System.ReadOnlySpan`1[System.Byte], Microsoft.Win32.SafeHandles.SafePasswordHandle, Internal.Cryptography.Pal.Native.PfxCertStoreFlags) So is it a User cannot load or just doesn't have permission to the cert? 1
Luke 40082 Posted March 15, 2024 Posted March 15, 2024 Ok so @jplobaowe cannot tell you why access is being denied. We can only confirm that it is happening and give you steps to try and resolve it, but there is no way for us to determine why as it is specific to your enviornment. My suggestion would be to make a certificates subfolder underneath C:\Users\Administrator\AppData\Roaming\Emby-Server\programdata And put the pfx there.
jplobao 0 Posted March 15, 2024 Author Posted March 15, 2024 For testing porpuses, i changed the port to the default one, but the issue is the same. Regarding to pfx file, i added security for "Everyone" , Full control. The folder also Full contro for user "Everyone". The same still continues to happen. As i said, because of an issue with addin "Trailers" (you can see it in other post of mine), today i migrated from Windows 8 to Windows 10. In windows 8 the same configurarions were working fine. In Windows10 i got this issue... I will test putting the certificate on the folder mentioned by @Lukeand i will give you some feedback about it
jplobao 0 Posted March 15, 2024 Author Posted March 15, 2024 The result was the same. If you want i can paste here the logs... But the results were the same
Luke 40082 Posted March 16, 2024 Posted March 16, 2024 7 hours ago, jplobao said: The result was the same. If you want i can paste here the logs... But the results were the same Hi, yes please and thanks.
Luke 40082 Posted March 17, 2024 Posted March 17, 2024 On 3/16/2024 at 8:48 AM, jplobao said: Sure, Where it is embyserver .txt 39.93 kB · 3 downloads Hi, this might be your issue: https://github.com/Microsoft/dotnet-framework-early-access/issues/25#issuecomment-394419380 So the access denied is not about the pfx file but about the machine keystore.
jplobao 0 Posted March 19, 2024 Author Posted March 19, 2024 Hi, I reviewed that post, and checked my machine and the default permissions are set!. This "server" it was not an upgrade, but a fresh windows 10 install. I use "certifytheweb" to generate the certificate, and it goes with no issue. Do you still think this is the issue? Thanks
Luke 40082 Posted March 19, 2024 Posted March 19, 2024 Quote and it goes with no issue. "goes with no issue" doesn't really matter. The problem is related to how the certificate is configured, not whether it succeeds to generate or not. The certificate is configured to use the local machine keystore, and this is what is throwing the access denied errors.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now