Jump to content

Server unable to contact Emby Admin Servers to authenticate Plugins/Connect


PurposelyCryptic

Recommended Posts

PurposelyCryptic

I wasn't sure if I should start a new topic for this, as I experiencing pretty much the same issues that Swynol and Daedalus experienced HERE: I originally posted this on that thread simply because it seemed directly related, but between worrying over whether that constituted thread-jacking, and the topic now having been marked 'Answered', I thought it might be better to start fresh (I will edit my post there to reflect this).

 

I'm running Emby Server Beta on Windows 8.1. The main symptom is that all my supporter plugins are showing as "Trial expired", and when I go to their pages in the catalog, I just get a never-ending 'Loading' Circle. Emby Connect also seems wonky, as I can't link local users with their online Emby accounts; Users already linked can still use Connect to access the server over cellular (My only other internet connection), although when I try to log in through Connect in Chrome on the machine itself, my credentials aren't recognized.

 

The logs show errors on every attempt to connect to verify plugin authorization, to the Emby Connect service and so on, in each case the log states "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.". It seems to be throwing A LOT of these errors, too, as I've had several 100MB+ logs over the past few days (The attached log from a fresh boot yesterday afternoon has since grown to 50MB overnight). 

The odd thing is that, despite the connection issues for plugin and Connect authorization, Emby Server updated both itself and the plugins just fine, and, as mentioned, I can use Connect to access the server from my cell on 4G. The "Thank you for supporting Emby" badge shows up properly on the Dashboard too (Not sure if that's relevant, but the last time I had a connection problem it disappeared).

This is all happening as I finally have my server (the machine, that is) up and running again, after the motherboard and processor died a couple months ago, forcing me to use my laptop as a temporary server. I know from the fact that I didn't have these issues on the laptop that the cause should be located within the server, I've temporarily disabled my firewall entirely and placed the server in my router's DMZ just to eliminate that part of the equation, and I am fairly certain the issue isn't with my Emby configuration, as I've performed a series of fresh installs (both Release and Beta), and the issue was still present, but all I've discovered so far is what's NOT causing the problem, leaving me with no more of a clue as to what actually IS :-/

If anyone could help shed light on this, I would be seriously grateful, as while I do have a certain small amount of pride in my technical skills, I'm also pretty sure that I've come about as far as those skills will take me. Help me, Obi-Wan Kenobi. You're my only hope.

 

server-63605748225.txt

Link to comment
Share on other sites

If you have any security software installed try making sure our domain it whitelisted in it.

Link to comment
Share on other sites

PurposelyCryptic

Thanks for getting back to me so quickly!

I should probably have gone into further detail regarding my attempts at solving the issue, I know there's a whole number of common causes that should be eliminated first before looking into the more troublesome ones; I'll try and list everything in bullet-point form for a clearer picture:

 

RE: Firewall, potential Connectivity Blocks, etc, I:

  • Checked to make sure the Firewall Rules were correctly configured
  • Just in case, deleted those rules, then had the system recreate them when prompted
  • Added custom, more open rules
  • Completely disabled the firewall
  • Added the server to my router's DMZ, leaving the server completely open.
  • Despite everything working properly on my laptop, eliminating router issues as a cause, switched out the router for a different one
  • In case my internal network card was causing issues, switched to a USB Wi-Fi adapter
  • In case the ISP was causing issues, tried using a tethered cellular connection
  • Set Windows to prefer IPv4 over IPv6 (That seemed to fix things for Daedalus in the other thread)

RE: Security Suite (Currently Avast) potentially blocking things, I:

  • Added all Emby folders to the Exclusion List (Avast's Whitelist)
  • Added emby.media, mb3admin.com, the github domains, and all subdomains to the Exclusion List
  • Disabled Avast entirely
  • Uninstalled Avast, just in case
  • Disabled Windows Defender Service

As a note, when I try to access "https://www.mb3admin.com/admin/service/registration/validate" through Chrome, I get a " (net::ERR_CERT_INVALID)" error and Chrome refuses to load anything and gives that over-sized warning message it loves to give, especially for Comodo Security Certificates. If I remember correctly, it has something to do with Google no longer considering SHA256 certs secure these days, and suddenly blocking a ridiculous number of sites using said certs (I mainly remember the end result of having to manually bypass their block all over the place). 

Anyway, when I force it to load, I get the following "{"featId":null,"registered":false,"expDate":"1900-01-01","key":null}". I'm not sure if that is remotely important, but since I'm trying to be thorough, I thought I'd mention it.

 

RE: Something having gone wrong in Emby, I:

  • Backed up the "...\AppData\Roaming\Emby-Server" folder, then uninstalled Emby Server completely
  • Did a fresh install of the same version (Beta)
  • Did a fresh install of the latest Release version
  • For the heck of it, did a fresh install of the latest Dev version
  • Did another fresh install as a base, then:
    • replaced the "...\AppData\Roaming\Emby-Server" folder with an older backup copy
    • repeated this process a few times with various other backups
    • replaced the "...\AppData\Roaming\Emby-Server" folder with a copy of the one from my laptop (since it worked there), after correcting all the path references to match the Server's configuration

And... I think that's everything; the only other thing I could think of trying was creating a test-partition with a clean install of Windows and trying it on there, to eliminate all software causes, but that's kind of a last resort, as it's seriously time-consuming, and even if it does work on there, it still leaves me with no hint as to what is causing it on my main partition, and if it doesn't, it only points to some kind of hardware issue (and I honestly have no clue as to what on the HW side would cause such a weirdly specific and limited issue).

 

I hope this information is of some degree of use, as I really have no clue what to try at this point. If there is anything else I can do/any other information I can provide to help you help me help myself, just let me know. I really do appreciate it!

Edited by PurposelyCryptic
Link to comment
Share on other sites

PurposelyCryptic

Well, I had really hoped to have my system back to normal by now, or at least have had someone get back to me and let me know if some form of solution to this issue might have a chance of potentially existing, but seeing as despite my hitting refresh on the thread every spare moment of my time that hasn't happened, I figure I can at least keep the thread up to date as the situation continues.

 

Up until today, things have basically continued on as described in my previous posts, with none of the Supporter plugins nor Connect working due to some sort of authentication issue. Earlier today, Emby Server attempted, and, for some reason, subsequently failed, to update itself. As I was in the middle of 5 other things, I didn't have time to check into it then, but after auto-starting after a reboot, it apparently tried again and succeeded, and when I loaded the Dashboard, the usual message to restart Emby to complete the update was present.

 

What was not present was the usual "Thank you for supporting Emby" badge, the one thing that gave me at least a little hope by letting me know my system was at least still authenticating SOMETHING successfully with some part of the Emby Admin server. Instead I now get the fun "Support the Emby Team - Get Bonus Features" message on every page, plus the notification "Emby Premiere key is missing or invalid." on the Emby Premiere tab.

 

I realize you guys have a lot on your plate, but if you have any clue as to what could be causing this, or how to fix it, please help. I really don't want to run a partially crippled server long-term (No GameBrowser, Server Backup, CoverArt, etc.), but I also REALLY don't want to switch to Kodi or Plex, since, frankly, I kind of hate both of them, and have spent the past 7 (Or 8? enough to go senile apparently) years using and loving MB/Emby.

 

I've attached another log from today:

server-63606193714.txt

Link to comment
Share on other sites

Some sort of security layer on your (or your ISP's...?) end is blocking the connection.  I'm afraid that's all we know about it at this point but it is related only to your environment somehow.

Could not establish trust relationship for the SSL/TLS secure channel
Link to comment
Share on other sites

PurposelyCryptic

 

Some sort of security layer on your (or your ISP's...?) end is blocking the connection.  I'm afraid that's all we know about it at this point but it is related only to your environment somehow.

Could not establish trust relationship for the SSL/TLS secure channel

 

First, thanks for replying! Even if it's only to let me know that you're just as confused as I am, it's still heartening, and helps me in how to proceed (See if I can find more information, in this case). So, again, thanks!  :)

 

Now, as to what you mentioned: 

 

I'm pretty sure that whatever is causing this is localized on my server, and likely a software issue, based on the following:

  • My laptop, which I've been using as a substitute Media Server/HTPC while my main server was out of commission, does not have this issue (Either on a wired or wireless connection), which points to the issue being on my main server, although doesn't rule out some sort of bad interaction between the server and a component of the rest of the network. The main server didn't have any issue prior to being out of commission, but was running on a different motherboard and processor back then, and so is essentially a different machine.
  • On the hardware end, I at first suspected an issue with my on-board ethernet adapter (a Broadcom NetLink Gb) - to eliminate that possibility, I disabled it, and instead connected via a USB WiFi adapter (I tried both a Bolse N300 adapter and an aging D-Link DWL-G122), but nothing changed.
  • The next suspect was my router (a TP-Link TL-WR841Nv9 running OpenWrt Barrier Breaker 14.07) - again, rather than test my way through the individual settings, I simply swapped in a different router (a Netgear WNDR3700v2 running the latest stock firmware), but no luck through either wired or wireless connection.
  • Next on the list was my ISP - my connection to it is already overly complicated as is (Going: My Server -> My Router -> Power-line Ethernet Connection -> Landlord's Verizon Fios Router (an ActionTek model) -> Internet), and the Fios router has its own issues, such as not getting an IPv6 address from Verizon, so I was hoping this would be it, but, after connecting my server through my cell phone's 4G connection, the issue remained - just to be sure I tried both WiFi and USB tethering.
  • Going by all this, I feel pretty safe in concluding that the issue isn't with my Network/ISP or the hardware on my server, leaving software issues.

As for possible software issues:

  • With the Fios Router having IPv6 issues, despite not causing problems on my laptop, just to be safe and rule out any interaction effects, I tried setting Windows on my server to prefer IPv4 over IPv6, and also disabling IPv6 entirely, but neither proved effective.
  • I suspected the issue to lie with Emby, simply because I haven't experienced issues anywhere else, and Occam's Razor etc. But, as documented further in one of my earlier posts, various attempts at fresh installs, older backups and transplanting the Emby installation from my laptop all proved ineffective, which strongly points against it being the cause.
  • Again, as mentioned in my earlier post, I tried various Firewall (Windows Firewall) and AV (Avast) settings, including fully disabling, and in the case of Avast, uninstalling them, to no effect.
  • The only thing I could think of next was that my system clock may have somehow become desynchronized, which can cause all sorts of authentication issues. But syncing it with the various NIST and MS time servers again did nothing.

I didn't expressly mention it earlier, but I tested all of the above as individual variables in a testing matrix, to eliminate potential interaction effects, but no combination proved successful.

 

The one thing that still bothers me is this line from the log:

	InnerException: System.Security.Authentication.AuthenticationException
	The remote certificate is invalid according to the validation procedure.

That makes it sound like it is properly connecting to the admin server, downloading a certificate for authentication, but then failing the certificate in validation and closing the connection. Either that, or the reverse, connecting to the admin server, sending a certificate for authentication, and the admin server fails the certificate in validation and closes the connection, depending on the perspective of the error message. 

 

Either way, that would indicate there being either an issue with this certificate being sent or received (Either being invalid, corrupt or corrupted in transport), or with the validation procedure. I can't do much here if the issue is with either a server-side certificate or validation procedure, but that seems improbable anyway, as then everyone would be affected.

 

That would leave us with either a corrupt certificate or validation procedure on my server, or a certificate being corrupted in transport somehow. At least, assuming I am interpreting the log entry correctly, and not just dreaming up nonsense. Assuming I am correct, is there any way to replace the cert/repair or correct the validation procedure? Is that handled by Emby, or passed off to an OS service (that may be corrupted)?

 

I'm going to stop there, before I get too worked up over something based on my interpretation of two lines in the log, given that my understanding of the majority of the log content is rather basic to begin with, and so my interpretation likely fairly off.

 

Anyway, thanks for reading, thanks for your help, and of course, major thanks for all your hard work on Emby!

 

I've attached the latest log, just in case:

server-63606211200.txt

Link to comment
Share on other sites

PurposelyCryptic

I realize this probably qualifies as grasping at straws at this point, but I can't seem to stop myself from checking my logs over and over again for anything that stands out, or in any way seems like it might be related to authentication issues, and this caught my attention:


2016-08-08 19:29:40.4412 Error App: LoaderException: Could not load type 'MediaBrowser.Controller.Providers.IItemIdentityProvider`1' from assembly 'MediaBrowser.Controller, Version=3.1.96.0, Culture=neutral, PublicKeyToken=null'.
2016-08-08 19:29:40.4412 Error App: LoaderException: Could not load type 'MediaBrowser.Controller.Providers.IItemIdentityConverter`1' from assembly 'MediaBrowser.Controller, Version=3.1.96.0, Culture=neutral, PublicKeyToken=null'.
2016-08-08 19:29:40.4412 Error App: LoaderException: Could not load type 'MediaBrowser.Controller.Providers.IItemIdentityConverter`1' from assembly 'MediaBrowser.Controller, Version=3.1.96.0, Culture=neutral, PublicKeyToken=null'.
2016-08-08 19:29:40.4412 Error App: LoaderException: Could not load type 'MediaBrowser.Controller.Providers.IItemIdentityProvider`1' from assembly 'MediaBrowser.Controller, Version=3.1.96.0, Culture=neutral, PublicKeyToken=null'.
2016-08-08 19:29:40.4412 Error App: LoaderException: Could not load type 'MediaBrowser.Controller.Providers.IItemIdentityProvider`1' from assembly 'MediaBrowser.Controller, Version=3.1.96.0, Culture=neutral, PublicKeyToken=null'.

Now, granted, as a programmer you can (and sometimes do) name anything whatever strikes your fancy, so without knowing what a 'IItemIdentityProvider' or 'IItemIdentityConverter' were intended for, they could really be anything (Even a boat!), but the combination of the words Error and Identity were enough to spark a tiny sliver of hope.

 

...like I said, grasping at straws.

 

But considering I just replaced my ethernet driver with an ever-so-slightly newer one from Broadcom that ASRock hadn't bothered to release, despite having spent hours essentially proving to myself that the ethernet adapter wasn't involved, this seemed almost productive in comparison.

 

I'll probably end up installing additional pci-e ethernet cards by the end of the night, just on the off-chance it might do... something? I really need better ideas...

Link to comment
Share on other sites

PurposelyCryptic

SUCCESS!!!

 

Thank you, everyone who took the time to try and figure this out with me, I really do appreciate it :)

 

I'm still not entirely sure what exactly went wrong, and I'm honestly not entirely sure why it is working now - I know what I did, but have no clue how those actions led to things working again.

 

The problem was that, for whatever reason, Windows stopped trusting the Intermediate Certificate "COMODO RSA Domain Validation Secure Server CA", claiming that its digital signature was invalid. This certificate was part of the chain for mb3admin.com's certificate, so when one became untrusted, so did the other.

 

So, thinking the certificate was corrupted, I went to Comodo's site and downloaded a fresh copy (along with their other certs, just to be sure). After checking the fresh cert and confirming that Windows was happy with it, going by the Certificate Status field saying "This Certificate is OK.", I installed it over the old one, and...

 

No dice. Now that had been installed, it was apparently no longer OK, and its signature deemed invalid. I tried deleting it before installing, but same outcome. Finally I deleted it, and was set on rebuilding the entire certificate store, hoping that might somehow solve things, when, for whatever reason, I decided to refresh my Emby Dashboard tab - and suddenly my "Thank you for supporting Emby" badge reappeared!

 

I checked my plugins, and they still weren't working, but after a quick server restart, they too are now showing as registered :D

 

So... I still have no idea why Windows refuses to acknowledge that certificate, and I most definitely have no clue why things are now working despite the intermediary certificate being gone entirely (I would have thought that a hole in the chain would be even worse than a "bad" cert), but things are finally working again, and as long as they continue to do so, I'm just going to leave the sleeping dragon lie.

 

Once again, thanks for trying to figure this out with me - every time I think I really know my machine, it just loves to put me in my place...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...