wp.rauchholz 5 Posted January 25, 2021 Posted January 25, 2021 The title says it all. I googled, but don't seem to be able to get it working. I setup a new server under Oracle Linux 8 with firewalld as firewall. I opened on my external and internal zone ports 8096/8920 udp/tcp. firewall is configured such that all traffic from LAN is allowed out of the external NIC and all traffic that is RELATED,ESTABLISHED is accepted back through the external NIC. Still not working. When entering the emby code initially a windows opens and says that "Confirmation. Thank you. Your Emby Premiere key has been updated" followd by "Emby Premiere key is missing or invalid." Do I need to open another port? Thank for your help.
Luke 42077 Posted January 25, 2021 Posted January 25, 2021 Hi there, please take a look at this and let us know if it helps: https://support.emby.media/en/support/solutions/articles/44001173116-my-emby-key-says-it-is-invalid-or-missing Thanks !
wp.rauchholz 5 Posted January 25, 2021 Author Posted January 25, 2021 (edited) Thank you For sharing. I had seen though the page before. I am sure the key is right; copy/pasted it from email. I did (2) too (3) is mb3admin.com listening on a specific port/protocol? (4) browser plug-ins. This is the same browser I always used, also when server was running under Centos 7. Using the Emby app does not work either.I tried also Safari on my iPad. Same result Edited January 25, 2021 by wp.rauchholz
Luke 42077 Posted January 28, 2021 Posted January 28, 2021 Quote (3) is mb3admin.com listening on a specific port/protocol? Hi, no, just https, port 443.
wp.rauchholz 5 Posted January 30, 2021 Author Posted January 30, 2021 I complaints about a page not found: connectionmanager.js?v=4.5.4.0:1 POST https://mb3admin.com/admin/service/registration/validateDevice?serverId=54e020b1f47f4fd5903643b7dd0525bc&deviceId=2ab1301e-8df3-464b-8302-ab7c6b61094d&deviceName=Chrome&appName=Emby%20Web&appVersion=4.5.4.0&embyUserName=<my username>&viewOnly=true 404 (Not Found) Is this a problem on my end?
wp.rauchholz 5 Posted February 5, 2021 Author Posted February 5, 2021 Can I please get some support for this topic. I blanked out the key and added it back in, but I still cannot get throuigh I do have a valid key. I don't understand why I get a 404 not found. Thank you Print out from Firefox ConnectionManager requesting url: https://mb3admin.com/admin/service/registration/validateDevi…b&appVersion=4.5.4.0&embyUserName=wp.rauchholz&viewOnly=true connectionmanager.js:1:1530 XHRPOSThttps://mb3admin.com/admin/service/registration/validateDevice?serverId=54e020b1f47f4fd5903643b7dd0525bc&deviceId=279ff5ef-d369-4caa-a44c-183de562e492&deviceName=Firefox&appName=Emby Web&appVersion=4.5.4.0&embyUserName=wp.rauchholz&viewOnly=true[HTTP/1.1 404 Not Found 658ms] ConnectionManager response status: 404, url: https://mb3admin.com/admin/service/registration/validateDevi…b&appVersion=4.5.4.0&embyUserName=wp.rauchholz&viewOnly=true Thank you Wolfgang
wp.rauchholz 5 Posted February 5, 2021 Author Posted February 5, 2021 I made a test. I installed emby on a laptop (fedora core) plugged-in the Premiere Key and it worked!! Doing the same on my home server it tell me that there is no valid key. How is this possible?
Q-Droid 989 Posted February 5, 2021 Posted February 5, 2021 (edited) Have you tried - as a test - stopping firewalld and then submit the key? Edited February 5, 2021 by Q-Droid
wp.rauchholz 5 Posted February 5, 2021 Author Posted February 5, 2021 I can't, the server is modem/router if I stop iptables, then I cannot surf anymore. I added a drop table for input/out packets on the firewall. There are a few, but I don't think it is related to emby Feb 5 18:54:01 home kernel: INPUT-IPTables-Dropped: IN=enp3s0 OUT= MAC=01:00:5e:00:00:01:18:e8:29:c3:37:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 Feb 5 18:54:01 home kernel: OUTPUT-IPTables-Dropped: IN=enp3s0 OUT= MAC=01:00:5e:00:00:01:18:e8:29:c3:37:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 I aslo checked named to see whether there is a problem with resolution to mb3admin. But seems to be ok too. Feb 5 18:57:49 home named[1165]: client @0x7fc4dc040300 127.0.0.1#54418 (mb3admin.com): query: mb3admin.com IN A + (127.0.0.1) Feb 5 18:57:49 home named[1165]: client @0x7fc4dc03a250 127.0.0.1#54418 (mb3admin.com): query: mb3admin.com IN AAAA + (127.0.0.1)
ebr 16169 Posted February 5, 2021 Posted February 5, 2021 Hi. Please see: My Emby Key Says it is Invalid or Missing and follow the instructions there. I'll tell you now it is most likely something blocking validation.
wp.rauchholz 5 Posted February 5, 2021 Author Posted February 5, 2021 I followed these steps. I am sure the key is correct because I requested an email to re-send I disabled all add ons in firefox, blanked the key, restarted emby and entered the key again The firewall allows all traffic from LAN to www. When it says 404 not found; what exactly was not found? XHRPOSThttps://mb3admin.com/admin/service/registration/validateDevice?serverId=54e020b1f47f4fd5903643b7dd0525bc&deviceId=279ff5ef-d369-4caa-a44c-183de562e492&deviceName=Firefox&appName=Emby Web&appVersion=4.5.4.0&embyUserName=wp.rauchholz&viewOnly=true[HTTP/1.1 404 Not Found 658ms] Any other way I can track the packets from my server? It worked with the same config under CENTOS 7. Oracle Linux 8 is is compiled from RHEL source code. That should not be the problem either. I really don't know what else to do.
ebr 16169 Posted February 5, 2021 Posted February 5, 2021 1 hour ago, wp.rauchholz said: I really don't know what else to do. Hi. From the instructions linked: Quote (2) Try blanking out the key and saving and then re-entering (paste) the key and saving again. ... If all of the above failed, please post on the forums ... and include the server log from when you performed the steps in (2.)
wp.rauchholz 5 Posted February 6, 2021 Author Posted February 6, 2021 I blanked it and re-entered the key, it does not help. Let's take a step back: * when emby is installed on my laptop I can enter the key and see "You have a Lifetime Emby Premiere plan and your device usage is well within your limit." It works. * the premiere key installed on the server does not work, I get the 404 In both of these occasions I use the same firefox. Can we assume then that firefox is not the problem? I can surf fine from the LAN, so named and firewall should not be the problem either? Anything related to emby config I could have missed? embyserver.txt
Q-Droid 989 Posted February 6, 2021 Posted February 6, 2021 All of your outbound connections from the server itself are failing (timeouts). It's been a long time since I've touched iptables. You have rule(s) to allow and forward traffic from the LAN to the WAN interface, right? And for some connections to flow in the other direction, WAN to LAN. But do you have rules to allow connections that originate from the server itself, not coming in from the LAN or WAN interfaces? The server can't establish a connection to Emby (mb3admin) to validate the key. It can't connect to the metadata APIs either. I don't know if it's your routing (gateway) or iptables but you are missing a rule or two.
wp.rauchholz 5 Posted February 7, 2021 Author Posted February 7, 2021 I reviewed the firewall script again. I think it is ok. It is the same script as I has used when runnig under Centos 7. It should work laso now under Oracle Linux 8. This ditribution is compoiled from RHEL source. On top I do have connection from the server's CLI and I can connect to mv3admin.com dig mb3admin.com ; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8 <<>> mb3admin.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9797 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 13 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 22e128cf530c01f7a6035a3d601fc2766b6d77e3b9ed98a3 (good) ;; QUESTION SECTION: ;mb3admin.com. IN A ;; ANSWER SECTION: mb3admin.com. 300 IN A 173.230.139.54 ;; AUTHORITY SECTION: mb3admin.com. 98353 IN NS paul.ns.cloudflare.com. mb3admin.com. 98353 IN NS dina.ns.cloudflare.com. ;; ADDITIONAL SECTION: dina.ns.cloudflare.com. 98353 IN A 172.64.32.107 dina.ns.cloudflare.com. 98353 IN A 173.245.58.107 dina.ns.cloudflare.com. 98353 IN A 108.162.192.107 paul.ns.cloudflare.com. 98353 IN A 108.162.193.135 paul.ns.cloudflare.com. 98353 IN A 172.64.33.135 paul.ns.cloudflare.com. 98353 IN A 173.245.59.135 dina.ns.cloudflare.com. 98353 IN AAAA 2606:4700:50::adf5:3a6b dina.ns.cloudflare.com. 98353 IN AAAA 2803:f800:50::6ca2:c06b dina.ns.cloudflare.com. 98353 IN AAAA 2a06:98c1:50::ac40:206b paul.ns.cloudflare.com. 98353 IN AAAA 2a06:98c1:50::ac40:2187 paul.ns.cloudflare.com. 98353 IN AAAA 2606:4700:58::adf5:3b87 paul.ns.cloudflare.com. 98353 IN AAAA 2803:f800:50::6ca2:c187 ;; Query time: 52 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Feb 07 11:35:34 CET 2021 ;; MSG SIZE rcvd: 401
Q-Droid 989 Posted February 7, 2021 Posted February 7, 2021 Dig is a DNS query tool, you did not show a connection to mb3admin.com. The emby server log you posted shows all outbound connections failing. Connections to Emby's and other sites can be tested from the CLI using wget or curl. Bottom line, the information you've shared so far points to a networking problem with your server. You were able to install the key to another machine on your network so you know it's valid.
wp.rauchholz 5 Posted February 7, 2021 Author Posted February 7, 2021 Thanks for your patience q-Droid. Very much appreciated. I did a curl and wget test on my server Both worked fine. wget https://packages.microsoft.com/yumrepos/ms-teams/teams-1.3.00.5153-1.x86_64.rpm --2021-02-07 15:13:58-- https://packages.microsoft.com/yumrepos/ms-teams/teams-1.3.00.5153-1.x86_64.rpm Resolving packages.microsoft.com (packages.microsoft.com)... 40.114.136.21 Connecting to packages.microsoft.com (packages.microsoft.com)|40.114.136.21|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 92770697 (88M) [application/x-redhat-package-manager] Saving to: ‘teams-1.3.00.5153-1.x86_64.rpm’ teams-1.3.00.5153-1.x86_64.rpm 100%[=========================================================================================================================================>] 88.47M 38.0MB/s in 2.3s 2021-02-07 15:14:06 (38.0 MB/s) - ‘teams-1.3.00.5153-1.x86_64.rpm’ saved [92770697/92770697] curl -o nextcloud-20-latest.tar.bz2 https://download.nextcloud.com/server/releases/latest-20.tar.bz2 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 100M 100 100M 0 0 11.8M 0 0:00:08 0:00:08 --:--:-- 24.8M Is there anything I can try to curl/wget from mb3admin? Wolfgang
Q-Droid 989 Posted February 7, 2021 Posted February 7, 2021 You've mentioned both firewalld and iptables. On el7 they worked together but el8 made a transition to nftables. So I don't know if you have conflicting rules in your config by using the same you had on el7. I don't know enough about either to give you specific tips. Here's what I would do, all from the server running emby and the firewall, not from your other devices on LAN. Throw assumptions out the window. Just because the configuration worked in el7 doesn't mean it will in el8. Things do change... To me the timeouts imply that requests are not being rejected. They are either being dropped or may be going out but the response is not allowed back in. So, check firewall logs and increase the logging level if necessary. Look for the outbound source IP and port for the requests from the emby server process to the WAN. Check your rules to see if responses are allowed for that interface. Compare it to CLI tests to the WAN. Look for anything different between the source and destinations between emby server and CLI tests. If you can't get useful info from the firewall logs another option is tcpdump. I don't have suggestions for which filters to use, you'll have to research those. Look for the same basic info, source and destination details for the request traffic from the emby server process to the WAN. Compare it to other working sessions. And if you can't get anything useful from the above then as a temporary measure disable the firewall and see if the server is then able to connect. I would have started with this but... If you have a basic router then test that as well. This is one mb3admin URL that works from the CLI: https://www.mb3admin.com/admin/service/EmbyPackages.json
wp.rauchholz 5 Posted February 7, 2021 Author Posted February 7, 2021 I will forllow your advice. But it will take some time: Attached the firewall script. firewalld is masked. I downloaded the json file. But it took quite long: ~ 2 mins. The connection times out once. wget -v -d https://www.mb3admin.com/admin/service/EmbyPackages.json DEBUG output created by Wget 1.19.5 on linux-gnu. Reading HSTS entries from /root/.wget-hsts URI encoding = ‘UTF-8’ Converted file name 'EmbyPackages.json' (UTF-8) -> 'EmbyPackages.json' (UTF-8) --2021-02-07 17:06:48-- https://www.mb3admin.com/admin/service/EmbyPackages.json Certificates loaded: 147 Resolving www.mb3admin.com (www.mb3admin.com)... 2600:3c02::f03c:91ff:fed7:7fa8, 173.230.139.54 Caching www.mb3admin.com => 2600:3c02::f03c:91ff:fed7:7fa8 173.230.139.54 Connecting to www.mb3admin.com (www.mb3admin.com)|2600:3c02::f03c:91ff:fed7:7fa8|:443... Closed fd 3 failed: Connection timed out. Connecting to www.mb3admin.com (www.mb3admin.com)|173.230.139.54|:443... connected. Created socket 3. Releasing 0x000056277ab2f880 (new refcount 1). ---request begin--- GET /admin/service/EmbyPackages.json HTTP/1.1 User-Agent: Wget/1.19.5 (linux-gnu) Accept: */* Accept-Encoding: identity Host: www.mb3admin.com Connection: Keep-Alive ---request end--- HTTP request sent, awaiting response... ---response begin--- HTTP/1.1 200 OK Server: nginx Date: Sun, 07 Feb 2021 16:09:05 GMT Content-Type: application/json Content-Length: 961824 Connection: keep-alive Vary: Accept-Encoding Last-Modified: Sun, 07 Feb 2021 00:11:21 GMT ETag: "ead20-5bab3e4a46431" Accept-Ranges: bytes ---response end--- 200 OK Registered socket 3 for persistent reuse. Length: 961824 (939K) [application/json] Saving to: ‘EmbyPackages.json.1’ EmbyPackages.json.1 100%[=========================================================================================================================================>] 939.28K 1.59MB/s in 0.6s 2021-02-07 17:09:05 (1.59 MB/s) - ‘EmbyPackages.json.1’ saved [961824/961824] firewall.sh
Solution Q-Droid 989 Posted February 7, 2021 Solution Posted February 7, 2021 Did you notice it attempted IPv6 first? Your firewall is configured with IPv4 in mind.
wp.rauchholz 5 Posted February 7, 2021 Author Posted February 7, 2021 No, I did not. I will disable ipv6 on the server alltogether and se what happens. Need to negotiate with my family first as I have ot reboot. Thanks for the hint!
wp.rauchholz 5 Posted February 7, 2021 Author Posted February 7, 2021 Unbelievable, that was it. Thanks Q-Droid. NetworkManager manages my ppp0 interface. By disabling ipv6 problem was solved!! nmcli connection modify ppp0 ipv6.method ignore Thanks Wolfgang
wp.rauchholz 5 Posted February 7, 2021 Author Posted February 7, 2021 Q-Droid... should to happen to come one day to Barcelona, drop me a line. Will buy you a few beers. Wolfgang 1
Q-Droid 989 Posted February 7, 2021 Posted February 7, 2021 Cool, I'm glad it worked out. You're welcome.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now