Skip to content

Category: Blog

Synology Plex LetsEncrypt Certificate Configuration

I use the built-in LetsEncrypt certificate on the Synology NAS to the NAS webpage. I want to use it on the Plex app too but I had a bit of a hard time configuring it. I have checked a few web guides for help but I keep getting the default Plex certificate. Most guides let you create a PFX certificate but the latest version of Plex require an updated, more secure certificate file.

PMS 1.32.0.6865 and above updates OpenSSL from v1.1.1 to v3.0.0. This updates Plex to use more secure SSL certificates with better encryption.

The Plex Media Server.log file gives an error after I configured the .PFX certificate in Plex.

Jun 20, 2023 09:56:02.971 [139840422419256] ERROR – [CERT] PKCS12_parse failed: error:0308010C:digital envelope routines::unsupported
Jun 20, 2023 09:56:02.971 [139840422419256] ERROR – [CERT] Found a user-provided certificate, but couldn’t install it.

Synology LetsEncrypt Certificate

So.. let’s get that certifacte working! First, export the LetsEncrypt certificate from your Synology. You will have an archive.zip file with all the certificate files in a .pem formatted file. We will have to convert this to the correct format for Plex.

Clicking ‘export certificate’ will give you a few files like cert.pem, chain.pem, privkey.pem and the same with ECC- or RSA- in the filename. I will use the RSA-xxx.pem files for Plex.

Convert PEM to P12

Download OpenSSL, place the OpenSSL files and the contents of the LetsEncrypt files (in the archive.zip file) somewhere on your PC and run a command prompt. Browse tot the OpenSSL directory and start creating the certificate.

Type the following commands in the command prompt:

  1. cd c:\temp\openssl
  2. openssl
  3. pkcs12 -export -out c:\temp\openssl\plex.p12 -in RSA-cert.pem -inkey RSA-privkey.pem -certfile RSA-chain.pem -name “YOUR.PLEX.HOSTNAME” -certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA256

Enter a password for the P12 file. You will need this later in the Plex configuration.

Now you will have a plex.p12 file in c:\temp\openssl or whatever location you will chose.

Import and activate certificate in Plex

Upload the certificate to your NAS. I have chosen an easy accessible location and created a an extra ‘Certificate’ directory next to the movie and TV show files. You can check the properties of the file for the exact location. Which in my case is /volume1/PlexData/Certificate/plex.p12.

Browse to your Plex web app, something like https://ip.address:32400 or https://domain.name:32400.

Go to Settings -> Network and click Show Advanced.

Enter the location, password and the hostname you have entered earlier:

Restart the Plex app on the Synology, browse to https://domain.name:32400 and you will see that the Plex web app is now a secure webpage!

Leave a Comment

Citrix Studio: Database has not been configured for the Citrix Machine Creation Service service.

The Problem

At a customer site we were experiencing a problem where we are unable to open Citrix Studio. Citrix Studio reported the error ‘Reenter the controller address or enter a new address‘ and ‘all services have not been configured‘. Looking in to the error log it seems that an upgrade of the Citrix database has failed, but we did not do any update of Citrix.

Since we do not login to the DDC every day and the use of Studio is not a daily thing, this error could have been there for a while. We were not able to find a cause of this error directly.

The error log shows the following. The full output is available here.

Reset-ProvEnabledFeatureList -AdminAddress “customersite.local:80” -BearerToken ********

Reset-ProvEnabledFeatureList : The operation could not be completed as the database has not been configured for the Citrix Machine Creation Service service.

Citrix.XDPowerShell.Status.DatabaseNotConfigured,Citrix.MachineCreation.Sdk.FeatureChecks.Commands.ResetProvEnabledFeatureListCommand

StackTrace: Citrix.Orchestration.Base.LogicModels.Exceptions.InvalidServiceConfigurationException All services have not been configured.

StackTrace: System.InvalidOperationException The operation could not be completed as the database has not been configured for the Citrix Machine Creation Service service.

at System.Management.Automation.MshCommandRuntime.ThrowTerminatingError(ErrorRecord errorRecord)

This is a customer site with a single Citrix Delivery Controller on version 1912 CU2 and is also running other Citrix services like Storefront, Director, Licensing and has a local Microsoft SQL Express database. The Server OS is Windows Server 2019 1809 17763.1935.

We could not find a way to fix this issue without installing a new Delivery Controller. We created a Citrix case and they could not find the exact cause of this issue and they recommended us to recreate the environment with a new database. We saw no other choice to do so, but after a while the same error returned on a clean install. A new Citrix case was created..

The Research

Citrix support first tried to recreate the database connection strings without any luck. To do this, they pointed to this Citrix article with a few powershell scripts. This article and scripts can be a great help when resetting the connection strings or moving to a new database location.

At first, Citrix support pointed to a problem within the SQL database because of an ‘Monitor.GetSchemaVersion: Could not find stored procedure ‘Monitor.GetSchemaVersion’‘ when testing the database connections. This was a false positive we also found at other customer sites.

The CDF trace pointed us to the following error, which also suggested that there was a problem with the SQL database

13632,2,2021/07/28 15:29:49:47119,16044,16388,Unknown,-1,Xendesktop Management Console,,0,,1,Error,”DatabaseUpgradeTask(482): Upgrade database analysis error: Citrix.Orchestration.Base.LogicModels.Exceptions.ScriptException: Database connection not set.

18418,2,2021/07/28 15:29:49:92234,20400,4272,Citrix.MachineCreation.exe,0,MachineCreationDAL,,0,,1,Error,”[TID:dcda976b-efa7-11eb-8175-0f695eca111d]The database for the service is not configured.”,””

We looked futher in to the SQL database and concluded that it was working fine. The stored procedure was OK and the database seemed to working fine. Restoring a backup of the database from way before the issue occurred, did not solve the problem. We gatherd more CDF traces and ProcMon traces and after a lot of research from Citrix Support we came to a conclusion which solved this error and the Citrix case.

Not sure if it was caused by changes during research but Citrix Director also began showing errors and now we are unable to manage the environment using Studio and Director.

Your logon attempt was unsuccessful.

Username: ‘xxx’

Domain: ‘xxxx’

Additional information:

Xen Desktop Controllers is running an incompatible version of the software. For assistance, contact your administrator.

The Solution

Citrix Support reviewed the logs and found an issue with the performance counter that is causing this issue with Citrix Studio and Citrix Director:

2341,1,2021/10/01 13:57:36:72314,13396,2748,Citrix.MachineCreation.exe,0,MachineCreationDAL,,0,,1,Error,”ERROR: DALRuntime: Performance counter initialization failed: System.InvalidOperationException: The requested Performance Counter is not a custom counter, it has to be initialized as ReadOnly.

2502,3,2021/10/01 13:57:38:25555,13396,2748,Citrix.MachineCreation.exe,0,MachineCreationLog,,0,,1,Error,”Exception thrown Starting DAL: System.InvalidOperationException: The requested Performance Counter is not a custom counter, it has to be initialized as ReadOnly.

In the above logs the DAL stands for data access layer, which is our SQL access layer. This failure of the performance counter is causing the failure in initialization of the DAL and hence we see the Database configuration error.

I ran the following commands on request of Citrix support and Citrix Studio and Director were up and running again:

unlodctr “Windows Workflow Foundation 4.0.0.0”
lodctr C:\Windows\INF\Windows Workflow Foundation 4.0.0.0\PerfCounters.ini

unlodctr “.NET Data Provider for SqlServer”
lodctr C:\Windows\INF\.NET Data Provider for SqlServer\_dataperfcounters_shared12_neutral.ini

unlodctr “.NETFramework
lodctr C:\Windows\INF\.NETFramework\corperfmonsymbols.ini

We did not find a root cause of the performance counter issue but this solved the error in Citrix Studio for us. The error that was shown was caused by an issue with one of the above performance counters and could have been caused by a software install or (Windows) update.

Leave a Comment

Azure Bastion – RDP and SSH to Azure

Azure Bastion is a new Azure service that enables you to create private RDP and SSH to Azure machines. Before Azure Bastion, you would have to create VPN access to Azure or assign a public IP address to the virtual machine(s) and allow RDP/SSH access from the internet.
Before Azure Bastion you could secure the access to the virtual machine using Just In Time VM Access or a VPN. Bastion gives you a full private service in your Azure virtual network so you can access your machines using SSL in the browser without the need to expose your machines.

Azure Bastion is currently in preview. You can access the preview using this URL : https://aka.ms/BastionHost.

Azure Bastion architecture

How Azure Bastion Works

The Azure Bastion service works over port 443 (SSL) and this is the only port and connection Bastion uses. So port 443 will be the only port that you will have to enable in your virtual network (NSG). Behind Bastion it will connect to your devices over port 3389 (RDP) or 22 (SSH) to the virtual machines.

Alternative to Azure Bastion, you could work with a VPN service to Azure, IP access (with whitelisting) or Just In Time VM Access.

Click the READ MORE button to start going though the actual configuration

Leave a Comment