Denon AVR-4311CI Recognized But Not Authorized

Discuss media renderers like Xbox 360, TVs, smartphones, etc.
holografik
Posts: 23
Joined: Tue Feb 11, 2020 8:55 am

Denon AVR-4311CI Recognized But Not Authorized

Post by holografik » Wed Feb 12, 2020 7:30 pm

I have a two Denon receivers. An AVR-X4200W and an AVR-4311CI. I have been quite successful with the integration of UMS with regards to the X4200W. The X4200W is recognized and the UMS can even successfully serve 'DSD' dot-dsf files and FLAC 192K.

OTOH, the 4311CI, has not been successfully integrated with UMS. The 4311 is also recognized by UMS. In the trace log, I see no fallback to 'unrecognized renderer'. The problem is that when I navigate to NET/USB --> Media Server --> Universal Media Server, the server name is decorated with the suffix (Not Authorized). Attempts to open the next level of the menu (i.e. showing UMS server 'contents') are unsuccessful.

The X4200W and the 4311 both use very similar configuration files. The UserAgent patterns are in fact the same for both units. The only seeming variation is the UpnpDetailsSearch patterns (hint: change 4311 to X4200W).

I have already attempted to use the often-suggested workaround of disabling the DHCP setting on the 4311. In fact, I've tried multiple variations including simply leaving the 4311 with a static IP address with all the necessary definitions of net mask, gateway, and DNS server. This doesn't work.

After I provide the requested support informaion and provide my steps to reproduce (and to produce the trace log), I'll briefly discuss some interesting data points which I have found on the internet. There are two. But first....

Attached please find a debug log with trace enabled. The problem occurs on a Debian Stretch server, so the file was compressed with gzip.
The following were the steps I took to create the debug.log file:
  • Changed log_level = TRACE
  • Change Denon 4311 selected source to something other than NET/USB Media Server
  • Turn Off Denon 4311
  • Unplug Denon 4311
  • Stop UMS service
  • Rotate logs with logrotate (creates new logfile)
  • Shutdown/Restart UMS server with shutdown -r now
  • Wait a minute
  • Plug power cord back into Denon 4311
  • Wait a minute
  • Turn on 4311
  • Wait a minute
  • Select 4311 source NET/USB
  • Select Media Player
  • UMS server is listed as Universal Media Server (Not Authorized)
I'm also attaching the renderer configuration file and UMS.conf.

Here are some other interesting datapoints:
  • 4311 can successfully stream music from a Plex DLNA server running on the same machine
    * Note: The temporary use of Plex on the server has in no way contributed to the problem, because Plex and UMS were never running at the same time. I disabled Plex via systemctl disable plexmediaserver.service. Then I verified that Plex was disabled by 1) looking at logs, 2) attempting to open the server web interface 3) attempting to connect via the 4311.
  • Users of TVersity have had similar problems with among other Denon models, the 3808CI.
    * These problems have be fixed by changing a reference to an xml file in the profile from
    * UPNP_AV_MediaServer_1.0.default.xml to UPNP_AV_MediaServer_1.0.allservices.xml
    * I'm considering downloading/installing TVersity on a Windows PC, just to get a look at these two files.
Thanks in advance for any help you may be able to provide.

-Holografik
Attachments
UMS.conf
(58.19 KiB) Downloaded 124 times
Denon-4311CI.conf
(5.7 KiB) Downloaded 139 times
debug.log.4311_not_authorized.gz
(20.1 KiB) Downloaded 126 times

holografik
Posts: 23
Joined: Tue Feb 11, 2020 8:55 am

Re: Denon AVR-4311CI Recognized But Not Authorized

Post by holografik » Wed Feb 12, 2020 7:55 pm

With regards to attached debug.log file:

192.168.1.72 is the 4311
192.168.1.36 is the UMS server

Before recording the log, I disconnected at least some of the other DLNA devices from the network. These included the aforementioned X4200W.

There are other upnp devices on the network. I don't think any of them are audio devices. One is a Phillips Hue. FWIW.

holografik
Posts: 23
Joined: Tue Feb 11, 2020 8:55 am

Re: Denon AVR-4311CI Recognized But Not Authorized

Post by holografik » Thu Feb 13, 2020 11:12 am

More data for any prospective investigator. I am attaching the description.xml both for the "Not Authorized" AVR-4311CI and the working AVR-X4200W. I obtained these with the help of Upnp Analyzer.

In addition to the reference to DRM in the 4311 description.xml, there are also two more services identified for the 4311CI: urn:schemas-dm-holdings-com:service:X_HtmlPageHandler:1 and urn:schemas-dm-holdings-com:service:X_WholeHomeAudio:1.

The next step is to understand how Plex successful interaction with the 4311 differs from UMS.
Attachments
X4200W_description.xml
(3.04 KiB) Downloaded 129 times
4311CI_description.xml
(3.71 KiB) Downloaded 130 times

holografik
Posts: 23
Joined: Tue Feb 11, 2020 8:55 am

Re: Denon AVR-4311CI Recognized But Not Authorized

Post by holografik » Sat Feb 15, 2020 12:03 pm

I installed Tversity per previous post. This regards a solution for a problem with a Denon 3808CI with tversity and 'Not Authorized'. The suggested solution, change the server description from '....default.xml' to 'allservices.xml'.

There is indeed seems to be a very important difference between the two files. Two additional services are present:

Code: Select all

			<service>
				<serviceType>urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1</serviceType>
				<serviceId>urn:microsoft.com:serviceId:X_MS_MediaReceiverRegistrar</serviceId>
				<SCPDURL>/UPnP_AV_X_MS_MediaReceiverRegistrar_1.0.xml</SCPDURL>
				<controlURL>/upnp/control/x_ms_mediareceiverregistrar</controlURL>
				<eventSubURL>/upnp/event/x_ms_mediareceiverregistrar</eventSubURL>
			</service>
			<service>
				<serviceType>urn:tversity.com:service:X_TVersity_Metadata:1</serviceType>
				<serviceId>urn:tversity.com:serviceId:X_TVersity_Metadata</serviceId>
				<SCPDURL>/UPnP_AV_X_TVersity_Metadata_1.0.xml</SCPDURL>
				<controlURL>/upnp/control/x_tversity_metadata</controlURL>
				<eventSubURL>/upnp/event/x_tversity_metadata</eventSubURL>
			</service>
		</serviceList>
I also used wireshark to determine the endpoint from which to obtain the server description for Plex. The service, urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1, also is present, and is the only service included other those presented by UMS (i.e. ContentDirectory and ConnectionManager).

It appears that the X_MS_MediaReceiverRegistrar is required for the AVR-4311CI. This brings to mind a prescient post by Nadahar, which hinted/understood the underlying problem:
Nadahar wrote:
Mon Feb 26, 2018 7:19 am
The other issue is at the UPnP level. It's not quite clear to me what happens, but it seems that the Denon tries to check if it's authorized as a Microsoft DRM device, and since UMS doesn't support this UMS only gives an empty reply. This DRM isn't a part of UPnP AV or DLNA, and isn't necessary for playback of media (unless you want to play media protected with said DRM). It seems reasonable that the Denon interprets the empty reply as a rejection, the question is why the Denon thinks UMS supports this in the first place. There are some "hacks" to make Microsoft devices like Xbox work with UMS, and I suspect that these can be the reason for the misunderstanding.
I fear that, in a PR/fork of UMS 9.2, I"m going to have to write an X_MS_MediaReceiverRegistrar service. :-(. I wonder if that's even possible without proprietary information ...

Nadahar
Posts: 1811
Joined: Tue Jun 09, 2015 5:57 pm

Re: Denon AVR-4311CI Recognized But Not Authorized

Post by Nadahar » Sat Feb 15, 2020 1:59 pm

It's a while ago now, but I actually came across some information about this somewhere. I just can't remember where... as far as I remember, it isn't hard to implement a "faked authorization", in fact UMS already does this for Xbox.

After thinking a bit, I think I might have found it: https://docs.microsoft.com/en-us/opensp ... f74eec93f2

If you download some of those PDF's, I think you will actually find the "service" described.

holografik
Posts: 23
Joined: Tue Feb 11, 2020 8:55 am

Re: Denon AVR-4311CI Recognized But Not Authorized

Post by holografik » Sun Feb 16, 2020 8:56 am

Nadahar wrote:
Sat Feb 15, 2020 1:59 pm
It's a while ago now, but I actually came across some information about this somewhere. I just can't remember where... as far as I remember, it isn't hard to implement a "faked authorization", in fact UMS already does this for Xbox.

After thinking a bit, I think I might have found it: https://docs.microsoft.com/en-us/opensp ... f74eec93f2

If you download some of those PDF's, I think you will actually find the "service" described.
Thank you for the pointer, Nadahar. I reviewed the MS-DRMND doc. This is the spec.

Yeah, I was poking around the UMS 9.2 code last night. I started by searching on 'xbox', and fairly quickly, I found the parts of the code related to MediaReceiverRegistrar. I think now I understand at a high level how UMS convinces an Xbox 360 that it is authorized.

I tried adding the string 'XBOX 360 hack' to property, RendererName in the 4311 renderer config file. Unfortunately, my renderer-name-hack was unsuccessful. The 4311 showed UMS as 'Universal Media Server : Windows Media Connect (Not Authorized)'. The inclusion of 'Windows Media Connect' in the server name on the 4311 shows that (at least part of) UMS' Xbox 360 workaround was being expressed. For everyone else, FYI, when loading a renderer config file, if UMS sees 'xbox 360' in the value of the property, RendererName, it activates UMS's pseudo MediaReceiverRegistrar behavior in order to convince an Xbox 360 that it is legitimately authorized.

There is one more behavior I would like to understand before I attempt to 'enhance' the MRR behavior. I've seen some responses in the debug.log which show an empty response. Here's an example:
TRACE 2020-02-14 20:53:23.716 [HTTPv2 Request Worker 6] Received a request from Denon AVR-4311CI XBOX 360 hack (192.168.1.72:1033):

SUBSCRIBE / HTTP/1.1

HEADER:
Host: 192.168.1.36:5001
TIMEOUT: Second-300
NT: upnp:event
CALLBACK: <http://192.168.1.72:6666/>
CONNECTION: close

TRACE 2020-02-14 20:53:23.720 [HTTPv2 Request Worker 6] Empty response sent to Denon AVR-4311CI XBOX 360 hack:

HEADER:
HTTP/1.1 204 No Content
SID: uuid:e1f1f713-2c6b-49d9-93df-617f9bf7970b
TIMEOUT: Second-300
Server: Linux-amd64-4.19.0-0.bpo.6-amd64, UPnP/1.0 DLNADOC/1.50, UMS/9.2.0
Content-Length: 0
-holografik

Nadahar
Posts: 1811
Joined: Tue Jun 09, 2015 5:57 pm

Re: Denon AVR-4311CI Recognized But Not Authorized

Post by Nadahar » Sun Feb 16, 2020 9:30 am

The log excerpt doesn't make that much sense to me either. Maybe there's a "hole" in the logging there (blame me, I wrote it), so that the content of the request is missing? Or maybe the fact that the request is empty is the reason for the "No content" reply. I don't remember the details of the subscription mechanism, but I'm pretty sure it's supposed to have a SOAP content with the details of what it wants to subscribe to.

It might be that the information UMS sends is lacking in a way that confuses the renderer in such a way that it triggers an empty subscription request.

Did you look at the "authorization service"? I far as I remember, all UMS has to do is to reply with "1" to confirm that it is authorized. Since we don't actually implement the DRM, we don't have to do a real authorization either, and ergo we can "authorize" everybody that asks.

The real problem, as I see it, is renderer implementations that requires the authorization when no DRM content is actually served. Xbox does this, and it seems like so does the Denon. I can't really understand the rationale behind this, except if the intention is to make it work with Microsoft "servers" exclusively.

User avatar
atamariya
Moderator
Posts: 147
Joined: Sun Aug 11, 2013 1:15 am

Re: Denon AVR-4311CI Recognized But Not Authorized

Post by atamariya » Mon Feb 17, 2020 5:50 pm

Just a suggestion - try to push HTTP 200 response instead of HTTP 204 for this specific case.

holografik
Posts: 23
Joined: Tue Feb 11, 2020 8:55 am

Re: Denon AVR-4311CI Recognized But Not Authorized

Post by holografik » Mon Feb 17, 2020 6:21 pm

Nadahar wrote:
Sun Feb 16, 2020 9:30 am
The log excerpt doesn't make that much sense to me either. Maybe there's a "hole" in the logging there (blame me, I wrote it), so that the content of the request is missing? Or maybe the fact that the request is empty is the reason for the "No content" reply. I don't remember the details of the subscription mechanism, but I'm pretty sure it's supposed to have a SOAP content with the details of what it wants to subscribe to.
I have UMS running from the UMS.launch configuration in Eclipse. My next major task will be to add copious logging (improves my learning curve). One of the items which I'll investigate is the existence of such a 'hole'.

I gave up on trying to use wireshark to understand the upnp conversations. I got stuck on the http2 traffic.
Nadahar wrote:
Sun Feb 16, 2020 9:30 am
id you look at the "authorization service"? I far as I remember, all UMS has to do is to reply with "1" to confirm that it is authorized. Since we don't actually implement the DRM, we don't have to do a real authorization either, and ergo we can "authorize" everybody that asks.
I didn't see any indication in the logs that a request was being made for authorization. Now that you mention it, right after I finish writing this response, I'm going set one or more breakpoints to see if that part of the code is being touched.

I had already found the authorization part of the code to which you refer. It seems straight-forward. First thing to do is determine whether UMS is receiving a request for authorization.

There might be another aspect to authorization which could be playing a role. I have to review the MS-DRMND spec before I can be certain. While renderers can directly ask if they are 'authorized', they can also attempt to 'register' with MRR. I could see how lack of the ability to register might play role. Or it could just be that the Denon expects a description document for the service ...? Or ...
Nadahar wrote:
Sun Feb 16, 2020 9:30 am
The real problem, as I see it, is renderer implementations that requires the authorization when no DRM content is actually served. Xbox does this, and it seems like so does the Denon. I can't really understand the rationale behind this, except if the intention is to make it work with Microsoft "servers" exclusively.
I agree.

The 4311 was first released around the time of the initial development of MS-DRMND (circa 2010) Denon is very sensitive about digital rights. In fact when playing back DSD content, it disables some(all?) potential pathways which could allow for digital copying. I think the 4311 was one of the first Airplay enabled receivers (v 1.0). I have no idea whether any of this affected Denon's decisions regarding 4311 media renderer functionality.

Nadahar
Posts: 1811
Joined: Tue Jun 09, 2015 5:57 pm

Re: Denon AVR-4311CI Recognized But Not Authorized

Post by Nadahar » Mon Feb 17, 2020 6:51 pm

holografik wrote:
Mon Feb 17, 2020 6:21 pm
I gave up on trying to use wireshark to understand the upnp conversations. I got stuck on the http2 traffic.
I don't thin there should be any HTTP/2 traffic there, I certainly know that UMS doesn't support it. I don't even know if it has been added to UPnP AV, but the "original" UPnP AV was written for HTTP/1.1.

It can be difficult to find the way in wireshark, what I usually do is to find some packet that belongs to the communication I'm interested in, and then rightclick and "follow TCP stream" or something like that. You will then get that "conversation" filtered out and nicely merged together in a text document where you can read the exchange.

I didn't see any indication in the logs that a request was being made for authorization. Now that you mention it, right after I finish writing this response, I'm going set one or more breakpoints to see if that part of the code is being touched.
[/quote]
The service must be announced in the "UPnP Description" for the renderer to attempt to use it. This smells a bit like if something is missing from UMS' description.
holografik wrote:
Mon Feb 17, 2020 6:21 pm
I agree.

The 4311 was first released around the time of the initial development of MS-DRMND (circa 2010) Denon is very sensitive about digital rights. In fact when playing back DSD content, it disables some(all?) potential pathways which could allow for digital copying. I think the 4311 was one of the first Airplay enabled receivers (v 1.0). I have no idea whether any of this affected Denon's decisions regarding 4311 media renderer functionality.
I still don't understand it, no matter how "careful" they want to be, there's no point in trying to "enforce" anything for content that doesn't have said DRM/encryption. It doesn't become any "less copyable", even if you play it on a "Microsoft server". It simply serves no purpose that I can see. I rather suspect that they have either peeked at or "gotten help from" Microsoft when making their renderer implementation, and that this non-standard stuff has ended up in there by mistake. Alternatively, they have struck some deal with Microsoft where Microsoft has paid them to make it only work with "Microsoft servers". I still beats me.

There are other DRM implementations in DLNA, this particular one is non-standard and non-compliant with the standard as far as I can tell. If they were so worried about DRM, one would think they would implement some of the "standard DLNA" DRM schemes. But again, DRM doesn't do anything as long as the content is "open" anyway. You can't expect people to "DRM encrypt" their home videos to be able to watch them at their TV...?

Post Reply