Direct TV: Authn: 401 : Data not found

Chief · August 24, 2023, 4:27pm

This happens to me with Directv Streaming frequently. For me, the issue starts with not being able to access channels due to authentication errors, I try to update the password for Directv Streaming with no change, I then delete the Directv streaming TVE entry and when I try to add it back in I get the authentication 401 error for an hour or so. Then, without changing anything, it will finally start working properly and will allow me to add Directv Streaming back to TVE. I started seeing this behavior a few months ago. Since it always eventually starts working, I haven't given it a lot of thought.

EDIT - I should of let it finish the operation of adding Directv Stream back in before I posted, the logs are littered with entries like "Channel scan 44/190 FNC failed: Cable provider authentication failed" for channels that I should get. This is on the channels server software ver 2023.08.24.0602.

Chief

eric · August 24, 2023, 7:56pm

@Chief It appears you're having some network issues and your diagnostics are failing to be submitted. Could you check your DVR logs and see what errors are being reported? Are you running any firewall software or ad blocking?

eric · August 24, 2023, 7:56pm

Has anyone had a chance to test v2023.08.24.0602 out yet? I have another idea for a different sort of fix but would like to get feedback on this build before I push another change out.

Chief · August 24, 2023, 8:24pm

There's been a problem submitting logs ever since I moved and changed ISP's - we worked on it before, but couldn't get anywhere. I'm not running any firewall or ad blocking software on the channels server. I even went so far as to put the channels server temporarily in the DMZ and still couldn't send logs. It's something I need to revisit.

I am running the latest early release, 2023.08.24.0602

As far as the logs for when I'm adding the Directv Streaming TVE, I'll post an example below. After it gets through, I end up with a fraction of channels and if I rescan the channels that failed auth individually, I can get some of them to authenticate properly. Here's the error log example, email address hidden, the logs are similar for each channel that received the Cable Provider authentication failed error:

2023/08/24 10:33:18.915608 [TVE] action=auth mvpd=ATTOTT requestor=TBS
2023/08/24 10:33:20.344234 [TVE] action=version product=HeadlessChrome/116.0.5845.110 jsVersion=11.6.189.19 protocol=1.3 revision=@5128dafac6222fd3ac218660ab6dbf7ff260d768
2023/08/24 10:33:20.345051 [TVE] action=navigate url=https://sp.auth.adobe.com/adobe-services/authenticate/saml?noflash=true&mso_id=ATTOTT&requestor_id=TBS&no_iframe=true&domain_name=adobe.com&redirect_url=https%3A%2F%2Fsp.auth.adobe.com%2Fadobe-services%2FcompletePassiveAuthentication
2023/08/24 10:33:20.345940 [TVE] action=request type=Document method=GET url=https://sp.auth.adobe.com/adobe-services/authenticate/saml
2023/08/24 10:33:20.916984 [TVE] action=wait_for_page
2023/08/24 10:33:21.657961 [TVE] action=request type=Document method=POST url=https://api.cld.dtvce.com/idp/authn
2023/08/24 10:33:21.658009 [TVE] action=auth_domain domain=api.cld.dtvce.com
2023/08/24 10:33:22.000021 [TVE] action=request type=Document method=GET url=https://oidc.idp.clogin.att.com/mga/sps/oauth/oauth20/authorize
2023/08/24 10:33:22.381463 [TVE] action=request type=Document method=GET url=https://signin.att.com/dynamic/iamLRR/LrrController
2023/08/24 10:33:32.157466 [TVE] action=page_ready
2023/08/24 10:33:32.157513 [TVE] action=wait_for_page done=true reason=page_ready
2023/08/24 10:33:32.157532 [TVE] action=fill_form [email protected]
2023/08/24 10:33:32.179781 [TVE] action=wait_for_auth timeout=12s
2023/08/24 10:33:33.611854 [TVE] action=request type=Document method=POST url=https://oidc.idp.clogin.att.com/mga/sps/authsvc
2023/08/24 10:33:33.851355 [TVE] action=request type=Document method=GET url=https://signin.att.com/dynamic/iamLRR/LrrController
2023/08/24 10:33:33.964043 [TVE] action=error_response type=XHR error=net::ERR_ABORTED url=https://ingest.quantummetric.com/att ip=35.238.12.252
2023/08/24 10:33:40.082725 [TVE] action=page_ready
2023/08/24 10:33:44.203967 [TVE] action=auth_timed_out
2023/08/24 10:33:44.204004 [TVE] action=screenshot
2023/08/24 10:33:44.257334 [TVE] action=screenshot size=47863
2023/08/24 10:33:44.257587 [TVE] action=capture_html
2023/08/24 10:33:44.258684 [TVE] action=capture_html size=9786
2023/08/24 10:33:45.174220 [TVE] Channel scan 27/189 TBS failed: Cable provider authentication failed
2023/08/24 10:33:45.365985 [TVE] action=auth mvpd=ATTOTT requestor=TBS
2023/08/24 10:33:46.214710 [TVE] action=version product=HeadlessChrome/116.0.5845.110 jsVersion=11.6.189.19 protocol=1.3 revision=@5128dafac6222fd3ac218660ab6dbf7ff260d768
2023/08/24 10:33:46.227074 [TVE] action=navigate url=https://sp.auth.adobe.com/adobe-services/authenticate/saml?noflash=true&mso_id=ATTOTT&requestor_id=TBS&no_iframe=true&domain_name=adobe.com&redirect_url=https%3A%2F%2Fsp.auth.adobe.com%2Fadobe-services%2FcompletePassiveAuthentication
2023/08/24 10:33:46.228747 [TVE] action=request type=Document method=GET url=https://sp.auth.adobe.com/adobe-services/authenticate/saml
2023/08/24 10:33:46.598697 [TVE] action=wait_for_page
2023/08/24 10:33:46.658265 [TVE] action=request type=Document method=POST url=https://api.cld.dtvce.com/idp/authn
2023/08/24 10:33:46.716470 [TVE] action=auth_domain domain=api.cld.dtvce.com
2023/08/24 10:33:47.025721 [TVE] action=request type=Document method=GET url=https://oidc.idp.clogin.att.com/mga/sps/oauth/oauth20/authorize
2023/08/24 10:33:47.402002 [TVE] action=request type=Document method=GET url=https://signin.att.com/dynamic/iamLRR/LrrController
2023/08/24 10:33:55.134472 [TVE] action=page_ready
2023/08/24 10:33:55.134523 [TVE] action=wait_for_page done=true reason=page_ready
2023/08/24 10:33:55.134544 [TVE] action=fill_form [email protected]
2023/08/24 10:33:55.161478 [TVE] action=wait_for_auth timeout=12s
2023/08/24 10:33:56.558219 [TVE] action=request type=Document method=POST url=https://oidc.idp.clogin.att.com/mga/sps/authsvc
2023/08/24 10:33:56.792638 [TVE] action=request type=Document method=GET url=https://signin.att.com/dynamic/iamLRR/LrrController
2023/08/24 10:33:56.935275 [TVE] action=error_response type=XHR error=net::ERR_ABORTED url=https://ingest.quantummetric.com/att ip=35.226.236.55
2023/08/24 10:34:04.010120 [TVE] action=page_ready
2023/08/24 10:34:07.292469 [TVE] action=auth_timed_out
2023/08/24 10:34:07.292542 [TVE] action=screenshot
2023/08/24 10:34:07.449382 [TVE] action=screenshot size=47863
2023/08/24 10:34:07.449665 [TVE] action=capture_html
2023/08/24 10:34:07.450835 [TVE] action=capture_html size=9786
2023/08/24 10:34:08.367958 [TVE] Channel scan 28/189 TBSP failed: Cable provider authentication failed

eric · August 24, 2023, 8:43pm

@Chief my best guess is the problem authenticating and the problem submitting diagnostics are related.

eric · August 24, 2023, 8:44pm

New build that may help the situation or provide more insight.

Chief · August 24, 2023, 8:55pm

The TVE issue just started a couple of months ago, the diagnostic issue has been 2+ years.

I previously believed the TVE issue I've experienced periodically of the past couple of months was just a temporary outage, but never saw the cable provider authentication issue for individual channels in the logs until I updated to 2023.08.24.0602.

Chief · August 24, 2023, 9:08pm

Update v2023.08.24.2016 helped a lot, I was able to rescan and access all the missing channels except for AETV, History, Lifetime, Fox News and Fox Business - still receiving timeouts on those.

Chief · August 25, 2023, 3:39am

Figured out the authentication problem, Century Link's primary DNS servers weren't resolving "link.theplatform.com" - I changed DNS servers and now I can authenticate and watch the last missing channels. Thank you Century Link....

Chief

crackers8199 · August 29, 2023, 10:50pm

this still isn't working for me. just downloaded 2023.08.29.2116 and i'm still getting 401 errors when trying to authenticate to DTVS.

eric · August 30, 2023, 5:52am

I don't see any recent diagnostics from you.

crackers8199 · August 30, 2023, 5:57am

i haven't sent any yet, was just giving you a heads up that it's not working. i'll send them shortly, but i'm curious...i have my network set up to primarily use cloudflare and google DNS...both of which give errors. they're two of the most widely used DNS providers around, so if neither of them works who exactly are we supposed to use?

oh, quad9 doesn't work either. cool.

neither does opendns. this is kinda getting comical at this point.

finally got the checkmark to go green using frontier's DNS (which sucks overall which is the whole reason i have my network set up to use cloudflare/google/quad9 in the first place), but whatever.

Logs have been submitted as 74e9fd55-4fbf-48a4-98fb-dabcc666ddf0.

second set of logs after i re-ran the DTVS login attempt after switching to frontier DNS (still 401):

Logs have been submitted as 9e5058a7-ecec-4b0f-91a6-8c1e4dd3f005.

AeroR1 · August 30, 2023, 12:10pm

Install unbound and roll your own validating, recursive, caching DNS resolver.

Been doing it for years and it works great.

Marino13 · August 30, 2023, 3:41pm

I run mine in a docker container and use the extra parameter --dns XX.XX.XXX.X --dns XX.XX.XXX.X to override my network DNS (cloudflare) and use my service providers DNS for Channels only.

crackers8199 · August 30, 2023, 6:37pm

yeah, i did that with adguard. adguard home is the dns server for my network, but i set up my channels server as a client and overrode it that way.

i was more just laughing at the idea that literally the top four DNS servers i use were all being complained about as bad for TVE.

Install unbound and roll your own validating, recursive, caching DNS resolver.

Been doing it for years and it works great.

interesting thought. @AeroR1 what's the benefit to doing something like this over adguard home (which as i mentioned is what i'm already using on my network)? any tutorials out there on how to set it up?

AeroR1 · August 30, 2023, 7:12pm

adguard only forwards DNS queries to an upstream dns for answers, your isp or public dns in your case.

unbound lives in your network instead of using googles, cloudfare, etc.

i have two unbound servers locally, one in docker on synology and the other installed locally with my standalone Adguard ubuntu server.

the benefits? speed, security, no hijacks, leaks or redirects, i could go on. pi-hole has a nice explanation: unbound - Pi-hole documentation

i use this unbound container: Docker

eric · August 30, 2023, 10:01pm

@crackers8199 We can hash out the details of DNS on a separate thread, but regarding the authn issue, can you try to delete the chromedata from the channels DVR data directory, restart the DVR and rescan the source?

I confirmed in your latest diagnostics that they do not contain any residual Direct TV settings in other cached locations that would make your installation exhibit different results than others, so this is the next guess as to where cached data could be causing you problems.

crackers8199 · August 30, 2023, 11:15pm

sure, will give that a shot later today after work and report back.

crackers8199 · August 30, 2023, 11:27pm

basically, i'd be setting up unbound and having adguard hit that instead of google, quad9, cloudflare, etc...right?

AeroR1 · August 30, 2023, 11:43pm

Yep