[A20 Dedicated Server] Is there a new port to open / forward for EOS ?

[elihos]

Hi there

 

I set up a server for some streamer friends for the stream event yesterday and I had some problems:

 

1) Server spamming continuously this :
 

WRN [EOS] [LogHttp - Warning] 000002616AB58BE0: invalid HTTP response code received. URL: https://api.epicgames.dev/sdk/v1/default?platformId=WIN, HTTP code: 0, content length: 0, actual payload size: 0
WRN [EOS] [LogHttp - Warning] 000002616AB58BE0: request failed, libcurl error: 60 (Peer certificate cannot be authenticated with given CA certificates)
WRN [EOS] [LogHttp - Warning] 000002616AB58BE0: libcurl info message cache 0 (  Trying 100.24.224.125...)
WRN [EOS] [LogHttp - Warning] 000002616AB58BE0: libcurl info message cache 1 (TCP_NODELAY set)
WRN [EOS] [LogHttp - Warning] 000002616AB58BE0: libcurl info message cache 2 (Connected to api.epicgames.dev (100.24.224.125) port 443 (#0))
WRN [EOS] [LogHttp - Warning] 000002616AB58BE0: libcurl info message cache 3 (ALPN, offering http/1.1)
WRN [EOS] [LogHttp - Warning] 000002616AB58BE0: libcurl info message cache 4 (Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH)
WRN [EOS] [LogHttp - Warning] 000002616AB58BE0: libcurl info message cache 5 (TLSv1.3 (OUT), TLS handshake, Client hello (1):)
WRN [EOS] [LogHttp - Warning] 000002616AB58BE0: libcurl info message cache 6 (TLSv1.3 (IN), TLS handshake, Server hello (2):)
WRN [EOS] [LogHttp - Warning] 000002616AB58BE0: libcurl info message cache 7 (TLSv1.2 (IN), TLS handshake, Certificate (11):)
WRN [EOS] [LogHttp - Warning] 000002616AB58BE0: libcurl info message cache 8 (TLSv1.2 (OUT), TLS alert, Server hello (2):)
WRN [EOS] [LogHttp - Warning] 000002616AB58BE0: libcurl info message cache 9 (SSL certificate problem: unable to get local issuer certificate)
WRN [EOS] [LogHttp - Warning] 000002616AB58BE0: libcurl info message cache 10 (Closing connection 0)
WRN [EOS] [LogHttp - Warning] Lockout of 2.487258s on https://api.epicgames.dev/sdk/v1/default?platformId=WIN

2) When someone tries to log in, he is kicked with this message :



In client log :
 

INF [NET] Kicked from server: Cross platform auth failed: EosTicketFailed - ConnectInvalidToken

 

In server log (IDs ans Name replaced by *****) :
 

INF [Steamworks.NET] Auth.AuthenticateUser()
INF [Steamworks.NET] Authenticating player: ********** SteamId: ***************** TicketLen: 1024 Result: k_EBeginAuthSessionResultOK
INF [Steamworks.NET] Authentication callback. ID: *****************, owner: *****************, result: k_EAuthSessionResponseOK
INF [Auth] PlatformAuth authorization successful: EntityID=-1, PltfmId='Steam_*****************', CrossId='EOS_********************************', OwnerID='Steam_*****************', PlayerName='**********'
INF [Auth] SteamFamily authorization successful: EntityID=-1, PltfmId='Steam_*****************', CrossId='EOS_********************************', OwnerID='Steam_*****************', PlayerName='**********'
INF [Auth] SteamGroups authorization successful: EntityID=-1, PltfmId='Steam_*****************', CrossId='EOS_********************************', OwnerID='Steam_*****************', PlayerName='**********'

INF [EOS] Verifying token for ********************************: SomeTokenHere
WRN [EOS] [LogEOSConnect - Warning] VerifyIdToken: Failed because issuer is not found or invalid
INF [Auth] CrossplatformAuth authorization failed: EntityID=-1, PltfmId='Steam_*****************', CrossId='EOS_********************************', OwnerID='Steam_*****************', PlayerName='**********'
INF Kicking player (Cross platform auth failed: EosTicketFailed - ConnectInvalidToken): EntityID=-1, PltfmId='Steam_*****************', CrossId='EOS_********************************', OwnerID='Steam_*****************', PlayerName='**********'

 

Server is on windows server 2019, behind a firewall with just game ports open as usual (BasePort TCP and BasePort to BasePort+3 UDP).

To test, I tryed to set up a server on another machine directly on the internet and it worked, my friends could connect and play.

 

So I wonder: is there a new port to open / forward for EOS authentication?
I searched a bit and found nothing

 

Any clue?

Thank you in advance for any answer, we are not the only ones currently bothering (look at the server-help section on discord).

[BFT2020]

it was mentioned elsewhere that there is an issue with Epic

[elihos]

Epic was down only a few hours ago, my problem is present since 03/12
I don’t think it’s because of this issue.

Edited December 5, 2021 by elihos (see edit history)

[Alloc]

Of course the server needs to be able to make *outgoing* connections, for EOS (as the log shows) that would be HTTPS, i.e. port 443 TCP. It does look like the port is not the issue but rather some issue with the SSL cert validation. This might be going through the hosts (root) certificate chain which would indicate an issue with the system's root certs. Or some kind of (transparent) proxy in between that kills the cert. In that case trying to connect to the named domain with MS Edge might show if there's an issue with the cert itself as your system sees it.

 

/EDIT:

Actually it looks like it's indeed your Windows installation missing the root CAs which should be fixed with Windows updates according to other resources on the internet.

Edited December 6, 2021 by Alloc (see edit history)

[KySoto]

Im having this exact issue pop up, except i double checked for the cert, EOS appears to be online, and its a fresh install of server 2019 fully patched. i had the firewall rules set up to allow the exe to send and receive at will, then i temporarily turned the firewall off.

im forwarding ports 26900-26903,26910-26913 (i was running 2 servers for a bit)

/EDIT:

I also can connect to the server for a second before i kicks me saying it hasnt finished initializing, even if its been sitting there for an hour.

Edited July 9, 2022 by KySoto (see edit history)

[Star69]

Can you post a copy of your server output log file using pastebin.com? Perhaps there are more clues there.

[KySoto]

https://pastebin.com/FHGkM2xQ

It wont let me public list it because "questionable content", so i hope you can see it.

[Star69]

Not available, being moderated for questionable content……that is odd.

[meganoth]

Maybe one or more of your server users have names that are not acceptable to pastebin. Or your server itself. Apply common sense and try to X out problematic words if you find them.

 

[KySoto]

turns out i had to chop off the start of the log that had settings etc in it. everything after the game settings and initial startup parts, it was fine with.

/EDIT:

I also went and sent a question to their support team to try to figure out what was flagging it since i know there wasnt anything that should be flagged, unless it had problems with config names, or maybe the fact that there were paths at all.

Edited July 10, 2022 by KySoto (see edit history)

[Star69]

You need to create exclusions in your antivirus software, it isn’t good enough to disable it. If you aren’t using a standalone program, create exclusions for your game and saves folders in Windows Defender.

 

Also be sure you are forwarding the proper ports for the game in your router.

Edited July 10, 2022 by Star69 (see edit history)

[KySoto]

every rule on this image is forwarded to my server https://imgur.com/a/YbRCczG

i added my 7d2d server folder and data folders etc to the windows defender exclusion by the folder.

still having trouble 

[meganoth]

On 7/11/2022 at 1:00 AM, KySoto said:

every rule on this image is forwarded to my server https://imgur.com/a/YbRCczG

i added my 7d2d server folder and data folders etc to the windows defender exclusion by the folder.

still having trouble 

 

The error message is still about the cert. So, what and how did you check that you have the certificate? Did you access https://api.epicgames.dev/sdk/v1/default?platformId=WIN

with edge (since that one is sure to use the windows-certs) and it worked? Did you then look at the certificate from inside edge?

 

[Beelzybub]

On 7/10/2022 at 11:10 AM, KySoto said:

turns out i had to chop off the start of the log that had settings etc in it. everything after the game settings and initial startup parts, it was fine with.

/EDIT:

I also went and sent a question to their support team to try to figure out what was flagging it since i know there wasnt anything that should be flagged, unless it had problems with config names, or maybe the fact that there were paths at all.

Just try another pastebin with a new output log.

 

[KySoto]

On 7/12/2022 at 7:00 AM, meganoth said:

 

The error message is still about the cert. So, what and how did you check that you have the certificate? Did you access https://api.epicgames.dev/sdk/v1/default?platformId=WIN

with edge (since that one is sure to use the windows-certs) and it worked? Did you then look at the certificate from inside edge?

 

it took a minute to get edge on my server install, but yes, i was able to connect to that URL using edge, it says the site has a valid cert. i checked to see if the cert existed by using the certlm console, it has the  ISRG Root X1 cert valid from from june 4th 2015 to june 4th 2035. This said after i installed edge and navigated to the URL, suddenly, it works. im confused why it took installing edge and navigating to the site when ive had the cert in the cert store this whole time. in the end it worked, so thanks.

[meganoth]

Possibly Edge install some certificates as part of the install process.

[RAGE PVE]

We're having the same issues but already had edge installed on windows 2022, after going to into edge and checking certs I could see that one is expired but no idea on how to update that or if indeed thats the problem.  We just migrated onto this new server under the same host and IP but the problem still persists.