Troubleshooting
How to fix "The request data does not represent a valid Widevine request" error message?β
If you receive the error "The request data does not represent a valid Widevine request" when using Axinom DRM with Widevine in the proxy mode, the request body might be transformed. Double check whether the proxy or some other component is doing the transformation. Try remove or bypass the proxy and see whether you get the same result. If the result is still the same, please contact product support for further help.
How to fix "A content key with the same ID already exists. Use a different ID."β
You might be trying to store a content key with a content Key ID which is already in use. Please use another content Key ID.
How to fix "License denied. Your device security level (Level3) is too low for any of the keys in the Entitlement Message" error message?β
If you get the above error message, the widevine security level you are using in your token is not compatble in the device you are trying to play the content.As an example, the chrome browser on the desktops will only support widevine security level 3 (L3). So you wonβt be able to try playback in a chrome browser with a token specifying L1 security level usage policy.
How to fix "Invalid license request. DRM client models with revoked certificates are not allowed to receive licenses" error message?β
This error message indicates that the CDM of the browser has been revoked by Google Widevine. This revocation of certificates is nothing related to Axinom DRM. What happens is, Google maintains a list of device type certificates that are considered valid and allows the respective devices to receive DRM licenses. This list is being maintained by Google on a daily basis. For example, if Google determines that a specific device typeβs Widevine CDM implementation has been "hacked" or for other reasons is not considered secure anymore, then Google can remove this device type certificate from the above-mentioned "white list". Any DRM license service, including Axinom DRM, continuously downloads updates of this white list from Google, typically on a daily basis. If a device type is removed from the list then any devices of that type will not receive DRM licenses going forward.
If this error is thrown in a browser, you can check whether any Widevine CDM version updates are available for the browser or not. Updating the Chrome browser typically updates the CDM and you can still update the CDM version manually. With Firefox, rarely auto-update doesnβt work. You still have to do it manually, maybe this is only for Linux.
If you cannot update the Chrome browser version for some reason then you can still try to just update the Widevine CDM.
You can navigate to "chrome://components/" and look for "Widevine Content Decryption Module" (the current version of the CDM will be displayed next to this). There should be a button "Check for update". Then if the updates are available, you can get the CDM version updated by your selves.
If you need further explanations or clarifications, please feel free to contact "Axinom Product Support".
How to fix "Invalid license request. Unknown DRM client models are not allowed to receive licenses"β
The error says that the Widevine License Service does not know which client device is making the request according to its Device Certificate List. The cases could be:
- having some new device whose certificate is not yet on the certificate list
- having some older device whose certificate is removed by Google for some reason, e.g., security compromised
How to fix "License denied. The DRM message is already expired" error message?β
You may have requested a license outside the license expire time mentioned in the license request.Check the DRM message expire time and the request time stamp. Refer to the Entitlement Message documentation for further information.
How to fix "License denied. The license request contains a key ID that is not present in the entitlement message" error?β
This error is thrown from the License service because of the Key mismatch between the Manifest and the License service message. License request sent by the player CDM contains the KeyIDs from the video. When the Licese Service received a Licecnse request, License service compares the keys requested in the License Request and the License service message. If the requested keys are different, the license service throws this error. Please compare the key IDs in the Entitlement message and the manifest. If you need further help from us to check it, please share the token and the publicly available manifest URL with Axinom product support.
How to fix "Invalid license request. An initialization vector must be provided with every key in the entitlement message" error message?β
With Fairplay, you should pass an initialization vector on to the license service. Either you can pass the iv in the entitlement message as explained in https://docs.axinom.com/services/drm/license-service/entitlement-message/content-key-source#iv or you can configure your player to pass the iv along with the license request. Refer to https://docs.axinom.com/services/drm/license-service/fairplay/preparing-hls for further details.
How to fix a green screen when playing your encoded content.β
The reason can be a key issue or incorrect initialization vector (IV) was delivered in the DRM license. The IV issue can usually only come in case of FairPlay. If we are not dealing with FairPlay, it is highly likely incorrect content key issue.
- Ex: The Key referred to by the Key ID while encoding the content may refer to a different Key when trying to decrypt. The reason may be that the you are using a different tenant when encoding and when requesting the license (the decrypting process).
How to fix "License denied. The FairPlay data set, which is needed in order to process the license request, is not found. Add it and try again." errorβ
If you havenβt shared your FPS data set with Axinom, please feel free to share it with Axinom. You can refer to FairPlay and Axinom DRM to find the necessary steps. If you have shared your FPS dataset with Axinom already, please contact Axinom support.
How to fix "Invalid DRM message. Required property 'id' not found in JSON. Path 'content_keys_source.inline[0]"β
This means there is a missing property in the Entitlement Message that is sent to the license service. Please check the entitlemnt message you pass in your token. Refer to Entitlement Message for further details.
How to fix "Invalid license request. The signature of the license request is invalid. Ensure the DRM client has not been tampered with" error?β
You can intercept the license request and then use Axinom decoding tool to see whatβs inside https://tools.axinom.com/decoders/LicenseRequest.
There might be several reasons for a signature to be invalid.
- CDM corrupting itself to not generate correct signatures anymore. If the error comes for specific devices customer needs to check with device Manufacturer.If this is the reason please contact the manufacturer for further information.
- The user has indeed tampered with the device.In this case, contact Axinom support for further analysis.
How to fix "Invalid License Request. The provided JWT has an invalid signature" error message?β
This is thrown by the License Service when the token is signed with the wrong communication keys. Please check if you are using the Communication Key pairs that is relevent to your tenant.
How to fix "Invalid DRM message. The license duration must not be set together with either the license start or the license expiration date-time." error?β
License duration may not be specified together with either license start or expiration date-time. In the License configuration, duration must be specified in one of the following ways.
"license": {
"duration": 3600
},
or
"license": {
"start_datetime": "2020-11-27T00:00:00+03:00",
"expiration_datetime": "2100-01-01T00:00:00+03:00"
}
How to fix "Invalid DRM message. The playback duration in the PlayReady license configuration must be greater than or equal to 1 second."β
If you are mentioning "playback_duration" it has to be greater than 0 and you have to mention the time in seconds. Since the "playback_duration" is not a default value, you can skip the attribute in the entitlement message.
How to fix "License denied. Your device security level (Level3) is too low for any of the keys in the Entitlement Message." error?β
Usually, Android devices support either L1 or L3, depending on hardware and software implementations. But Chrome on desktops only supports L3. So only L1 certified devices will allow playing the content when the usage policy is mentioned L1. According to the error message, the device you are trying to try the playback is supporting L3 security level. If you need to allow L3 devices to be able to try the playback, you need to specify an L3 policy. DRM Protection and Screen Recording
How to fix "Invalid license request. The license request contains an invalid CENC PSSH" error message?β
A packaging issue causes this error during the generation of PSSH. Improper packaging can lead to this type of error. If you need assistance from Axinom support, please raise a support ticket and include the timestamp when the error occurred.
How to fix "Invalid license request. The key ID contained in the asset ID is not a valid GUID. The current Asset ID in base64 is:" error message?β
Other Video.js player users experienced the same issue and implemented a custom method to resolve it. You can refer to this github thread: https://github.com/videojs/videojs-contrib-eme/issues/95 If you need further assistance, please raise a support ticket.
When using the HLS manifest, there is no audio or video, only a black screen. Widevine works fine.β
The IV values in the Entitlement Message(EM) are wrong. They're different from those in the manifests. The correct IVs used in the manifest can be found in the segment files. If the content is multi-key content, you will have to specify all the IVs used in the manifest.
Also, convert the IV values to base64(Hex to Base64) when applying to the Entitlement Message. The IV values in the manifest are in Hex format, but the EM expects them in Base64.
Dash + Widevine encryption is not working in some players on some devices.β
Check the manifest, and see the "value" attribute in the "ContentProtection" tag to find the protection scheme used(cbcs or cenc). Next, decode the PSSH box and check the protection scheme. If there's a mismatch, it is likely the reason for this issue.
For example:
Looking at the manifest, the specified protection scheme is "cbcs". Which is likely the "real" protection scheme used:
<ContentProtection schemeIdUri="urn:mpeg:dash:mp4protection:2011" value="cbcs"
But when decoding the PSSH, it includes "cenc".
Protection Scheme: 63 65 6E 63 (cenc)
We have seen that some players are sensitive to this mismatch( e.g., on Android with ExoPlayer, on FireTV with ExoPlayer). The solution would be to have your packager create PSSH boxes that signal the "cbcs" protection scheme.