Connection failed and Chromecast issues: Roon using new/additional network ports since 880

Roon Core Machine

Roon 1.8 880 running in Proxmox container (Ubuntu 20.04.2 LTS)
Intel i5-10400 (4 cores, 4GB for VM)
All OS updates installed

Networking Gear & Setup Details

OPNsense firewall vitualized in Proxmox (Roon core on VLAN 100, clients on VLANs 10 and 30)
Proxmox connected over fiber to Netgear MS510TX
Clients connected to Netgear GS110EMX and Ubiquiti AP WiFi 6 Long-Range

Connected Audio Devices

Naim Uniti Atom
Win 11 desktop with Topping D10s
Apple iPad
Samsung Galaxy A50

Number of Tracks in Library

25.000 tracks

Description of Issue

Connection failed after update to 880
Rollback to previous version solves the problem

Since the update to 880 clients would no longer connect to the Roon Core.
After some investigation on the side of the Proxmox firewall, following entries were present:
201 7 veth201i0-IN 16/Dec/2021:09:18:52 +0100 DROP: IN=fwbr201i0 OUT=fwbr201i0 PHYSIN=fwln201o0 PHYSOUT=veth201i0 MAC=xxxxx SRC=192.168.10.173 DST=192.168.100.80 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=12432 DF PROTO=TCP SPT=31089 DPT=9330 SEQ=197902906 ACK=0 WINDOW=64240 SYN
201 7 veth201i0-IN 16/Dec/2021:08:56:47 +0100 DROP: IN=fwbr201i0 OUT=fwbr201i0 PHYSIN=fwln201o0 PHYSOUT=veth201i0 MAC=xxxxx SRC=192.168.10.173 DST=192.168.100.80 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=11069 DF PROTO=TCP SPT=30080 DPT=9332 SEQ=2537644595 ACK=0 WINDOW=64240 SYN

After allowing incoming TCP traffic on both these ports, it is possible again to connect.
If I’m correct, there is no mention of any of these ports in the documentation.

4 Likes

From a thread over on #private-beta - this was in relation to there being an upper limit in terms of connecting clients with new builds

  • have the same limit (7) in terms of Sonos devices that can be enabled endpoints
  • it doesn’t matter which 7 I choose, I can reduce number to 6 and add one that previously couldn’t be used

Adding an 8th results in the log message

12/15 18:03:12 Info: [transport] creating endpoint for sonos device 23:1:11b4f841-2d17-4b83-4ca4-90dce08473b5 in Thread[Id=13, Name=Broker:Transport]
12/15 18:03:12 Trace: [dspengine] created new dsp config {"version":3,"items":[{"type":"bs2b","enabled":false},{"type":"parametric_equalizer","enabled":false},{"type":"audeze_presets","enabled":false}]}
12/15 18:03:12 Trace: [transport/audeze] picking preset lowlatency
12/15 18:03:12 Trace: [transport/audeze] picked null preset!
12/15 18:03:12 Trace: [push] restarting connection (Unable to read data from the transport connection: Software caused connection abort.)
12/15 18:03:12 Trace: [push] retrying connection in 76710ms
12/15 18:03:12 Trace: [zone Guest Room] Loading
12/15 18:03:12 Trace: [zone Guest Room] Suspend
12/15 18:03:12 Info: [zone Guest Room] Canceling Pending Sleep
12/15 18:03:12 Info: [zone Guest Room] Canceling Pending Sleep
12/15 18:03:12 Critical: scx: in OnExit: System.Net.Sockets.SocketException (98): Address already in use
   at Sooloos.Http.HttpServer._Start()
   at Sooloos.Broker.Transport.UPNPZonePlayerBase._reset_http()
   at Sooloos.Broker.Transport.UPNPZonePlayerBase..ctor(UPNPQuirks quirks, State state, IEnumerable`1 endpoints, IEnumerable`1 endpoint_integrations)
   at Sooloos.Broker.Transport.ZonePlayerFactory.Create(State state, IEnumerable`1 endpoints)
   at Sooloos.Broker.Transport.Zone.LL_UpdateEndpoints(Boolean first)
   at Sooloos.Broker.Transport.Zone..ctor(State state, Module module, Sooid zoneid, IEnumerable`1 endpoints)
   at Sooloos.Broker.Transport.Module.ev_threadexit()
   at Sooloos.SynchronizationContextThread.OnExit()

So (speculation follows)

  • activating the Sonos endpoint involves creating a UPNP server on the Roonserver that the Sonos will stream audio from (guessing that from the log)
  • from looking at netstat Roon seems to use ports upwards from 9333 for these UPNP servers to listen on
  • without any endpoint enabled ports 9330-9332 are listening
    9330 - seems to be some sort of api for images e.g. http://192.168.2.150:9330/image/nariaaaa.512.jpg
    9331 - seems to TLS enabled version e.g. https://192.168.2.150:9331/image/nariaaaa.512.jpg
    9332 - seems to be some sort of binary message service
    9333 - 9339 - are 7 ports than can be used for Sonos UPNP
  • when an 8th Sonos device is enabled it perhaps tries to create a listening socket on one of the ports already in use (hence “address already in use”). Maybe it is mistakenly trying to use the 9330-9332 range? I don’t know which port it is attempting to listen on

/speculation

Thanks for sharing.

This solved the connection failures to my Linux Core after the update to 880.

Thanks for the info @Eamonn_Maher
Just to be on the safe side I’ve allowed the 9330-9332 range.

I see that the Web Display URL is now using port 9330 in Build 880. Previous builds were using port 9100

2 Likes

Changes like these should be included in the release notes and the documentation, and not left up to users to find out on their own…

6 Likes

So is the expected solution for me to open ports, or for me to disable Sonos zones to get under the “7 Sonos zone cap” or for Roon to fix something? Right now have disabled a few Sonos zones, which is fine for now. Thanks so much for diagnosing.

thanks a lot Christophe this solved it for me after updating to 880.

big thanks to ROON for not specifying this in their update notes made me waste 3 hours thinking my machine was broken.

love the software but this is unacceptable levels of support or communication

1 Like

Thanks, beem struggling wirlth connecting to my Roon Core after update, allowing port 9330 - 9332 in firewall allowed me to connect again

Hey everyone :wave:,

For more information on this, I wanted to point you to Brian’s post. It explains our position on ports:

‘We just use some random ports and our users just have to figure out for themselves which ones they are’ ?
Every piece of software that uses network protocols has documentation where you can find what ports are being used, but Roon doesn’t?
I’m sorry, but this is unacceptable!
If you can’t provide this kind of technical data, this will be the last year I subscribe to Roon.

1 Like

Had some time to do a little more digging this morning…
For people having issues with Chromecast no longer functioning, Roon now uses port 9333 to stream to my Nest Mini.
I noticed on my firewall that these connections were being blocked:
192.168.30.101:50584 192.168.100.80:9333 tcp Default deny rule
Allowing 9333 to pass through and opening the port on my Core solved the Chromecast issue.

Maybe extra ports are being used if you stream to multiple Chromecast devices, but I can’t tell for sure.

Some simple documentation around the ports being used would have saved us users hours of frustration and digging around logs…

Do I suffer from the same?
Since 880 I get strange restarts:

root@scarpe:/var/roon/RoonServer/Logs# journalctl -u  roonserver.service -f
-- Logs begin at Tue 2019-02-26 20:44:22 CET. --
dec 17 15:37:40 scarpe start.sh[3499]: Started
dec 17 15:37:40 scarpe start.sh[3499]: aac_fixed decoder found, checking libavcodec version...
dec 17 15:37:40 scarpe start.sh[3499]: has mp3float: 1, aac_fixed: 1
dec 17 15:37:45 scarpe start.sh[3499]: Running
dec 17 15:56:12 scarpe start.sh[3499]: Error
dec 17 15:56:14 scarpe start.sh[3499]: Initializing
dec 17 15:56:14 scarpe start.sh[3499]: Started
dec 17 15:56:14 scarpe start.sh[3499]: aac_fixed decoder found, checking libavcodec version...
dec 17 15:56:14 scarpe start.sh[3499]: has mp3float: 1, aac_fixed: 1
dec 17 15:56:18 scarpe start.sh[3499]: Running

The open files of the RoonAppliance process grows massive and fast:

root@scarpe:/var/roon/RoonServer/Logs# ls -1 /proc/$(pidof RoonAppliance)/fd | wc -l
1321
root@scarpe:/var/roon/RoonServer/Logs#
root@scarpe:/var/roon/RoonServer/Logs#
root@scarpe:/var/roon/RoonServer/Logs# ls -1 /proc/$(pidof RoonAppliance)/fd | wc -l
1470
root@scarpe:/var/roon/RoonServer/Logs# ls -1 /proc/$(pidof RoonAppliance)/fd | wc -l
1517
root@scarpe:/var/roon/RoonServer/Logs# ls -1 /proc/$(pidof RoonAppliance)/fd | wc -l
5372

Lots of:

12/17 15:58:25 Critical: scx: in OnExit: System.Net.Sockets.SocketException (98): Address already in use
   at Sooloos.Http.HttpServer._Start()
   at Sooloos.Broker.Transport.CastZonePlayer..ctor(State state, IEnumerable`1 realeps, IEnumerable`1 endpoints)
   at Sooloos.Broker.Transport.ZonePlayerFactory.Create(State state, IEnumerable`1 endpoints)
   at Sooloos.Broker.Transport.Zone.LL_UpdateEndpoints(Boolean first)
   at Sooloos.Broker.Transport.Zone..ctor(State state, Module module, Sooid zoneid, IEnumerable`1 endpoints)
   at Sooloos.Broker.Transport.Module.ev_threadexit()
   at Sooloos.SynchronizationContextThread.OnExit()

And after a while:

RoonServer_log.20.txt:12/17 14:41:36 Debug: NotifyCorruptZoneDatabases Exception LevelDb.Exception: IO error: /var/roon/RoonServer/Database/Core/5d5b0749cc6e455194aca11ab9ed0c4d/transport/zone_16015a8849ba9e0f538753043adb67708409.db/CURRENT: Too many open files

I never used iptables or other FWs on my core. Never had these kinds of issues before the upgrade.
It just seems seriously broken.

I don’t think it’s related, I’ve checked my logs and Roon never crashed.
My remotes started working right away as I opened the necessary ports on my firewall

For posterity, and if anyone with similar problems should find this post:
I’ve been able to narrow down the ports my setup uses to tcp 9330:9339 and udp 1900,9003. If you want chromecast to work, it seems you’ll also have to open tcp 8008,8009 and udp 32768:65535
Opening these fixed all connection issues for me.

Hopefully Roon doesn’t pull some different port numbers out of it’s hat with every new release…

Does it still work with Roon 1.8 build 882?
Here Chromecast audio was working fine with firewall rules. Now updated to build 882 when I hit play, it won’t… when I disable the firewall it works. Looks like a new port to add?

Hi @Ramon_Laponder , you seem to be correct.
I’ve updated to 882 this evening and was also having issues…
Looking to the connections, I’m seeing attempts to connect to ports like 30000 and 30002.


These are the rules that I have currently active.
roon_ep is the alias for my roon endpoints and trustedsubnets are the euh well… trusted subnets in my network :wink:
If you don’t use vlan’s and don’t have fixed ip’s for your endpoints and/or remotes, you can ignore these and just allow all ip’s from within your network

It might not be necessary to have the 32768:65535 udp and 8008:8009 tcp ports open, but it’s saturday 23.00 here and now that it’s sort of working, I’d rather spend my time listening to music and drinking than figuring out this mess :smiley:

1 Like

I also have this issue on Ubuntu. However, I must be ,missing something, because I can’t connect the Windows or Android app without disabling the firewall.

1 Like

For Linux based Core server, if you’re running something like UFW firewall, you may need to open the ports. Something like:
sudo ufw allow 9330:9339/tcp

3 Likes