SSL Errors in Roon Logs Affecting Tidal (ref#MPIXAW)

Frederic_Vanden_Poel · October 7, 2025, 12:08pm

What best describes your playback issue?

· Music stops playing unexpectedly

What type of Zone is affected by this problem?

· *All of my Zones* are affected.

Does the issue affect all file formats?

· The issue affects *multiple/all* file formats.

Does the issue happen with local library music, streaming service music, or both?

· *Only streaming* music is affected.

Please select the streaming service(s) with which you're encountering playback problems.

· TIDAL

Have you tried logging out and back in again to your streaming service in Roon Settings?

· Logging out and back in had no impact, the issue remains

Do you have an approximate timestamp of when the issue last occurred?

· 10/07 12:40:33

What are the make and model of the affected audio device(s) and the connection type?

· 432 EVO music server

Describe the issue

Tidal related SSL errors in Roon logs

Describe your network setup

Cable modem -> Mikrotik router -> 432 EVO

Frederic_Vanden_Poel · October 7, 2025, 12:09pm

We see a Tidal Login failure in the Roon remote. We need to retry several times while a music from Tidal is playing, or playback will stop.

As soon as the Tidal error shows in the GUI, the SSL error is visible in the log.

A curl to the same site, does not result in SSL errors:

# grep -i SSL RoonServer_log.txt
10/07 12:40:33 Warn: [easyhttp] [12] GET https://api.roonlabs.net/accounts5/accounts/3/userinfo?token=___&machineid=___ web exception without response: socketmsg (ConnectionReset):  The SSL connection could not be established, see inner exception. The SSL connection could not be established, see inner exception.
10/07 12:40:44 Warn: [easyhttp] [23] GET https://api.roonlabs.net/messaging/1/api/messages/bc___ web exception without response: socketmsg (ConnectionReset):  The SSL connection could not be established, see inner exception. The SSL connection could not be established, see inner exception.
10/07 12:41:00 Warn: [easyhttp] [27] GET https://api.roonlabs.net/updates/update/?v=2&serial=___&userid=___&platform=linuxx64&product=RoonServer&branding=roon&curbranch=production&version=205501559&branch=production&coredeviceid=___&deviceid=___&osversion=Linux+5.14.0-570.21.1.el9_6.x86_64%2brt&os64bit=true web exception without response: socketmsg (ConnectionReset):  The SSL connection could not be established, see inner exception. The SSL connection could not be established, see inner exception.
grep: RoonServer_log.txt: binary file matches


# curl https://api.roonlabs.net/
Page not found

Frederic_Vanden_Poel · October 7, 2025, 1:16pm

The SSL errors also affect cover art, e.g. playing this Amatorski album from Tidal, there’s no cover:

10/07 15:08:56 Warn: [broker/images] unexpected error GET'ing https://imagecache.roonlabs.net/im/1/albums/a6003139343230313830/cover/1024.jpg: statuscode=999 error=System.Net.WebException: The SSL connection could not be established, see inner exception.
 ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.IO.IOException: Unable to read data from the transport connection: Connection reset by peer.
 ---> System.Net.Sockets.SocketException (104): Connection reset by peer
   --- End of inner exception stack trace ---
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource<System.Int32>.GetResult(Int16 token)
   at System.Net.Security.SslStream.<FillHandshakeBufferAsync>g__InternalFillHandshakeBufferAsync|189_0[TIOAdapter](TIOAdapter adap, ValueTask`1 task, Int32 minSize)
   at System.Net.Security.SslStream.ReceiveBlobAsync[TIOAdapter](TIOAdapter adapter)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at System.Net.HttpWebRequest.SendRequest(Boolean async)
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location ---
   at Base.EasyHttp.HttpWebRequestEasyHttp.QueryAsyncInternal(HttpMethod method, Params p, CancellationToken canceltoken, IAuthProvider auth, Int32 nestedrequestcount)

A wget can fetch this image without any SSL issues. curl can also connect

[root@432OS tmp]# wget https://imagecache.roonlabs.net/im/1/albums/a6003139343230313830/cover/1024.jpg
--2025-10-07 15:15:49--  https://imagecache.roonlabs.net/im/1/albums/a6003139343230313830/cover/1024.jpg
Resolving imagecache.roonlabs.net (imagecache.roonlabs.net)... 104.20.47.62, 172.66.148.147, 2606:4700:10::6814:2f3e, ...
Connecting to imagecache.roonlabs.net (imagecache.roonlabs.net)|104.20.47.62|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 269632 (263K) [image/jpeg]
Saving to: ‘1024.jpg’

1024.jpg                                                            100%[===================================================================================================================================================================>] 263.31K  --.-KB/s    in 0.03s

2025-10-07 15:15:49 (7.36 MB/s) - ‘1024.jpg’ saved [269632/269632]

alex_h · October 8, 2025, 10:13am

Good day @Frederic_Vanden_Poel !

I hope you’re doing well.

We were just able to review the analytics report from your machine and could see that you were normally able to play tidal music today.

can you please confirm with us whether the problem still persists for you ?

Looking forward to your reply!

Regards.

Frederic_Vanden_Poel · October 8, 2025, 10:45am

We use a Mikrotik router with several isolated VLAN’s. Roon is in one VLAN, and a specific docker application is using another VLAN. The Mikrotik is connected in bridging mode to the modem. The modem also supports a second router, but in double NAT mode, since it can only passthrough one MAC address and assign a public IP, the rest is assigned a NAT address.

After a whole afternoon of network analysis, we traced this issue to a potential ISP modem issue, where Roon’s https requests are being reset, when the Docker application would be doing a short burst of upstream traffic at startup.

Then within minutes, Roon would experience these SSL issues. Even when moving Roon to a dedicated router we use at hifi shows, and the Docker application on another router, we can still reproduce the issue when both share the same ISP modem - so the ISP CPE is probably the cause.

Without this Docker application running, Roon + Tidal has completed an 8 hour Tidal playlist without dropping the Tidal login.

We will contact our ISP to get the faulty modem replaced, since it should not be resetting connections. We can now reproduce the issue on demand.

system · October 9, 2025, 10:45am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.