DRM Error 3324 [MachineTokenInvalid] Sub Error Code = 111
This article contains the steps needed to be taken in case any user encounters DRMError 3324 with Sub Error code 111 - Machine Token Invalid.
When trying to play AAXS (Adobe Access) protected DRM stream you encounter following error :
A 3324 error is dispatched if the license server does not recognize the client’s “MachineToken”. This token is provisioned by the Individualization service, and if the Individualization service uses a certificate that is not trusted by the Access DRM license server, the token is obviously “invalid”.
Sub-Error-ID 111 is the server-side error code and maps to “REQ_MACHINE_TOKEN_INVALID_EXPIRED”, which happens if the client’s Machine Token is expired or invalid.
- Please check if you have updated all of your Access DRM License Servers to trust new Individualization Service endpoint that we recently stood up. Please follow the instructions outlined in this post: https://community.adobe.com/.
- If you have done the above, then perhaps the DRM licnese server (1 or more of them) were not updated properly and/or not restarted after the update described above.
- If the above two did not work, then perhaps there is a firewall/access issue for the Access DRM license server which is preventing from hitting the following URL (which is where the license server must get the CRL - Certificate Revocation List - file from). Please check to make sure your server can reach the CRL endpoint. There was a new CRL endpoint that was stood up to serve the new individualization server. Perhaps your license server has access issues hitting this new endpoint: http://individualization-crl.primetime.adobe.com/FlashAccessIndividualizationCA.crl
If you are indeed having access issues reaching this file, to get around the current hurdle, you can manually copy that file to your license server and (if you’re using Tomcat), place it into the tomcat/temp/ folder, which is where downloaded .crl files go.