"Unable to decrypt the encrypted video source (0x20500006)"

Challzure 1 Reputation point
2021-12-18T16:29:03.03+00:00

Hi,
I am trying to stream an asset with DRM encryption but keep getting
"Unable to decrypt the encrypted video source (0x20500006)" error,

I have searched for couple of days for a solution and I can't figure it out.
I am uploading the video and issuing a token using this code:
https://github.com/Azure-Samples/media-services-v3-node-tutorials/blob/main/StreamFilesWithDRMSample/index.ts

I am getting the streaming URL with the token but when trying to play it with https://ampdemo.azureedge.net/ I am getting the error.

I can successfully upload and stream a video without DRM though.

My decoded jwt looks like that: 

{
  "urn:microsoft:azure:mediaservices:contentkeyidentifier": "XXXXX-XXXXX-XXX-XXXX-XXXXXXXX",
  "exp": 1639929683,
  "nbf": 1639842983,
  "iat": 1639843283,
  "aud": "https://XXX.com",
  "iss": "https://XXX.com"
}

And I have a content key policy named CommonEncryptionCencDrmContentKeyPolicy with type PlayReady, Widevine
and the primary verification key in it is the same as in the code, in addition, I don't have any custom claims in the policy.

Please help, I can't see what am I doing wrong here.

Azure Media Services
Azure Media Services
A group of Azure services that includes encoding, format conversion, on-demand streaming, content protection, and live streaming services.
305 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. John Deutscher (MSFT) 2,126 Reputation points
    2021-12-18T21:29:13.723+00:00

    I can't quite spot the issue within the token, but it could be something to do with the way that you have defined the restriction in the ContentKeyPolicyTokenRestriction object.

    Make sure that your issuer and audience match what you passed into the JWT token. If the sample worked for you, it might be the difference. Otherwise, as noted on Stack Overflow, the other common issue for the 0x20500006 error in the player is not using https on the player page and the URL. But I don't think that is your issue here.

    let restriction: ContentKeyPolicyTokenRestriction = {
    odataType: "#Microsoft.Media.ContentKeyPolicyTokenRestriction",
    issuer: issuer,
    audience: audience,
    primaryVerificationKey: primaryKey,
    restrictionTokenType: "Jwt",
    alternateVerificationKeys: undefined,
    requiredClaims: requiredClaims
    }

    Check through all pats that set the Content Key Policy token restriction up, and make sure that it matches your required claims passed into the JWT token.

    0 comments