diff --git a/biz/server/rpc_pull_config.go b/biz/server/rpc_pull_config.go
index 360cc7d..1d8f845 100644
--- a/biz/server/rpc_pull_config.go
+++ b/biz/server/rpc_pull_config.go
@@ -45,6 +45,8 @@ func PullConfig(appInstance app.Application, serverID, serverSecret string) erro
 
 	ctrl := appInstance.GetServerController()
 
+	InjectAuthPlugin(ctx, s)
+
 	if t := ctrl.Get(serverID); t != nil {
 		if !reflect.DeepEqual(t.GetCommonCfg(), s) {
 			t.Stop()
@@ -56,8 +58,6 @@ func PullConfig(appInstance app.Application, serverID, serverSecret string) erro
 		}
 	}
 
-	InjectAuthPlugin(ctx, s)
-
 	ctrl.Add(serverID, server.NewServerHandler(s))
 	ctrl.Run(serverID)
 
diff --git a/biz/server/update_tunnel.go b/biz/server/update_tunnel.go
index 118d629..7bc62ba 100644
--- a/biz/server/update_tunnel.go
+++ b/biz/server/update_tunnel.go
@@ -24,6 +24,8 @@ func UpdateFrpsHander(ctx *app.Context, req *pb.UpdateFRPSRequest) (*pb.UpdateFR
 		}, err
 	}
 
+	InjectAuthPlugin(ctx, s)
+
 	serverID := req.GetServerId()
 	if cli := ctx.GetApp().GetServerController().Get(serverID); cli != nil {
 		if !reflect.DeepEqual(cli.GetCommonCfg(), s) {
@@ -38,8 +40,6 @@ func UpdateFrpsHander(ctx *app.Context, req *pb.UpdateFRPSRequest) (*pb.UpdateFR
 		}
 	}
 
-	InjectAuthPlugin(ctx, s)
-
 	ctx.GetApp().GetServerController().Add(serverID, server.NewServerHandler(s))
 	ctx.GetApp().GetServerController().Run(serverID)