FTP (Alternative) and the optioning is a little different, but I suspect new URL starts with aftps.
The s on the end means SSL (actually TLS these days) but I’m not sure docs are clear on that.
One note on live log is sometimes clicking on failure lines will get more information on a failure.
8. Mrz. 2023 13:27: Backend event: Put - Started: duplicati-b783cafbfcd054f6ab6804f54acadbe27.dblock.zip.aes (49,96 MB)
8. Mrz. 2023 13:27: Renaming "duplicati-b75899f4c97a54a758784ab80c02172d0.dblock.zip.aes" to "duplicati-b783cafbfcd054f6ab6804f54acadbe27.dblock.zip.aes"
8. Mrz. 2023 13:27: Backend event: Put - Rename: duplicati-b783cafbfcd054f6ab6804f54acadbe27.dblock.zip.aes (49,96 MB)
8. Mrz. 2023 13:27: Backend event: Put - Rename: duplicati-b75899f4c97a54a758784ab80c02172d0.dblock.zip.aes (49,96 MB)
8. Mrz. 2023 13:27: Backend event: Put - Retrying: duplicati-b75899f4c97a54a758784ab80c02172d0.dblock.zip.aes (49,96 MB)
8. Mrz. 2023 13:27: Operation Put with file duplicati-b75899f4c97a54a758784ab80c02172d0.dblock.zip.aes attempt 1 of 6 failed with message: Der Remoteserver hat einen Fehler zurückgegeben: (421) Dienst nicht verfügbar, Steuerungsverbindung wird geschlossen.
{"ClassName":"System.Net.WebException","Message":"Der Remoteserver hat einen Fehler zurückgegeben: (421) Dienst nicht verfügbar, Steuerungsverbindung wird geschlossen.","Data":null,"InnerException":null,"HelpURL":null,"StackTraceString":" bei Duplicati.Library.Utility.AsyncHttpRequest.AsyncWrapper.GetResponseOrStream()\r\n bei Duplicati.Library.Utility.AsyncHttpRequest.GetRequestStream(Int64 contentlength)\r\n bei Duplicati.Library.Backend.FTP.<PutAsync>d__19.MoveNext()\r\n--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---\r\n bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n bei Duplicati.Library.Main.Operation.Backup.BackendUploader.<DoPut>d__24.MoveNext()\r\n--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---\r\n bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n bei Duplicati.Library.Main.Operation.Backup.BackendUploader.<>c__DisplayClass20_0.<<UploadFileAsync>b__0>d.MoveNext()\r\n--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---\r\n bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n bei Duplicati.Library.Main.Operation.Backup.BackendUploader.<DoWithRetry>d__21.MoveNext()","RemoteStackTraceString":null,"RemoteStackIndex":0,"ExceptionMethod":"8\nGetResponseOrStream\nDuplicati.Library.Utility, Version=2.0.6.3, Culture=neutral, PublicKeyToken=null\nDuplicati.Library.Utility.AsyncHttpRequest+AsyncWrapper\nSystem.Object GetResponseOrStream()","HResult":-2146233079,"Source":"Duplicati.Library.Utility","WatsonBuckets":null}
I use ftp über TLS
I have this problemens on more than one client. So i think this is ab bug. Shouldn’t duplicati react when something stucks? The problem is that other duplicati backups won’t run and that is a big problem. I don’t like the ftp and would like to use an other protocal like ssh. But the FritzBox 7590 and others only support ftp. On one machine i use a workarround. I make the backups to local drive and after that run a script which makes a sync with winscp to the ftp target. That works very fine. But you need more space and need that extra script. Can I use an other ftp client with Duplicati?
Yes, and it’s been named twice here already, and I don’t see that you’ve used alternative FTP yet.
I also don’t see requested server testing yet. Duplicati.CommandLine.BackendTool.exe is another.
If your server will not work with either of the built-in Duplicati FTP clients, you can test using rclone.
If that seems to work, then you can connect Duplicati to it with the rclone Destination Storage type.
I’m also awaiting you finding out where your Duplicati temporary files are going. Is user wrong one?
You should be able to see a flow of these temporary files as backup progresses. Too many, it waits.
I found very little on why your FTP server is giving a 421 error, but in some cases it’s a connection limit.
How to reduce it was already posted. How to hit it might be open a bunch of Command Prompt and ftp.
It’s not clear if you have other Duplicati backups going to this server. If so, do they do smaller uploads?
A complete log file would also help, rather than having to read tiny bits of information here and there.
log-file=<path> log-file-log-level=retry might be good for starters, to watch concurrent FTP behaviors.
Or just turn that off in Options.
Is this running as a Windows service (needs extra setup)? If so, temporary files are in SYSTEM area.
About → System info line on UserName will display the user that the Duplicati server is running under.
Thx, I don’t know how to managed that. I have to read in how to use the Duplicati.CommandLine.BackendTool.exe
I will try that later when i have more time.
I couldn’t test the Duplicati.CommandLine.BackendTester.exe because it breaks with an error because of the remote-cert. And i see no options to accept a special finger-print.
I “think” (not sure) both of those command line tools are kind of weak in direct understanding of options.
Sometimes one can glue them onto the URL like your post showed for &accept-any-ssl-certificate=true, although I’m not certain which third-party FTP libraries (Microsoft, then an independent project for aftp) respect those. As for finger-print, that sounds a bit SSHish. Regardless, certificate setup sounds messy, maybe with self-signed certificate that Windows doesn’t trust? Even a Lets Encrypt cert might run better.
I opend 10 ftp connections at the same time. No problem here.
grepping the code I see an option ‘accept-any-ssl-certificate’ but only in FTP Alternative, not the vanilla FTP that you are using.
OK, thanks for the test. That removes one suspect for the 421. Your TLS must be getting through, otherwise the server wouldn’t be able to deliver that complaint.
It runs as service. I set an folder for tempdir now and the logfile options as you said.
2023-03-08 19:29:04 +01 - [Information-Duplicati.Library.Main.Controller-StartingOperation]: Die Operation Backup wurde gestartet
2023-03-08 19:29:09 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: List - Started: ()
2023-03-08 19:29:12 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: List - Completed: ()
2023-03-08 19:30:58 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: Put - Started: duplicati-b01bef98dd1c846f99671d9b25d5153cc.dblock.zip.aes (249,99 MB)
2023-03-08 19:30:59 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: Put - Started: duplicati-bb3e57676befd47fa85025fd48d2d9ef8.dblock.zip.aes (249,95 MB)
2023-03-08 19:30:59 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: Put - Started: duplicati-be2c6f9bc1156411c9cbe28d82baffcda.dblock.zip.aes (249,97 MB)
2023-03-08 19:30:59 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: Put - Started: duplicati-bba90ecab4d81461b866ddde882e751d9.dblock.zip.aes (249,99 MB)
2023-03-08 19:31:00 +01 - [Retry-Duplicati.Library.Main.Operation.Backup.BackendUploader-RetryPut]: Operation Put with file duplicati-bba90ecab4d81461b866ddde882e751d9.dblock.zip.aes attempt 1 of 6 failed with message: Der Remoteserver hat einen Fehler zurückgegeben: (421) Dienst nicht verfügbar, Steuerungsverbindung wird geschlossen.
System.Net.WebException: Der Remoteserver hat einen Fehler zurückgegeben: (421) Dienst nicht verfügbar, Steuerungsverbindung wird geschlossen.
bei Duplicati.Library.Utility.AsyncHttpRequest.AsyncWrapper.GetResponseOrStream()
bei Duplicati.Library.Utility.AsyncHttpRequest.GetRequestStream(Int64 contentlength)
bei Duplicati.Library.Backend.FTP.<PutAsync>d__19.MoveNext()
--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---
bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
bei Duplicati.Library.Main.Operation.Backup.BackendUploader.<DoPut>d__24.MoveNext()
--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---
bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
bei Duplicati.Library.Main.Operation.Backup.BackendUploader.<>c__DisplayClass20_0.<<UploadFileAsync>b__0>d.MoveNext()
--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---
bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
bei Duplicati.Library.Main.Operation.Backup.BackendUploader.<DoWithRetry>d__21.MoveNext()
2023-03-08 19:31:00 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: Put - Retrying: duplicati-bba90ecab4d81461b866ddde882e751d9.dblock.zip.aes (249,99 MB)
2023-03-08 19:31:10 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: Put - Rename: duplicati-bba90ecab4d81461b866ddde882e751d9.dblock.zip.aes (249,99 MB)
2023-03-08 19:31:10 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: Put - Rename: duplicati-bb6c833928f4646be9be1aef60a8ab5de.dblock.zip.aes (249,99 MB)
2023-03-08 19:31:10 +01 - [Information-Duplicati.Library.Main.Operation.Backup.BackendUploader-RenameRemoteTargetFile]: Renaming "duplicati-bba90ecab4d81461b866ddde882e751d9.dblock.zip.aes" to "duplicati-bb6c833928f4646be9be1aef60a8ab5de.dblock.zip.aes"
2023-03-08 19:31:10 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: Put - Started: duplicati-bb6c833928f4646be9be1aef60a8ab5de.dblock.zip.aes (249,99 MB)
``` sorry log has german element. I have to change it, when i find the switch.
The log file stops here. Im sure it is an ftp probleme with the duplicati ftp. I have no problems with the winscp sync to the server. I will infrom myself how to use rclone.
Duplicati Temp Dir:
I tried it first with the &accept-any-ssl-certificate=true
And i get some files one the server. With tls problem that wouldn’t be possilbe.
Thx a lot. The alternate FTP (aftp) is the solutions and works with the 7490 and 7590 AVM FritzBox. All problems are gone on serval machines.
That’s the command line:
C:\Program Files\Duplicati 2\Duplicati.CommandLine.exe" backup "aftp://cxxxx.myfritz.net:48779/HDD1/KD1?auth-username=xxx&accept-any-ssl-certificate=true&aftp-encryption-mode=Explicit&aftp-ssl-protocols=Tls12" "D:\KD1\\" --backup-name=KD1 --dbpath="C:\Program Files\Duplicati 2\data\NXZDER.sqlite" --encryption-module=aes --compression-module=zip --dblock-size=250MB"
With the aftp and the 7490 and 7590 you have to set:
aftp-encryption-mode: Explicit
aftp-encryption-mode: Tls12
Unfortunately, tls 1.3 does not work, although this has been supported since 25.02.2021.
The problem with the normal Duplicati ftp is that it sometimes works and then again it doesn’t. I think the latest updates from AVM have ensured that it no longer works at all. The connection test is OK, but then the backup just hangs.
Supported by what? Do you have a link? Duplicati uses Windows, and their claim is below:
https://avm.de/service/sicherheitsinfos-zu-updates/
**Sicherheitsverbesserungen FRITZ!OS 7.25**
Support for TLS 1.1 on FRITZ!Box server services removed. TLS 1.3 and the ChaCha20-Poly1305 cipher are now supported.
Server support alone doesn’t help. What Windows is this? See the Microsoft table I linked.
There might also be some methods if you really need to get it up on some older Windows.
EDIT:
It’s not clear to me how well such methods go. Early notes said not to use in production…
Safest bet is probably to be on Windows that supports it officially, e.g. 2021’s Windows 11.
For Duplicati, there may also be a need to check .NET Framework. That’s your FTP too…
EDIT 2:
Transport Layer Security (TLS) best practices with the .NET Framework says to consider a
recommendation to target .NET Framework 4.8 for TLS 1.3. That’s a very vague statement,
however if it’s actually relevant, Duplicati targets 4.7.1 now, and the next re-target might be
out of .NET Framework. It’s a dead-end, as Microsoft moves into newer .NET architectures.
Server support alone doesn’t help. What Windows is this? See the Microsoft table I linked.
There might also be some methods if you really need to get it up on some older Windows.
I use Windows 10 machines with the lastest updates and newer versions from the .NET Framewort.
I try tls 1.3 again and get the error:
Failed to connect: Der Client und der Server können keine Daten austauschen, da sie nicht über einen gemeinsamen Algorithmus verfügen
translated:
Failed to connect: The client and the server cannot exchange data because they do not have a common algorithm.
I am wondering that duplicati uses an very old version from Duplicati.Library.Backend.AlternativeFTP (timestamp 2021-10-07, 09:59:15) and in the Duplicati.Library.Backend.AlternativeFTP.dll.config contains:
<?xml version="1.0" encoding="utf-8"?> <configuration> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.1"/> </startup> </configuration>
That seems using an older version of the .NET Framework than 4.8.
What if anything are you changing to do that? Does allowed-ssl-versions offer it? If so, does it help?
Is the NAS configured to allow just TLS 1.3? Or does “try tls 1.3” mean a NAS-side change for that?
That’s a minimum. Newer ones like 4.8 will run code needing just 4.7.1. What Windows has gets run.
I was tempted to ask you to use PowerShell Invoke-WebRequest as a TLS tester, but you’re probably running 5.1, and the documentation says that TLS 1.3 support wasn’t added until 7.1, so it’s awkward.
The Illustrated TLS 1.3 Connection and other references explain this, but you’d either have to do it for yourself (e.g. with Wireshark or be willing to post some decodes, or maybe even a capture of packets.
is decribed at
https://github.com/robinrodricks/FluentFTP/blob/master/README.md
and FTPS with TLS 1.3 links to a big page at
https://github.com/robinrodricks/FluentFTP/wiki/FTPS-Connection-using-GnuTLS
saying Windows can’t do it. This conflicts with Windows’ official page saying Windows 11 has support.
Another alternative might be to bypass Windows 10 crypto and test rclone. That was described above.