Duplicati.WindowsService not running as administrator

Yes, the first one is from Duplicati itself (there should be more info that just “Server crashed”).

The two others are Windows crash log handling and not valuable unless you are using some of Microsofts crash dump viewers.

Sure, it should just exit with an error code, no need to re-throw the exception after it has been reported. But it is tricky to get right, so we are sure that the error is reported, throwing it ensures that it is reported and the process stops.

That is the sysadmins plight: determine the right level of security. If you use a webservice password, ServerUtil does not need the encryption key.

The ... was meant to stand for deleted lines, but yes there’s an informative stack trace too:

Exception Info: Duplicati.Library.Interface.UserInformationException: Server crashed on startup
 ---> System.Exception: A serious error occurred in Duplicati: Duplicati.Library.Interface.SettingsEncryptionKeyMissingException: Encryption key is missing.
   at Duplicati.Library.Encryption.EncryptedFieldHelper.Decrypt(String value, KeyInstance key)
   at Duplicati.Server.Database.Connection.DecryptSensitiveFields(String fieldValue, KeyInstance key)
   at Duplicati.Server.Database.Connection.<GetSettings>b__27_0(IDataReader rd)
   at Duplicati.Server.Database.Connection.Read[T](IDbCommand cmd, Func`2 f)+MoveNext()
   at System.Collections.Generic.LargeArrayBuilder`1.AddRange(IEnumerable`1 items)
   at System.Collections.Generic.EnumerableHelpers.ToArray[T](IEnumerable`1 source)
   at Duplicati.Server.Database.Connection.ReadFromDb[T](Func`2 f, String sql, Object[] args)
   at Duplicati.Server.Database.Connection.GetSettings(Int64 id)
   at Duplicati.Server.Database.ServerSettings.ReloadSettings()
   at Duplicati.Server.Database.ServerSettings..ctor(Connection con)
   at Duplicati.Server.Database.Connection..ctor(IDbConnection connection, Boolean disableFieldEncryption, KeyInstance key)
   at Duplicati.Server.Program.GetDatabaseConnection(Dictionary`2 commandlineOptions, Boolean silentConsole)
   at Duplicati.Server.Program.Main(String[] _args)
 ---> Duplicati.Library.Interface.SettingsEncryptionKeyMissingException: Encryption key is missing.
   at Duplicati.Library.Encryption.EncryptedFieldHelper.Decrypt(String value, KeyInstance key)
   at Duplicati.Server.Database.Connection.DecryptSensitiveFields(String fieldValue, KeyInstance key)
   at Duplicati.Server.Database.Connection.<GetSettings>b__27_0(IDataReader rd)
   at Duplicati.Server.Database.Connection.Read[T](IDbCommand cmd, Func`2 f)+MoveNext()
   at System.Collections.Generic.LargeArrayBuilder`1.AddRange(IEnumerable`1 items)
   at System.Collections.Generic.EnumerableHelpers.ToArray[T](IEnumerable`1 source)
   at Duplicati.Server.Database.Connection.ReadFromDb[T](Func`2 f, String sql, Object[] args)
   at Duplicati.Server.Database.Connection.GetSettings(Int64 id)
   at Duplicati.Server.Database.ServerSettings.ReloadSettings()
   at Duplicati.Server.Database.ServerSettings..ctor(Connection con)
   at Duplicati.Server.Database.Connection..ctor(IDbConnection connection, Boolean disableFieldEncryption, KeyInstance key)
   at Duplicati.Server.Program.GetDatabaseConnection(Dictionary`2 commandlineOptions, Boolean silentConsole)
   at Duplicati.Server.Program.Main(String[] _args)
   --- End of inner exception stack trace ---
   at Duplicati.Server.Program.Main(String[] _args)
   at Duplicati.GUI.TrayIcon.HostedInstanceKeeper.<>c__DisplayClass5_0.<.ctor>b__0(Object dummy_arg)
   --- End of inner exception stack trace ---
   at Duplicati.GUI.TrayIcon.HostedInstanceKeeper..ctor(String[] args)
   at Duplicati.GUI.TrayIcon.Program.Main(String[] _args)
   at Duplicati.GUI.TrayIcon.Net8.Program.<>c__DisplayClass0_0.<Main>b__0()
   at Duplicati.Library.Crashlog.CrashlogHelper.WrapWithCrashLog[T](Func`1 method, String logdir, String applicationName)
   at Duplicati.GUI.TrayIcon.Net8.Program.Main(String[] args)

It still seems a sequencing challenge that is not well documented. On Windows, the safest way to set initial Service Server password seems to me to be ServerUtil (then close that window), but it’s going to need the signin token method, so use that before disabling via DB encryption or Settings.

To return to topic, are we closer to finding this topic’s issue? I think I’m still waiting on @pheitman because we’re not sure the Service Server environment is set, and not sure of the total event log.

I have tried unencrypting the db. I set the SETTINGS_ENCRYPTION_KEY in the shell environment and then run ./Duplicati.Server --disable-db-encryption=true. The server starts up. I then unset the environment variable and run ./Duplicati.Server. It says that I need to either the encryption key or run with --disable-db-encryption. When I try ./Duplicati.Server --disable-db-encryption=true, I get the same error. The top of the stack trace is

A serious error occurred in Duplicati: Duplicati.Library.Interfaces.SettingsEncryptionKeyMissingException: Encryption key is missing.
at Duplicati.Library.Encryption.EncryptedFieldHelper.Decrypt(String fieldValue, KeyInstance key)

Previous posts may explain:

Docs say:

If you need to remove the encryption key for some reason, provide the key as above, and additionally supply the option:

--disable-db-encryption=true

Please try that as the docs explain.

I think that is what I’ve tried. the section on “Configuring the Server Encryption” describes how to encrypt the db and then how to access it once it has been encrypted. I have done that but then the Server does not have the encryption key when started by the Windows Service. I then tried to decrypt the db by following the docs and that does not seem to work. The encryption key is still required after running the server with the encryption key in the environment and --disable-db-encryption=true passed the the Duplicati.Server.

I’m obviously really confused about how to run the Server as the System user via the Windows Service executable. I’ll be glad to uninstall the whole thing and reinstall it but I feel like I need a different set of instructions. How I think things are working and the way they actually work are too different. How do others install and configure Duplicati using the Windows Service and have it run as the administrator so that it can access and backup all of the users on the system? I’m glad to set field encryption keys and GUI passwords but frankly don’t consider it important for my use case (home, local network, not remotely accessible, etc).

Seemingly not in recent post. Reading the stated steps:

You need to have the environment variable (or equivalent option) to avoid that error.

Was encryption key put-back after removal not mentioned? I was going by what got posted.

There has also been no verification that the encryption key actually is in environment, right?

Addition was from some registry edit, maybe no system restart, no Process Explorer check?

This is historically hard, and worse with new mandatory password and suggested encryption.

Update Windows installer to offer the choice of installing the Windows service #1738
predates the new design, but presumably if it’s ever done it would also help lead through that.

Duplicati Tutorial 02 Install Duplicati as a Service is one way to work with the previous design, produced by the author of the old manual. Most users don’t tell us exactly how they did setup.

Service and WindowsService in new docs doesn’t say much, but is certainly part of the setup.

You can see my complaint above that it’s tough on users to locate all steps and needed order.

You said that works. Try adding --settings-encryption-key=<key> --disable-db-encryption

That “should” decrypt the System Server database, and get you back to the nag you tried to stop.

Doing it likely impedes malware if it gets in your account, but the choice is certainly yours.

If you dislike nag, you can reinstall the Windows service with --disable-db-encryption

Duplicati as a service - more complicate than it need be Feature topic states the problem.

Option to install as service in Windows installer Installation topic agrees that it’d be good.

Migrating from User to Service install on Windows gives steps harder than the new setup.
There are also unsettled issues such as whether default DB location is killed by Windows.
This was definitely once a problem on version update, but it’s unclear whether it got fixed.

I wish instructions existed, preferably in the new manual. Setup is also complicated by a new emphasis on security. possibly also of the database (not sure). Anyway, rough idea looks like:

If you were never able to decrypt old server database, that’s a problem, but you can delete it.

Stop Duplicati service, TrayIcon, Server, etc. if any of them are up, or port conflict may occur.

Assuming you still have the Duplicati install, go to C:\Program Files\Duplicati 2, and do things.
This will need to be done in Start menu right-click “Command Prompt (Admin)” or similar way:

The uninstall below might fail if it’s not currently installed. If a pre-2.1 was installed, it will help:

C:\Program Files\Duplicati 2>Duplicati.WindowsService uninstall
Duplicati service delete succeeded.

C:\Program Files\Duplicati 2>Duplicati.WindowsService uninstall
Duplicati service delete failed. Exception: Win32 error 1060 during delete service (OpenService)

C:\Program Files\Duplicati 2>Duplicati.WindowsService install
Duplicati service installation succeeded.
C:\Program Files\Duplicati 2>sc start duplicati

SERVICE_NAME: duplicati
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 2  START_PENDING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x7d0
        PID                : 8640
        FLAGS              :

C:\Program Files\Duplicati 2>Duplicati.CommandLine.ServerUtil change-password --server-datafolder C:\Windows\System32\config\systemprofile\AppData\Local\Duplicati
Connecting to http://localhost:8200/...
Please provide the new password: ********

C:\Program Files\Duplicati 2>

You can then brows to http://localhost:8200 and login with the password that you assigned.

C:\Program Files\Duplicati 2>Duplicati.GUI.TrayIcon --no-hosted-server --webservice-password=password

C:\Program Files\Duplicati 2>

can be done (Administrator window is not required), or you can right-click-edit desktop shortcut.

If you like start at login, you can edit that. Either way, Duplicati reinstall might overwrite change.

In current Beta, TrayIcon Open does not seem to work, but that might be fixed in a later Canary.

EDIT:

Note that I’m leaving in chance that Windows version update might move config to Windows.old.
This hasn’t been reported lately, so maybe Windows isn’t doing that now, but it’s not well proven.

I’m also leaving out the step to encrypt database fields, as it didn’t bother you. Others might care.

I can’t thank you enough for those instructions. I had to completely uninstall duplicati and remove the old (encrypted) database but then after reinstalling and following the instructions I have a working system that is running as a windows service as SYSTEM.

I’m still unclear on the TrayIcon. I can start it as you describe but it doesn’t start automatically when I log in. Should I just create a shortcut for it in the Startup Menu?

Where is that? If you know how, do it, but make sure to add --no-hosted-server to shortcut.

Some hints (at least for Windows 10):

You can find Duplicati on the Start menu, right-click, More, Open file location. Most installs use:

C:\Program Files\Duplicati 2

Right-click Duplicati.GUI.TrayIcon, Send to Desktop (create shortcut)

Right-click your new Desktop shortcut, Properties, Target, add --no-hosted-server at its end.

Cut the shortcut to prepare for a move.

Open startup folder with Windows-R shell:startup or go to startup in a new Explorer window.

Right-click and paste Desktop shortcut.

Go to Settings → Apps → Startup to verify Duplicati.GUI.TrayIcon is visible there and turned on.

Configure startup applications in Windows Configure applications from File Explorer is MS page, and there are probably a lot of other pages on the Internet that try to explain this awkward setup.

EDIT:

This assumes that your original install had Windows service in mind, so turned off these options:

image440×173 4.69 KB

If you didn’t turn that off, you can uninstall and try again. Also, don’t have installer start Duplicati, because it won’t know that you intend to use --no-hosted-server so will come up in usual way.