Service Install Backup to UNC Paths

Hi all,

I tried to search as many threads as I could on this, but couldn’t find anything.

I’ve managed to wrap my head around service installs, but I can’t figure out UNC path network destinations. It has no problems with local destinations other remote services, but I cannot access a path like \BACKUPSERVER\ExampleBackup.

I assume this is part of the service account it’s running as, but I’m not sure what the best practice is for Duplicati to get around this. I tried running the service under a user account, but when starting the service, it loaded the web interface in a loop until I stopped the service. I’m not sure I like the idea of configuring it this way as a general deployment strategy, either.

I’m sure this has been figured out, but I’m having trouble finding it. Thanks!

Assuming you mean you can’t figure out how to select a UNC path on the Destination page, that’s because it’s not in the GUI. You can manually enter one by clicking the “Manually type path” (I usually just browse to it in Windows Explorer then copy / paste the path)
image

Others have brought this up and discussed it here:

Hi there,

Thanks for the response, but that definitely isn’t my problem. I mean that running as a service, Duplicati will not connect to any UNC paths. If I put in a path, it asks me if I want to create the folder (even though it exists) and then gives me an error like this if I say to try that:

“Failed to connect: Access to the path ‘\server\example\Test’ is denied”

Every client install of Duplicati I have connects to these folders fine, but it’s just when I try to run Duplicati off the service instead, which I would prefer. Like I mentioned, it connects to anything else fine (Backblaze, etc.)

Whoops - sorry about that. I see now you explianed it all in the topic title. :blush:

So is this is what you’re running into after licking the “Test connection” then “Yes” buttons?
image

Note that it has pre-pended “/app/duplicati” to the value in the “Folder path” field…I’m not really sure why.

  1. I’m not sure how the web interface got into a loop…was it opening a bunch of windows or you stick reloading a particular page repeatedly?

  2. Yes - this has been figured out as people are definately using it, so I’m not quite sure what’s going on with your installation. Is it safe to assume you included the appropriate “username” and “password” field values for the UNC destination?

  3. What about configuring Duplicati this way as a general deployment strategy is making you unsure?

  4. What version of Duplicati are you running and on what OS?

When running from a service, you do not have the “user context”.
The way network drives work in Windows is that they are opened/mounted for the current user, and the login is authenticated using the current user.
When you are running as a service, you are connecting to the share as the local system (machine) administrator, which does not have access to remote shares.

It should work if you enter correct credentials in the destination setup, as Duplicati will then attempt to pre-authenticate with those credentials before connecting. As the destination is then opened/mounted it will not attempt to log in with the local system account.

So the only real reason to run the service in something other than the default account is for access to otherwise unavailable local resources?

Yes, running Duplicati as Administrator is only useful if you want to use VSS or have full-disk access.

Ken,

The service not having the same privileges is what I assumed is the problem, but I can’t make heads or tails out of why this isn’t working. I’m running on a Windows 10 Professional box. I’m trying three different destinations: one is a Synology NAS and the other two are Windows Servers 2008 R2 and 2012 R2.

The Synology gives me this: Failed to connect: The specified server cannot perform the requested operation. The log has this:

System.IO.IOException: The specified server cannot perform the requested operation.

at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.Directory.InternalCreateDirectory(String fullPath, String path, Object dirSecurityObj, Boolean checkHost)
at System.IO.Directory.InternalCreateDirectoryHelper(String path, Boolean checkHost)
at Duplicati.Server.WebServer.RESTMethods.RemoteOperation.CreateFolder(String uri, RequestInfo info)
at Duplicati.Server.WebServer.RESTHandler.DoProcess(RequestInfo info, String method, String module, String key)

Both Windows boxes give the same error, that access is denied. The log entry says the same thing.

On all destinations, I am trying multiple credentials and different shares. This is such a basic thing, I’m surprised I’m having any trouble at all. The only thing that looks odd to me is that when I go back to edit the paths, Duplicati shows it as something like this: \nas\Me\Testing/ Note that last trailing forward slash.

I know I’d like to sort this out, since I have multiple situations where I need to use VSS, and I prefer the way the service operates as opposed to the client. Anything I can do to give more information, please let me know.

This should have some kind of matching error message on Synology that says why it cannot create the folder.

For the permission issues: that is hard to debug, because you just get “permission denied” indicating that username/password is not correct or not correctly passed.

Not sure what I can suggest to further debug this, so here is another idea:

For Synology (and possibly for the Windows installs) maybe you can run another service, such that you have more explicit control over what logins are used. For instance, others suggest running Minio:

If you run this on the Synology and on Windows, you don’t need to rely on the Windows authentication mechanism, but can use your own username/password:
https://docs.minio.io/docs/minio-quickstart-guide

1 Like

Ok, this worked for me, your results may be different.

Open the service manager, right click on Duplicati and choose properties. Then in the “Log On” tab use a local account that both has read/right privileges on the destination and is an administrative user on the windows machine. After doing that I seem to be able to back up all users files.

Gene

There’s no need, you can specify the credentials for the remote share in the job and leave the service credentials as default (Local System), all my backup jobs do this for all my machines:

I only wish the web GUI hid the password.

But this did not work for me. That’s how I ended up at this topic. Doing what you describe, I got “the specified server cannot perform the requested operation”. I assume there is some interface/protocol issue with my Samba server. What I described worked for me.

Did you use the “Browse” button to find the share?

Also, I’ve had issues in the past using the admin shares with Samba ie. trying to access C$ or any hidden shares. Always best to use a specific share and not use “$” to hide them because it actually doesn’t except for apps that adhere to no showing them - it’s like hiding SSIDs for wireless, it’s pointless.