I’m trying to create a backup on a Windows 11 Pro client with a UNC path destination (QNAP NAS over VPN).
I use a path like \ \192.168.123.45\home\Duplicati (no spaces, but it seems like the formatting is broken here) as the destination and enter user name and password.
When I click the “Test connection” button, it usually just changes to “Testing…” but nothing happens.
Only once did a popup come up, which said “Connection OK”, so I was eventually able to save the backup configuration. I was able to start the backup once, but then I canceled it because it was eating up all my bandwith, so I figured I’d let it run over night later.
But now, when I run the backup, I get an error message telling me that the path was not found.
And when I edit the configuration and click the “Test connection” button, it is again stuck on “Testing…”.
I can access the share just fine from Windows Explorer, but I don’t want to mount it to have some additional protection against ransomware etc. (wouldn’t be good if ransomware could just encrypt my backups).
So I’d like Duplicati to handle mounting the share. I chose “single user system” when I installed Duplicati.
I have never used this config for real but I tested it one time, I used install in service mode with a different user than the default one (say, if my user name is ‘gp’, I used ‘backup’ as a different user with its own password), and it seems to work fine (the files are created with ‘backup’ as owner and I can’t delete them when logged in as ‘gp’). This backup is also working on a QNAP Nas (only difference is that I did not use an IP address, I have a host name set in the ‘hosts’ file).
This said, it may be possible than the test could be polluted by the local login, especially if you use the same user name for your login as the one you use for backup (very much not a good idea)
Thank you for your reply. I am indeed using the same user name, but I configured SERVERNAME\USERNAME in Duplicati, so I guess that should be fine? And like I said, the connection was tested successfully once at least…
The look might also change your opinion on whether or not you have completely hidden your backups. Probably it depends on how sophisticated the ransomware is at figuring out what things it can destroy.
No, I don’t want to use net use. Obviously then it would work, but then the share would also be accessible to ransomware. You can’t “hide” from ransomware, if the process run’s in a different user’s context, then the share simply isn’t accessible.
The net use was suggested as a diagnostic, however it might not get desired output –
What user is Duplicati running as? Do you use a service install, so maybe as SYSTEM?
EDIT 1:
so maybe not SYSTEM. If you’re not sure of Duplicati user, see About → System info → UserName.
EDIT 2:
Services and Redirected Drives has some warnings if you’re running a service. I don’t know your plan.
If you plan to run Duplicati as a special user less likely to get infected, it has its own set of drive letters.
but apparently something is going wrong, and so needs you to run some diagnostic tools to investigate. Feel free to use other tools if you know them. I am not an SMB guru, and it’s often unpredictable to me.
Thank you, I just checked. Seems like Duplicati is running under my own user. I guess if I really want protection against ransomware, I should run it under a different user or as SYSTEM.
I selected “I’m the only user” when I installed Duplicati, so I guess that’s why it was set up like this.
I guess I could also add a “backup” user to my machine and map the network share to a drive letter, then the problem should go away…
Thanks for the code, I’ll run it locally to see if it helps in diagnosing the problem, but I doubt it. I think it has to be a bug in Duplicati since the “Test connection” bug shouldn’t be stuck on “Testing…”. It should at least show an error…? What a coincidence I’m a C# developer by profession…
It should help, however SYSTEM usually implies a Windows service, which has its limits as linked.
More on the “really want protection” below. Ransomware wants to defeat you, so it’s a bit of a fight.
Introduction to the Graphical User Interface explains this have-a-password-or-not security decision.
There’s no impact on what process Duplicati runs as. By default, it runs as whatever user started it.
Duplicati components talks a bit about file permissions based on user it runs as, and service option.
Running as a Windows service currently needs manual setup. There’s an open request to do better:
The code was shown mainly in case a Duplicati developer got interested, after your initial diagnosis.
It also shows (past the truncated view, so you have to click on it) use of a WNetAddConnection2 that Windows Networking Functions lists, and the Services and Redirected Drives has warnings on.
There are an awful lot of “should” statements, which are fine, but ultimately the question is “does it”?
FWIW I was using a simple username going from Windows 10 to Windows 10, i.e. no computer info.
I could type a simple net use to see what Windows had to say about the state of the share connect.
PowerShell Get-SmbSession saw nothing, possibly because it needs admin, but my usual user isn’t.
You’re certainly welcome to work code, but that wasn’t the reason for posting. All of my efforts had been for you to do initial basic information gathering using command line tools, then hope a dev will pick it up. There’s a rather big backlog of issues and other things needing help from the few people who volunteer.
Saying that something is a bug doesn’t help much until a basic understanding is attained, ideally a repro. Two people here find that it works for them. If you can find a repro, ideally needing no special equipment, you can put the steps in a Duplicati GitHub Issue to wait its turn for some investigation.
Moving on to the malware-proofing “should”, it’s tough to prove something is good until malware proves otherwise (in which case it’s a disproof). This is why one should ideally use multiple layers of protection, multiple backups, and so on. I’m not a Windows dev, but a question would be whether malware that can get SYSTEM can then use its power to get into other users to then discover the access you’re guarding. The logon session text in Services and Redirected Drives might help protect you. I don’t know…
My offline backup (done rarely though) is on a USB-powered hard drive that’s not generally connected… Online backups are convenient, but hard to protect except through logic-and-hope, or specialty facilities. Search the web or Duplicati forum for “immutable” or “object lock”, but they cause operational problems.
The “Test connection” button not working in Firefox was due to uBlock Origin. Which is strange because uBlock Origin claimed nothing was blocked. But disabling the addon fixed the issue and the “Test connection” button reported that the connection was fine. It was also working fine in Chrome.
It seems like the critical part was this:
I canceled it because it was eating up all my bandwith, so I figured I’d let it run over night later.
But now, when I run the backup, I get an error message telling me that the path was not found.
I opened the folder in Windows Explorer and saw lots of Duplicati files (from the initial, canceled backup). I deleted them and the “folder not found” error went away.