Upgrade from 2.0.7.1 / 2.0.9.101 to 2.1.0.5 / 2.0.9.102 causes JWT token prompt and DB reset

Support
1

Hello,

I’ve been running Duplicati 2.0.7.1 on a Windows 11 host and a Windows Server 2019 host for over a year without issue. This morning, I attempted to upgrade both to 2.1.0.5. The Windows 11 host upgraded without any problems; however, the Windows Server 2019 host exhibited some problems after upgrading to 2.1.0.5.

After upgrading, the web interface no longer shows my backup jobs and instead prompts me for a JWT Sign-in Token. There is no visible token to enter, and attempts to proceed fail. Additionally, I noticed in the Windows Application Log a warning stating:

No database encryption key was found. The database will be stored unencrypted. Supply an encryption key via the environment variable SETTINGS_ENCRYPTION_KEY or disable database encryption with --disable-db-encryption.

I observed that the upgrade process backs up the existing Duplicati-server.sqlite database (e.g., backup Duplicati-server 20250809070944.sqlite) but replaces the live DB with a blank one. As a result, all previous backup jobs and settings appear lost in the new UI.

Troubleshooting steps I have taken include:

  • Attempting to disable DB encryption and supplying the encryption key, but the problem persists.

  • Incrementally upgrading from 2.0.7.1 to 2.0.9.101 (successfully), then to 2.0.9.102, where the JWT prompt behavior first manifests.

  • Running Duplicati.Server.exe manually with --webservice-password to try to capture migration output or JWT token, but logs are minimal and no token is shown.

  • Observing that the web UI in 2.0.9.102 appears unstyled and broken, likely due to missing or failed UI asset loading.

  • Clearing browser cache and trying multiple browsers with no improvement.

  • Confirming Duplicati runs as a tray icon application, not as a Windows service.

Ultimately, I rolled back successfully to 2.0.9.101 where everything works normally.

Findings:

  • The JWT sign-in token prompt and mandatory web UI authentication seems to have been introduced in 2.0.9.102.

  • The upgrade involves a breaking schema change requiring password or JWT token for first login, and migration can fail silently if encryption keys or DB schema don’t align.

  • Failed migrations cause Duplicati to backup the old DB and start fresh with an empty one, effectively resetting all jobs and settings.

  • The broken UI styling suggests installation or resource-serving issues in newer versions.

Questions / Requests:

  • How can I properly migrate my existing database to 2.0.9.102, and ultimately to 2.1.0.5, without losing jobs or functionality?

  • What’s the best way to capture or bypass the initial JWT token requirement during upgrades?

  • Are the unstyled UI issues known bugs, and are there fixes or workarounds?

  • Any recommended upgrade paths for Windows Server installations that preserve settings and backups?

Thanks in advance for any assistance!

1 Like
2

Hi @agentace, welcome to the forum :waving_hand:

The upgrade happens correctly as you mention, but I do not understand how the database can be empty. The upgrade starts by making a copy of the database file, then applies the (minor) updates by running SQL queries on the original database. The updates are adjustments of index and schema, and I have not observed this to cause data loss. How do you verify that the database is indeed empty?

See my description above. This should happen automatically. Could it be that the updated Duplicati is simply looking for the database in another location? So you have more than 1 Duplicati-server.sqlite file on your system after the update?

The update to 2.1.0.5 adds a mandatory UI password to guard against local privilege escalation attacks. If you are using Duplicati with the TrayIcon, you can simply access Duplicati through that and it will log you in. If you are using a service based installation, the simplest way is to set a password before the upgrade, and then you will be using that password going forward.

There are other ways to (re-)set the password after the upgrade.

I am not aware of any UI issues like you describe, so most likely it is a cache issue, so use CTRL+F5 to reload the page, and it should look correct again. If not, please post a screenshot.

The upgrade/update code is designed to not mess with your current setup. If you are using a Windows service and storing data under C:\Windows\ it is recommended to migrate to C:\ProgramData\Duplicati (and set appropriate permissions) to avoid Windows wiping the configuration on major upgrades (next release will emit a warning if this is detected).