An unexpected error has occured - all clients

Hi everyone,

I’m really puzzled by this one. I am running a self-hosted bitwarden install on my Synology NAS. I’ve been running it since 2023 when I switched from KeePassX.
All in all it has been good and reliable. On my NAS I also have WatchTower which updates all my containers on a regular basis. After one of the updates from a month or so ago (yeah, I didn’t have a lot of time to troubleshoot but today I was looking to login to an account for which I have credentials stored only in Bitwarden), I am not able to login anymore.
Web app, chrome extension, mobile app, all of them return the same “An unexpected error has occured”.
I know for sure the Master password is correct because it was saved in the browser and on my phone as well and I know it very well.
I tried many different things and I’ve noticed some really weird behaviour. Hopefully someone would be able to catch something from what I will be saying and point me in the right direction.

  • I tried creating a new account just so I know if things are actually working disregarding my initial account. Well, funny enough, the account creation went fine and I got the welcome email. However, trying to log in, I’m getting the same exact error as for my previous account. An unexpected error…
  • I tried to login from a different browser. I normally use Brave but I switched to Edge and tried to login into my old (regular) account with the Master password. By the way, I don’t have 2FA or anything else, just using a master password. And again the same error. HOWEVER, I immediately got an email notifying me that someone logged in to my account from a different browser. :exploding_head: Well, I then went back to my Brave and tried an incognito mode. Same thing, it doesn’t login BUT I do get the notification email every single time. So, something is really messed up and can’t figure it out.
  • I then opened the Developer console from Brave and tried to login. In the console I get these errors:
    POST h**ps://bitwarden.redacted.synology.me/identity/connect/token net::ERR_ABORTED 500 (Internal Server Error) api.service.ts:1599

r {response: null, statusCode: 500} console-log.service.ts:51
Received API exception: r {response: null, statusCode: 500} console-log.service.ts:51
Uncaught (in promise) Error: A listener indicated an asynchronous response by returning true, but the message channel closed before a response was received /#/login?email=

Then in the Network tab:
Name: token (shows in red on the left hand side)

General
Request URL:
h**ps://bitwarden.redacted.synology.me/identity/connect/token
Request Method:
POST
Status Code:
500 Internal Server Error
Remote Address:
85.72.232.53:443
Referrer Policy:
same-origin

Response Headers
content-length:
0
date:
Sat, 14 Dec 2024 20:16:28 GMT
server:
nginx
strict-transport-security:
max-age=15768000; includeSubdomains; preload

Request Headers
:authority:
bitwarden.redacted.synology.me
:method:
POST
:path:
/identity/connect/token
:scheme:
https
accept:
application/json
accept-encoding:
gzip, deflate, br, zstd
accept-language:
en,en-US;q=0.9,fr;q=0.8,ro;q=0.7
auth-email:
dm3tbHVjhmlaQHBtOm1l
bitwarden-client-name:
web
bitwarden-client-version:
2024.12.0
content-length:
232
content-type:
application/x-www-form-urlencoded; charset=utf-8
device-type:
9
origin:
hps://bitwarden.redacted.synology.me
priority:
u=1, i
referer:
h
ps://bitwarden.redacted.synology.me/
sec-ch-ua:
“Brave”;v=“131”, “Chromium”;v=“131”, “Not_A Brand”;v=“24”
sec-ch-ua-mobile:
?0
sec-ch-ua-platform:
“Windows”
sec-fetch-dest:
empty
sec-fetch-mode:
cors
sec-fetch-site:
same-origin
sec-gpc:
1
user-agent:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

  • It looks like everything works except the actual login. Please let me know I can still somehow get my passwords back. I do have an old backup but in the meantime I added some new accounts and possibly changed some passwords.
  • I also logged in the actual container for the MariaDB database and was able to log into the database with the master soql password but I have no idea if that helps in any way. Not sure if I could ever retrieve my passwords from that.
  • I also tried using the bw CLI and the scary part is when trying to bw login I’m getting Username or password incorrect. Try again and I know for sure they are both right.
    What is wrong? How can I fix it? I’m a developer and tried everything I know about both front-end and backend with databases and all but still cannot figure it out. Am I missing something? Is this something never seen?
    Can anyone help? I’m happy to provide whatever other logs you may need.
    By the way in the container logs for the MariaDB I get this error:

fail: Microsoft.AspNetCore.Server.Kestrel[13]
=> SpanId:82212d95c072e7d5, TraceId:c84ca67664ab19f464cdfc49578d60cc, ParentId:0000000000000000 => ConnectionId:0HN8SFDKQSL0U => RequestPath:/identity/connect/token RequestId:0HN8SFDKQSL0U:00000001
Connection id “0HN8SFDKQSL0U”, Request id “0HN8SFDKQSL0U:00000001”: An unhandled exception was thrown by the application.
MySqlConnector.MySqlException (0x80004005): Unknown column ‘g.Id’ in ‘field list’
at MySqlConnector.Core.ServerSession.ReceiveReplyAsync(IOBehavior ioBehavior, CancellationToken cancellationToken) in //src/MySqlConnector/Core/ServerSession.cs:line 894
at MySqlConnector.Core.ResultSet.ReadResultSetHeaderAsync(IOBehavior ioBehavior) in /
/src/MySqlConnector/Core/ResultSet.cs:line 37
at MySqlConnector.MySqlDataReader.ActivateResultSet(CancellationToken cancellationToken) in //src/MySqlConnector/MySqlDataReader.cs:line 130
at MySqlConnector.MySqlDataReader.InitAsync(CommandListPosition commandListPosition, ICommandPayloadCreator payloadCreator, IDictionary2 cachedProcedures, IMySqlCommand command, CommandBehavior behavior, Activity activity, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlDataReader.cs:line 483 at MySqlConnector.Core.CommandExecutor.ExecuteReaderAsync(CommandListPosition commandListPosition, ICommandPayloadCreator payloadCreator, CommandBehavior behavior, Activity activity, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/Core/CommandExecutor.cs:line 56 at MySqlConnector.MySqlCommand.ExecuteReaderAsync(CommandBehavior behavior, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlCommand.cs:line 357 at MySqlConnector.MySqlCommand.ExecuteDbDataReaderAsync(CommandBehavior behavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlCommand.cs:line 350 at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable1.AsyncEnumerator.InitializeReaderAsync(AsyncEnumerator enumerator, CancellationToken cancellationToken)
at Pomelo.EntityFrameworkCore.MySql.Storage.Internal.MySqlExecutionStrategy.ExecuteAsync[TState,TResult](TState state, Func4 operation, Func4 verifySucceeded, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable1.AsyncEnumerator.MoveNextAsync() at Microsoft.EntityFrameworkCore.Query.ShapedQueryCompilingExpressionVisitor.SingleOrDefaultAsync[TSource](IAsyncEnumerable1 asyncEnumerable, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Query.ShapedQueryCompilingExpressionVisitor.SingleOrDefaultAsync[TSource](IAsyncEnumerable1 asyncEnumerable, CancellationToken cancellationToken) at Bit.Infrastructure.EntityFramework.Auth.Repositories.GrantRepository.SaveAsync(IGrant obj) in /source/src/Infrastructure.EntityFramework/Auth/Repositories/GrantRepository.cs:line 80 at Bit.Identity.IdentityServer.PersistedGrantStore.StoreAsync(PersistedGrant pGrant) in /source/src/Identity/IdentityServer/PersistedGrantStore.cs:line 54 at Duende.IdentityServer.Stores.DefaultGrantStore1.StoreItemByHashedKeyAsync(String hashedKey, T item, String clientId, String subjectId, String sessionId, String description, DateTime created, Nullable1 expiration, Nullable1 consumedTime) in /
/src/IdentityServer/Stores/Default/DefaultGrantStore.cs:line 231
at Duende.IdentityServer.Stores.DefaultGrantStore1.CreateItemAsync(T item, String clientId, String subjectId, String sessionId, String description, DateTime created, Int32 lifetime) in /_/src/IdentityServer/Stores/Default/DefaultGrantStore.cs:line 177 at Duende.IdentityServer.Stores.DefaultRefreshTokenStore.StoreRefreshTokenAsync(RefreshToken refreshToken) in /_/src/IdentityServer/Stores/Default/DefaultRefreshTokenStore.cs:line 43 at Duende.IdentityServer.Services.DefaultRefreshTokenService.CreateRefreshTokenAsync(RefreshTokenCreationRequest request) in /_/src/IdentityServer/Services/Default/DefaultRefreshTokenService.cs:line 222 at Duende.IdentityServer.ResponseHandling.TokenResponseGenerator.CreateAccessTokenAsync(ValidatedTokenRequest request) in /_/src/IdentityServer/ResponseHandling/Default/TokenResponseGenerator.cs:line 453 at Duende.IdentityServer.ResponseHandling.TokenResponseGenerator.ProcessTokenRequestAsync(TokenRequestValidationResult validationResult) in /_/src/IdentityServer/ResponseHandling/Default/TokenResponseGenerator.cs:line 335 at Duende.IdentityServer.ResponseHandling.TokenResponseGenerator.ProcessAsync(TokenRequestValidationResult request) in /_/src/IdentityServer/ResponseHandling/Default/TokenResponseGenerator.cs:line 97 at Duende.IdentityServer.Endpoints.TokenEndpoint.ProcessTokenRequestAsync(HttpContext context) in /_/src/IdentityServer/Endpoints/TokenEndpoint.cs:line 133 at Duende.IdentityServer.Endpoints.TokenEndpoint.ProcessAsync(HttpContext context) in /_/src/IdentityServer/Endpoints/TokenEndpoint.cs:line 81 at Duende.IdentityServer.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IdentityServerOptions options, IEndpointRouter router, IUserSession userSession, IEventService events, IIssuerNameService issuerNameService, ISessionCoordinationService sessionCoordinationService) in /_/src/IdentityServer/Hosting/IdentityServerMiddleware.cs:line 106 at Duende.IdentityServer.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IdentityServerOptions options, IEndpointRouter router, IUserSession userSession, IEventService events, IIssuerNameService issuerNameService, ISessionCoordinationService sessionCoordinationService) in /_/src/IdentityServer/Hosting/IdentityServerMiddleware.cs:line 128 at Duende.IdentityServer.Hosting.MutualTlsEndpointMiddleware.Invoke(HttpContext context, IAuthenticationSchemeProvider schemes) in /_/src/IdentityServer/Hosting/MutualTlsEndpointMiddleware.cs:line 95 at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Duende.IdentityServer.Hosting.DynamicProviders.DynamicSchemeAuthenticationMiddleware.Invoke(HttpContext context) in /_/src/IdentityServer/Hosting/DynamicProviders/DynamicSchemes/DynamicSchemeAuthenticationMiddleware.cs:line 51 at Duende.IdentityServer.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) in /_/src/IdentityServer/Hosting/BaseUrlMiddleware.cs:line 27 at Bit.Core.Utilities.CurrentContextMiddleware.Invoke(HttpContext httpContext, ICurrentContext currentContext, GlobalSettings globalSettings) in /source/src/Core/Utilities/CurrentContextMiddleware.cs:line 19 at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Builder.Extensions.UsePathBaseMiddleware.InvokeCore(HttpContext context, PathString matchedPath, PathString remainingPath) at Bit.Identity.Startup.<>c__DisplayClass10_1.<<Configure>b__2>d.MoveNext() in /source/src/Identity/Startup.cs:line 188 --- End of stack trace from previous location --- at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication1 application)
warn: Duende.IdentityServer.Endpoints.TokenEndpoint[0]
=> SpanId:3c06efd3a3992cb9, TraceId:33e1cb138b8e7fd24203e5b15717a332, ParentId:0000000000000000 => ConnectionId:0HN8SFDKQSL0V => RequestPath:/identity/connect/token RequestId:0HN8SFDKQSL0V:00000001 => IpAddress:172.18.0.1 UserAgent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 DeviceType: Origin: ClientVersion:
Invalid HTTP request for token endpoint

@vollucris Welcome to the forum!

Please post a screenshot of the Dashboard of your Admin Portal, which displays your server version. In addition, please indicate the version of the Bitwarden clients you are using when you get the error.

Hi @grb ,

Here’s the screenshot:

As I was mentioning before, no matter what clients (all of them were working before: web client, chrome extension and Android App) I get the exact same error. Web client shows 2024.12.0 as well.

There may be some relevant advice in this thread from earlier in the year.

Your best bet is this suggestion:

If that doesn’t solve the problem, then you can try downgrading to earlier versions of the server, to see if you can get back to a working system.

Finally, if you are unable to solve this on your own (and if no one else with more expertise in this area jumps into this thread with additional advice), then it is always a good idea to contact Customer Support.

Good luck, and please post an update.

I am happy to do that but not sure how to back up everything and export the passwords since I cannot login. Do you have any instructions or steps to follow to backup something that I don’t have access to anymore?

This is beyond my personal expertise, so you should get advice from Support. I believe that you should be able to back up the back-end database (which you said that you were able to access).

Yes, I can access the backend using the MYSQL_ROOT_PASSWORD.
In the meantime I tried a fresh install of the latest image (separate from the one before, I even stopped the old containers) and I’m observing the same behaviour. Trying to create a new account works fine, then trying to login… An unexpected error has occured.
I have a Synology DS918+ and I saw on some forums that the new bitwarden images don’t work on DSs that do not support AVX. I’m not even sure if mine does, but I tried downgrading the image all the way down to 2024.6.2 which I’m almost sure it was working at the time for me. And I keep getting the exact same issue.
I reached out to support last night but I guess, since it’s Sunday… it will take until next week to get some response.