Unhealthy SSO after fixing ADMIN and 502 Bad Gateway


I been trying to set up a self-hosted instance and I’ve ran into several issues, some of which I managed to fix, but with this one I’m stuck.

I have a fresh CentOS Stream release 9 and I followed the standard guide for setup. Firstly, I ran into 502 bad gateway . I checked the sudo docker ps to find admin and sso unhealthy.

Thanks to This post I worked it out, by disabling firewalld, then enabling the firewalld but setting FirewallBackend=iptables and that had the website working.

However, when I tried creating a new user, some unhandled error had occurred. I checked the docker ps again and found the sso still unhealthy.

Here is the log from docker logs bitwarden-sso

fail: Microsoft.AspNetCore.Server.Kestrel[13]
      Connection id "0HMOHL356AP6O", Request id "0HMOHL356AP6O:00000002": An unhandled exception was thrown by the application.
      Microsoft.Data.SqlClient.SqlException (0x80131904): Could not find stored procedure 'dbo.SsoConfig_ReadManyByNotBeforeRevisionDate'.
         at Microsoft.Data.SqlClient.SqlCommand.<>c.<ExecuteDbDataReaderAsync>b__208_0(Task`1 result)
         at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
         at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
      --- End of stack trace from previous location ---
         at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
      --- End of stack trace from previous location ---
         at Dapper.SqlMapper.QueryAsync[T](IDbConnection cnn, Type effectiveType, CommandDefinition command) in /_/Dapper/SqlMapper.Async.cs:line 418
         at Bit.Infrastructure.Dapper.Repositories.SsoConfigRepository.GetManyByRevisionNotBeforeDate(Nullable`1 notBefore) in /home/runner/work/server/server/src/Infrastructure.Dapper/Repositories/SsoConfigRepository.cs:line 57
         at Bit.Core.Business.Sso.DynamicAuthenticationSchemeProvider.LoadAllDynamicSchemesIntoCacheAsync() in /home/runner/work/server/server/bitwarden_license/src/Sso/Utilities/DynamicAuthenticationSchemeProvider.cs:line 152
         at Bit.Core.Business.Sso.DynamicAuthenticationSchemeProvider.GetRequestHandlerSchemesAsync() in /home/runner/work/server/server/bitwarden_license/src/Sso/Utilities/DynamicAuthenticationSchemeProvider.cs:line 132
         at Bit.Sso.Utilities.SsoAuthenticationMiddleware.Invoke(HttpContext context) in /home/runner/work/server/server/bitwarden_license/src/Sso/Utilities/SsoAuthenticationMiddleware.cs:line 36
         at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context)
         at Bit.Core.Utilities.CurrentContextMiddleware.Invoke(HttpContext httpContext, ICurrentContext currentContext, GlobalSettings globalSettings) in /home/runner/work/server/server/src/Core/Utilities/CurrentContextMiddleware.cs:line 20
         at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
         at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
         at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi)
         at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
         at Bit.Sso.Startup.<>c__DisplayClass9_1.<<Configure>b__2>d.MoveNext() in /home/runner/work/server/server/bitwarden_license/src/Sso/Startup.cs:line 107
      --- End of stack trace from previous location ---
         at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
      Error Number:2812,State:62,Class:16

Any ideas what could be wrong now?

Did you try modifying the docker compose file as per the next post in that thread? That is what finally fixed it for me.

Today i freshly installed Self Hosted Bitwarden with the newest Image available ony my Windows Server 2022 Installation (bitwarden/setup:2023.2.0)

I cant create an user account in the Bitwarden Web App

Getting the same error for the SSO endpoint:
Could not find stored procedure ‘dbo.SsoConfig_ReadManyByNotBeforeRevisionDate’ in the SSO Logs.

Running .\bitwarden.ps1 -updatedb produces this weird message:
Migrating database.
Migration failed.
Database update complete

But still i cant create an user in web app. Seems that a migration does not work but how to fix this? Another thread also discusses this issue: Could not find stored procedure 'dbo.User_ReadByEmail'

Edit: Fixed it, uninstall using the uninstall command and modified the version from script, i used 2023.1.0. .Then installed it, now i have a working bitwarden instance. Im not updating for the moment

I have tried that, but to no avail.

Thank you!
Changing the version had helped. Not sure whats going on at the moment but thank you :).

Hi all! Same issue about unhealthy SSO from today’s fresh install. Same log as in the first message reported here. I do not know how to resolve this sadly…

[EDIT] I also get a “unhandled server error” each time I try to 1) create a new user, 2) try to login 3) try to send a verification email and 4) try to login in the Admin page. It has to be noted that if I try to recreate the same user I tried to create when I got the error, the second time it says that the user already exist… Like if it was created after all…

I’ll follow you guys on this once as well.

docker sso logs

fail: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware[1]
An unhandled exception has occurred while executing the request.
Microsoft.Data.SqlClient.SqlException (0x80131904): Cannot open database “vault” requested by the login. The login failed.
Login failed for user ‘sa’.

docker ps

c54ebda457fe bitwarden/nginx:2023.2.0 “/entrypoint.sh” 13 minutes ago Up 13 minutes (healthy) 80/tcp,>8080/tcp, :::80->8080/tcp,>8443/tcp, :::443->8443/tcp bitwarden-nginx
d9d6ff45237f bitwarden/admin:2023.2.0 “/entrypoint.sh” 13 minutes ago Up 13 minutes (healthy) 5000/tcp bitwarden-admin
e85122317af4 bitwarden/sso:2023.2.0 “/entrypoint.sh” 13 minutes ago Up 13 minutes (unhealthy) 5000/tcp bitwarden-sso
20fbc9a31239 bitwarden/web:2023.2.0 “/entrypoint.sh” 13 minutes ago Up 13 minutes (healthy) bitwarden-web
3413ee696e8c bitwarden/mssql:2023.2.0 “/entrypoint.sh” 13 minutes ago Up 13 minutes (healthy) bitwarden-mssql
945d82fad36e bitwarden/events:2023.2.0 “/entrypoint.sh” 13 minutes ago Up 13 minutes (healthy) 5000/tcp bitwarden-events
60e6e9d91aed bitwarden/identity:2023.2.0 “/entrypoint.sh” 13 minutes ago Up 13 minutes (healthy) 5000/tcp bitwarden-identity
a9435372bce8 bitwarden/notifications:2023.2.0 “/entrypoint.sh” 13 minutes ago Up 13 minutes (healthy) 5000/tcp bitwarden-notifications
56fae9168f0b bitwarden/api:2023.2.0 “/entrypoint.sh” 13 minutes ago Up 13 minutes (healthy) 5000/tcp bitwarden-api
386c6f1fc119 bitwarden/icons:2023.2.0 “/entrypoint.sh” 13 minutes ago Up 13 minutes (healthy) 5000/tcp bitwarden-icons
37f37b583412 bitwarden/attachments:2023.2.0 “/entrypoint.sh” 13 minutes ago Up 13 minutes (healthy) bitwarden-attachments

I will be trying to modify the version of the script as noted by Patrick and will update for the .sh script as he did for the .ps1 script.

Patrick’s solution can be transferred from Powershell to Bash using the following on the bitwarden.sh to get all containers in an healthy state:


Don’t go off crazy uninstall several times since after 5 Let’s Crypt will block your subdomain and you will have to create a new one.

Yup, I confirm, no issue when downgrading to 2023.1.0!