0 votes
by (140 points)

I'm having an issue setting the Buru SFTP web admin portal to work with my wildcard cert.

I have it set in my server's personal cert store. I just tried adding it in to the webconfig file, and the service won't start. In Windows Services, the Rebex Buru SFTP Server Web Admin service can not start. Error 1053: service did not response to the start or control request in a timely fashion.

Through an elevated command prompt, typing "burusftpwa.exe svc restart" results in "Configuration error: While parsing a block mapping, did not find expected key."

If I comment out the lines for the cert from store, and just leave it with http/8880, the web admin service starts fine.

I know my store name and thumbprint are both okay. As a test, I commented out the lines getting the cert from the store, and used the cert's PFX file and password itself. I still get the same error messages.

Applies to: Buru SFTP Server

1 Answer

+1 vote
by (1.9k points)

Hi, this looks like YAML syntax error.

Can you post here or send us the configuration file (with sensitive information replaced)?

by (140 points)
# Rebex Buru SFTP Server Web Administration configuration file
# This file is in YAML (https://en.wikipedia.org/wiki/YAML#Syntax) - note that leading whitespace IS SIGNIFICANT, unlike in XML
# Visit https://rebex.net/buru-sftp-server/doc/configuration-web-admin for more details

# Bindings the web administration will use for incoming HTTP/HTTPS connections.
bindings:
  # listen for HTTP requests on localhost:8880 (this is the default binding)
  - hostname: localhost
    port: 8880
  
#  # listen for HTTPS requests on 192.168.1.212:443, load SSL certificate from file
 # - hostname: localhost
   # port: 443
   # certificateFromFile:
     # filePath: C:\dos\Buru\2023csiuwild.pfx
#
#  # listen for HTTPS requests on wa.mydomain.com:443 (IP address will be resolved on startup), load SSL certificate from Certificate store
  - hostname: localhost
    port: 443
    certificateFromStore:
      storeName: My
      thumbprint: 010a33515cc38cc244747827fce9cf8a8da4ac5c

# Logging. No logs will be saved unless you specify log location.
logging:
  location: C:\sftplogs\web
#   
#   # minimal log level - supported values are: verbose, debug, information, warning, error, fatal. Default is 'warning'.
  minLevel: warning
#
#   # minimal log level for ASP.NET logging. This might be handy for troubleshooting. Supported values are the same as for minLevel.
  aspNetMinLevel: warning
#   
#

# Disables warning shown for http (unsecured) endpoint on home page.
# suppressHttpEndpointWarning: false

### EXPERIMENTAL ###
# The following section is likely to change in upcoming (even minor) versions. Use at your own risk
# experimental:
#   sessionTimeout: 00:30:00
by (1.9k points)
This is very strange indeed. The error you mentioned should really come from malformed YAML file, however, the configuration you included seems to be fine. Please double-check there aren't any tabs (only spaces) in the original. I also assume you saved your certificate in Local Machine certificate store (as opposed to Current User store)?
by (140 points)
I used notepad++ and looking at every character, they are all spaces, not tabs, which I expected, since I took the webconfig.yaml file and just pasted my values over the default values.

I even went so far as to replace spacing just to be absolutely sure. I uncommented the suppressHttpEndpointWarning line, and now the error I get when trying to start the web admin service is "the rebex butu sftp server web administration service on local computer started and then stopped. some services stop automatically if they are not in use by other services or programs."

The cert is in the Local Machine / Computer cert store. I also tried the line specifying the cert's pfx file and password, too, though, and it didn't work manually pointing to the cert file.
by (140 points)
When I run powershell scripts to get my cert info, the script results say the StoreName is "My", so that is what I put in the storeName line. I am assuming I don't need to do anything like "Personal/My" or any kind of cert store level parsing for it.
by (1.9k points)
Can you try running "burusftpwa run --log-level debug" from Buru SFTP console as Administrator? It might give you more detailed information
by (1.9k points)
Yes, "My" should be the correct store name.
by (140 points)
This is the full output when I run that with my cert lines in place using the command you sent:


C:\Program Files\Rebex Buru SFTP Server>burusftpwa run --log-level debug
ERROR Configuration error: While parsing a block mapping, did not find expected key.
Configuration error: While parsing a block mapping, did not find expected key.

C:\Program Files\Rebex Buru SFTP Server>
by (1.9k points)
I made a custom prerelease build that should give you an insight where exactly is the YAML error. The link will expire in 10 days.

https://www.rebex.net/getfile/5712bce8117441caa838dd06d74f9376/RebexBuruSftpServer-x64-v2.8.1.exe
by (140 points)
it soft-failed on setup:
"An error occurred while initializing the environment. Try running "burusftp init" manually."

It created an error log - I'm going to share it to support@rebex.net through OneDrive.
by (140 points)
When I tried running "burusftp init", this is the output:

C:\Program Files\Rebex Buru SFTP Server>burusftp init
Checking config.yaml ... [OK]
Checking webconfig.yaml ... (Line: 37, Col: 2, Idx: 1503) - (Line: 37, Col: 2, Idx: 1503): While parsing a block mapping, did not find expected key.
[FAILED]
Configuration error: While parsing a block mapping, did not find expected key. (Line: 37, Col: 2, Idx: 1503 - Line: 37,
Col: 2, Idx: 1503)

C:\Program Files\Rebex Buru SFTP Server>
by (140 points)
I think I just figured out why burusftp init failed (sorry for multiple comments). I uncommented the suppressHttpEndpointWarning line, which had "# " with spacing at the front of the line. That was the location of the error (Line 37, Col 2). I added a space, thinking it needed another space like the aspNetMinLevel above it. That errored out, too. I removed the spacing altogether and burusftp init completed.

The burusftpwa service still won't start, though. It still comes up with an error:
"the rebex butu sftp server web administration service on local computer started and then stopped. some services stop automatically if they are not in use by other services or programs."
by (140 points)
I tried typing "burusftpwa run" and the output shows an issue with the one dpapi key.

I copied the output to a log file - I'm going to share it to support@rebex.net through OneDrive.
by (1.9k points)
can you please share exactly what "burusftpwa run --log-level debug" prints? DPAPI errors should not be fatal, they are probably due to stall encryption keys used to sign client tokens for Web Administration.
by (1.9k points)
I am also very curious about the spacing issue before comments - that really shouldn't cause any issues. I am quite confused here. Are you still able to replicate the issue and send me the configuration file in question?
by (1.9k points)
Ok I checked the output, it seems that after all it boils down to a socket error (see at the bottom). Please make sure there is no other program running at port 443 or 8880 (IIS?)
by (140 points)
I can replicate it continually. If I add a space in front of the suppress line when it is not commented out, burusftp init fails with an error at that line. If I remove the space, burusftp init works fine in an elevated command prompt.

The webconfig.yaml file has been shared via OneDrive
by (140 points)
Thanks Lukas! I set the secure port to be nonstandard, since I do have something else on that server using 443. After that, I was able to start the web admin service
by (1.9k points)
I have to thank YOU for providing all this feedback! Thanks to this I can improve error reporting so future users won't have to go through such labor :)
by (1.9k points)
Regarding the whitespace - now it makes sense to me. If you add a whitespace before non-commented line, it changes the meaning of that line. Specifically, it instructs YAML to append it to the object represented by previous block in the same indentation level.
...