Buru SFTP web admin service can't start with certificate defined in webconfig.yaml

Question

I'm having an issue setting the Buru SFTP web admin portal to work with my wildcard cert.

I have it set in my server's personal cert store. I just tried adding it in to the webconfig file, and the service won't start. In Windows Services, the Rebex Buru SFTP Server Web Admin service can not start. Error 1053: service did not response to the start or control request in a timely fashion.

Through an elevated command prompt, typing "burusftpwa.exe svc restart" results in "Configuration error: While parsing a block mapping, did not find expected key."

If I comment out the lines for the cert from store, and just leave it with http/8880, the web admin service starts fine.

I know my store name and thumbprint are both okay. As a test, I commented out the lines getting the cert from the store, and used the cert's PFX file and password itself. I still get the same error messages.

Comments

Hi! I'm sorry to comment here. I am experiencing the same issue. Tried password and tried from Certificate store but still getting that same error.

Followed the comments here changing ports, checking for spaces, tabs but still nothing.

[ERR] Configuration error: While parsing a block mapping, did not find expected key. (Line: 12, Col: 2, Idx: 781

---

You can try either the editor in Web Administration (v2.10.2 and newer) which should highlight YAML errors, or one of the publicly available YAML online validators (search for YAML validator or YAML linter). Please be careful what you share on these sites - never include sensitive information, such as passwords.

---

If you need further assistance, you can send the configuration file to our support email (omit sensitive information) a we can check for you. I'd be very surprised if there error wasn't on the location mentioned (line 12).

---

Thanks for the reply, Lukas! Appreciate it, I tried the Linter and I got a valid YAML.
re-added it to the config and restarted the Web Admin service. I got a different error now.

The Rebex Buru SFTP Server Web Administration service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs.

Logs ended up in saying it's listening to port ::8880 and then there was nothing or clue what went wrong.

---

Can you try starting the web administration from the command line (as an Administrator), as described here: https://www.rebex.net/doc/buru-sftp-server/getting-started/troubleshooting/#cannot-start-web-admin-service

It looks like the application crashed before the logs were flushed, which should not be happening. Can you also send us the webconfig.yaml configuration file so I try to replicate the issue?

---

Hey Lucas, sorry for getting back just now. Went away for Holiday.

I tried the CLI Admin and it gave me an error - specified socket is already in use. Changed the HTTPS port to a different port other than 443 but still the same.

I'll send you a copy of my webconfig

Answer 1

Hi, this looks like YAML syntax error.

Can you post here or send us the configuration file (with sensitive information replaced)?

Comments

# Rebex Buru SFTP Server Web Administration configuration file
# This file is in YAML (https://en.wikipedia.org/wiki/YAML#Syntax) - note that leading whitespace IS SIGNIFICANT, unlike in XML
# Visit https://rebex.net/buru-sftp-server/doc/configuration-web-admin for more details

# Bindings the web administration will use for incoming HTTP/HTTPS connections.
bindings:
  # listen for HTTP requests on localhost:8880 (this is the default binding)
  - hostname: localhost
    port: 8880
  
#  # listen for HTTPS requests on 192.168.1.212:443, load SSL certificate from file
 # - hostname: localhost
   # port: 443
   # certificateFromFile:
     # filePath: C:\dos\Buru\2023csiuwild.pfx
#
#  # listen for HTTPS requests on wa.mydomain.com:443 (IP address will be resolved on startup), load SSL certificate from Certificate store
  - hostname: localhost
    port: 443
    certificateFromStore:
      storeName: My
      thumbprint: 010a33515cc38cc244747827fce9cf8a8da4ac5c

# Logging. No logs will be saved unless you specify log location.
logging:
  location: C:\sftplogs\web
#   
#   # minimal log level - supported values are: verbose, debug, information, warning, error, fatal. Default is 'warning'.
  minLevel: warning
#
#   # minimal log level for ASP.NET logging. This might be handy for troubleshooting. Supported values are the same as for minLevel.
  aspNetMinLevel: warning
#   
#

# Disables warning shown for http (unsecured) endpoint on home page.
# suppressHttpEndpointWarning: false

### EXPERIMENTAL ###
# The following section is likely to change in upcoming (even minor) versions. Use at your own risk
# experimental:
#   sessionTimeout: 00:30:00

---

This is very strange indeed. The error you mentioned should really come from malformed YAML file, however, the configuration you included seems to be fine. Please double-check there aren't any tabs (only spaces) in the original. I also assume you saved your certificate in Local Machine certificate store (as opposed to Current User store)?

---

I used notepad++ and looking at every character, they are all spaces, not tabs, which I expected, since I took the webconfig.yaml file and just pasted my values over the default values.

I even went so far as to replace spacing just to be absolutely sure. I uncommented the suppressHttpEndpointWarning line, and now the error I get when trying to start the web admin service is "the rebex butu sftp server web administration service on local computer started and then stopped. some services stop automatically if they are not in use by other services or programs."

The cert is in the Local Machine / Computer cert store. I also tried the line specifying the cert's pfx file and password, too, though, and it didn't work manually pointing to the cert file.

---

When I run powershell scripts to get my cert info, the script results say the StoreName is "My", so that is what I put in the storeName line. I am assuming I don't need to do anything like "Personal/My" or any kind of cert store level parsing for it.

---

Can you try running "burusftpwa run --log-level debug" from Buru SFTP console as Administrator? It might give you more detailed information

---

Yes, "My" should be the correct store name.

---

This is the full output when I run that with my cert lines in place using the command you sent:


C:\Program Files\Rebex Buru SFTP Server>burusftpwa run --log-level debug
ERROR Configuration error: While parsing a block mapping, did not find expected key.
Configuration error: While parsing a block mapping, did not find expected key.

C:\Program Files\Rebex Buru SFTP Server>

---

I made a custom prerelease build that should give you an insight where exactly is the YAML error. The link will expire in 10 days.

https://www.rebex.net/getfile/5712bce8117441caa838dd06d74f9376/RebexBuruSftpServer-x64-v2.8.1.exe

---

it soft-failed on setup:
"An error occurred while initializing the environment. Try running "burusftp init" manually."

It created an error log - I'm going to share it to support@rebex.net through OneDrive.

---

When I tried running "burusftp init", this is the output:

C:\Program Files\Rebex Buru SFTP Server>burusftp init
Checking config.yaml ... [OK]
Checking webconfig.yaml ... (Line: 37, Col: 2, Idx: 1503) - (Line: 37, Col: 2, Idx: 1503): While parsing a block mapping, did not find expected key.
[FAILED]
Configuration error: While parsing a block mapping, did not find expected key. (Line: 37, Col: 2, Idx: 1503 - Line: 37,
Col: 2, Idx: 1503)

C:\Program Files\Rebex Buru SFTP Server>

---

I think I just figured out why burusftp init failed (sorry for multiple comments). I uncommented the suppressHttpEndpointWarning line, which had "# " with spacing at the front of the line. That was the location of the error (Line 37, Col 2). I added a space, thinking it needed another space like the aspNetMinLevel above it. That errored out, too. I removed the spacing altogether and burusftp init completed.

The burusftpwa service still won't start, though. It still comes up with an error:
"the rebex butu sftp server web administration service on local computer started and then stopped. some services stop automatically if they are not in use by other services or programs."

---

I tried typing "burusftpwa run" and the output shows an issue with the one dpapi key.

I copied the output to a log file - I'm going to share it to support@rebex.net through OneDrive.

---

can you please share exactly what "burusftpwa run --log-level debug" prints? DPAPI errors should not be fatal, they are probably due to stall encryption keys used to sign client tokens for Web Administration.

---

I am also very curious about the spacing issue before comments - that really shouldn't cause any issues. I am quite confused here. Are you still able to replicate the issue and send me the configuration file in question?

---

Ok I checked the output, it seems that after all it boils down to a socket error (see at the bottom). Please make sure there is no other program running at port 443 or 8880 (IIS?)

---

I can replicate it continually. If I add a space in front of the suppress line when it is not commented out, burusftp init fails with an error at that line. If I remove the space, burusftp init works fine in an elevated command prompt.

The webconfig.yaml file has been shared via OneDrive

---

Thanks Lukas! I set the secure port to be nonstandard, since I do have something else on that server using 443. After that, I was able to start the web admin service

---

I have to thank YOU for providing all this feedback! Thanks to this I can improve error reporting so future users won't have to go through such labor :)

---

Regarding the whitespace - now it makes sense to me. If you add a whitespace before non-commented line, it changes the meaning of that line. Specifically, it instructs YAML to append it to the object represented by previous block in the same indentation level.