Server softlock after organization operations #1619

New Issue

Closed

opened 2026-02-05 01:21:03 +03:00 by OVERLORD · 11 comments

OVERLORD commented 2026-02-05 01:21:03 +03:00

Owner

Copy Link

Originally created by @Bert-Proesmans on GitHub (Jun 29, 2023).

Subject of the issue

The server doesn't execute operations anymore after manipulations on the organization vault. It's not possible to perform new logins, nor record creation/deletion/moves.

Deployment environment

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.28.1 (Docker image, latest as of today)
• Web-vault version: v2023.3.0b
• OS/Arch: linux/x86_64
• Running within Docker: true (Base: Debian)
• Environment settings overridden: false
• Uses a reverse proxy: true
• IP Header check: true (X-Real-IP)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Browser/Server Time Check: true
• Server/NTP Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Database type: SQLite
• Database version: 3.39.2
• Clients used: web vault, browser extensions
• Reverse proxy and version: Nginx Proxy Manager (nginx version: openresty/1.21.4.1)
• MySQL/MariaDB or PostgreSQL version: SQLite (included in image)
• Other relevant details: Websockets are used and proxied, < 5 connected users (browser extension)

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden:

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_smtp_img_src": "cid:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": true,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://***********************",
  "domain_origin": "*****://***********************",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": false,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": 365,
  "extended_logging": true,
  "helo_name": "******************",
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "\"***\"",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": 1048576,
  "org_creation_users": "***************************************,************************************",
  "org_events_enabled": true,
  "org_groups_enabled": false,
  "password_hints_allowed": false,
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": true,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "************************",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 1800,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": "\"Login\"",
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": false,
  "smtp_from": "******************************************",
  "smtp_from_name": "***",
  "smtp_host": "******************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "******************************************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": 20480,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Steps to reproduce

1. Create 2 users
2. Create organization
3. (bitwarden browser extension) Have both users create 4 records in individual vault
4. (web vault) Have both users simultaneously move their individual records to the organization vault, to the same or different collections
5. (web vault/all clients) Observe hang, if not, with the user where normal behavior is observed; remove the moved records in the organization vault

Expected behaviour

The selected individual records are present in the organization vault, and/or removed if step 5 has been conditionally executed.
No issues with login in/off and no issues with manipulations on the individual and organization vault.

Actual behaviour

The server softlocks; it's not possible to login, nor is it possible to perform any operations on the vault data.
The only thing left to do is close the web vault tabs.
The server recovers within 10 minutes, but I'm not sure in which capacity. The selected individual records are entirely or partially moved! Records that haven't been moved are still present in the respective users' individual vault.

Troubleshooting data

There are no warnings or errors reported anywhere, nothing in the browser console, nothing in the container logs.
The only thing I can add is that the server recovers and the vault is in a consistent state; the vault opens and there is no data loss.

Originally created by @Bert-Proesmans on GitHub (Jun 29, 2023). <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue <!-- Describe your issue here. --> The server doesn't execute operations anymore after manipulations on the organization vault. It's not possible to perform new logins, nor record creation/deletion/moves. ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.28.1 (Docker image, latest as of today) * Web-vault version: v2023.3.0b * OS/Arch: linux/x86_64 * Running within Docker: true (Base: Debian) * Environment settings overridden: false * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.39.2 * Clients used: web vault, browser extensions * Reverse proxy and version: Nginx Proxy Manager (nginx version: openresty/1.21.4.1) * MySQL/MariaDB or PostgreSQL version: SQLite (included in image) * Other relevant details: Websockets are used and proxied, < 5 connected users (browser extension) ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_smtp_img_src": "cid:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": true, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://***********************", "domain_origin": "*****://***********************", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": false, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": 365, "extended_logging": true, "helo_name": "******************", "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_expiration_hours": 120, "invitation_org_name": "\"***\"", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": 1048576, "org_creation_users": "***************************************,************************************", "org_events_enabled": true, "org_groups_enabled": false, "password_hints_allowed": false, "password_iterations": 100000, "reload_templates": false, "require_device_email": true, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "************************", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 1800, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": "\"Login\"", "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": false, "smtp_from": "******************************************", "smtp_from_name": "***", "smtp_host": "******************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "******************************************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": 20480, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> <!-- How the server was installed: Docker image, OS package, built from source, etc. --> ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> 1. Create 2 users 2. Create organization 3. (bitwarden browser extension) Have both users create 4 records in individual vault 4. (web vault) Have both users simultaneously move their individual records to the organization vault, to the same or different collections 5. (web vault/all clients) Observe hang, if not, with the user where normal behavior is observed; remove the moved records in the organization vault ### Expected behaviour <!-- Tell us what you expected to happen --> The selected individual records are present in the organization vault, and/or removed if step 5 has been conditionally executed. No issues with login in/off and no issues with manipulations on the individual and organization vault. ### Actual behaviour <!-- Tell us what actually happened --> The server softlocks; it's not possible to login, nor is it possible to perform any operations on the vault data. The only thing left to do is close the web vault tabs. The server recovers within 10 minutes, but I'm not sure in which capacity. The selected individual records are entirely or **partially** moved! Records that haven't been moved are still present in the respective users' individual vault. ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data --> There are no warnings or errors reported anywhere, nothing in the browser console, nothing in the container logs. The only thing I can add is that the server recovers and the vault is in a consistent state; the vault opens and there is no data loss.

OVERLORD added the troubleshooting label 2026-02-05 01:21:03 +03:00

OVERLORD closed this issue 2026-02-05 01:21:05 +03:00

OVERLORD commented 2026-02-05 01:21:08 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Jul 4, 2023):

Could you please test this on the :testing tagged images which are based upon the main branch.
That uses a newer web-vault version, and some other updates. etc...

@BlackDex commented on GitHub (Jul 4, 2023): Could you please test this on the `:testing` tagged images which are based upon the `main` branch. That uses a newer web-vault version, and some other updates. etc...

OVERLORD commented 2026-02-05 01:21:10 +03:00

Author

Owner

Copy Link

@Bert-Proesmans commented on GitHub (Jul 5, 2023):

I'm gonna setup a test replica and report back by the end of this week.

@Bert-Proesmans commented on GitHub (Jul 5, 2023): I'm gonna setup a test replica and report back by the end of this week.

OVERLORD commented 2026-02-05 01:21:15 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Jul 17, 2023):

@Bert-Proesmans any result you want/can share?

@BlackDex commented on GitHub (Jul 17, 2023): @Bert-Proesmans any result you want/can share?

OVERLORD commented 2026-02-05 01:21:19 +03:00

Author

Owner

Copy Link

@Bert-Proesmans commented on GitHub (Jul 17, 2023):

Hi, sorry for the wait. I've updated to the latest version just now and the issue persists.
We performed the same steps as described in the original post with 2 people. The same symptoms happened after two users moved records into the company vault at the same time.

Request log

[2023-07-17 14:54:17.838][request][INFO] PUT /api/ciphers/share
[2023-07-17 14:54:17.964][request][INFO] PUT /api/ciphers/share
[2023-07-17 14:54:17.989][request][INFO] GET /api/config
[2023-07-17 14:54:17.989][response][INFO] (config) GET /api/config => 200 OK
[2023-07-17 14:54:18.006][request][INFO] GET /api/ciphers/edad5cab-cd13-4264-8150-9b3e17a79073/details
[2023-07-17 14:54:42.718][request][INFO] GET /api/config
[2023-07-17 14:54:42.718][response][INFO] (config) GET /api/config => 200 OK
[2023-07-17 14:54:42.731][request][INFO] GET /api/config
[2023-07-17 14:54:42.731][response][INFO] (config) GET /api/config => 200 OK
[2023-07-17 14:54:43.529][request][INFO] GET /api/devices/knowndevice
[2023-07-17 14:54:43.838][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK
[2023-07-17 14:54:43.848][response][INFO] (get_cipher_details) GET /api/ciphers/<uuid>/details => 200 OK
[2023-07-17 14:54:47.509][request][INFO] POST /identity/accounts/prelogin
[2023-07-17 14:54:47.848][request][INFO] GET /api/config
[2023-07-17 14:54:47.848][response][INFO] (config) GET /api/config => 200 OK
[2023-07-17 14:54:47.857][request][INFO] GET /api/config
[2023-07-17 14:54:47.857][response][INFO] (config) GET /api/config => 200 OK
[2023-07-17 14:54:51.895][request][INFO] GET /api/devices/knowndevice
[2023-07-17 14:54:54.085][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK
[2023-07-17 14:54:54.088][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK
[2023-07-17 14:54:54.117][request][INFO] POST /identity/connect/token
[2023-07-17 14:54:55.911][request][INFO] POST /identity/accounts/prelogin
[2023-07-17 14:55:04.313][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK
[2023-07-17 14:55:04.346][request][INFO] POST /identity/connect/token
[2023-07-17 14:55:04.389][request][INFO] GET /api/ciphers/9539a8ed-f2bb-4c59-8289-d1faaeb0d8a2/details
[2023-07-17 14:55:04.394][request][INFO] GET /api/config
[2023-07-17 14:55:04.394][response][INFO] (config) GET /api/config => 200 OK
[2023-07-17 14:55:32.238][vaultwarden::api::notifications][INFO] Closing WS connection from 172.29.0.3
[2023-07-17 14:55:34.342][request][INFO] GET /api/config
[2023-07-17 14:55:34.342][response][INFO] (config) GET /api/config => 200 OK
[2023-07-17 14:55:34.347][request][INFO] GET /api/config
[2023-07-17 14:55:34.347][response][INFO] (config) GET /api/config => 200 OK
[2023-07-17 14:55:40.694][vaultwarden::api::notifications][INFO] Closing WS connection from 172.29.0.3
[2023-07-17 14:55:41.446][request][INFO] GET /api/devices/knowndevice
[2023-07-17 14:55:45.783][request][INFO] POST /identity/accounts/prelogin
[2023-07-17 14:55:50.415][error][ERROR] 2FA token not provided
[2023-07-17 14:55:50.415][response][INFO] (login) POST /identity/connect/token => 400 Bad Request
[2023-07-17 14:55:50.415][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK
[2023-07-17 14:55:50.439][request][INFO] POST /identity/connect/token
[2023-07-17 14:56:00.633][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK
[2023-07-17 14:56:05.758][response][INFO] (get_cipher_details) GET /api/ciphers/<uuid>/details => 200 OK
[2023-07-17 14:56:10.892][error][ERROR] 2FA token not provided
[2023-07-17 14:56:10.893][response][INFO] (login) POST /identity/connect/token => 400 Bad Request
[2023-07-17 14:56:10.910][error][ERROR] 2FA token not provided
[2023-07-17 14:56:10.910][response][INFO] (login) POST /identity/connect/token => 400 Bad Request
[2023-07-17 14:56:41.655][response][INFO] (put_cipher_share_selected) PUT /api/ciphers/share => 200 OK
[2023-07-17 14:56:41.662][request][INFO] GET /api/ciphers/9d17b3dd-34a2-4d8f-b020-b258003a0c87/details
[2023-07-17 14:56:46.728][response][INFO] (get_cipher_details) GET /api/ciphers/<uuid>/details => 200 OK
[2023-07-17 14:56:46.736][request][INFO] GET /api/ciphers/c1a3dfb4-8d56-47f0-9c5b-3c5f5df1d89a/details
[2023-07-17 14:56:46.760][response][INFO] (get_cipher_details) GET /api/ciphers/<uuid>/details => 200 OK
[2023-07-17 14:56:46.827][request][INFO] GET /api/ciphers/65b9ccaa-099e-4ca9-893f-ce52e3b06718/details
[2023-07-17 14:56:56.957][response][INFO] (get_cipher_details) GET /api/ciphers/<uuid>/details => 200 OK
[2023-07-17 14:56:57.020][request][INFO] GET /api/ciphers/e1b91b91-d055-4133-ab80-399e0bfd552d/details
[2023-07-17 14:56:57.040][response][INFO] (get_cipher_details) GET /api/ciphers/<uuid>/details => 200 OK
[2023-07-17 14:56:57.089][response][INFO] (put_cipher_share_selected) PUT /api/ciphers/share => 200 OK
[2023-07-17 14:56:57.096][request][INFO] GET /api/ciphers/ee3da8e1-3203-48c2-ab48-976788be73a7/details
[2023-07-17 14:56:57.112][response][INFO] (get_cipher_details) GET /api/ciphers/<uuid>/details => 200 OK
[2023-07-17 14:57:49.306][request][INFO] POST /identity/connect/token
[2023-07-17 14:57:49.320][response][INFO] (login) POST /identity/connect/token => 200 OK
[2023-07-17 14:57:49.328][request][INFO] GET /api/sync
[2023-07-17 14:57:49.371][response][INFO] (sync) GET /api/sync?<data..> => 200 OK
[2023-07-17 14:58:40.367][vaultwarden::api::core::two_factor][INFO] User joachim.bos@e-powerinternational.com did not complete a 2FA login within the configured time limit. IP: 10.0.0.22
[2023-07-17 14:58:41.031][vaultwarden::api::core::two_factor][INFO] User bert.proesmans@e-powerinternational.com did not complete a 2FA login within the configured time limit. IP: 10.0.0.132
[2023-07-17 14:59:58.344][request][INFO] GET /api/config
[2023-07-17 14:59:58.344][response][INFO] (config) GET /api/config => 200 OK
[2023-07-17 14:59:58.355][request][INFO] GET /api/config
[2023-07-17 14:59:58.355][response][INFO] (config) GET /api/config => 200 OK
[2023-07-17 14:59:59.208][request][INFO] GET /api/devices/knowndevice
[2023-07-17 14:59:59.213][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK
[2023-07-17 15:00:05.197][request][INFO] POST /identity/accounts/prelogin
[2023-07-17 15:00:05.200][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK
[2023-07-17 15:00:05.223][request][INFO] POST /identity/connect/token
[2023-07-17 15:00:05.301][error][ERROR] 2FA token not provided
[2023-07-17 15:00:05.302][response][INFO] (login) POST /identity/connect/token => 400 Bad Request
[2023-07-17 15:00:12.399][request][INFO] POST /identity/connect/token
[2023-07-17 15:00:12.642][vaultwarden::api::identity][INFO] User bert.proesmans@e-powerinternational.com logged in successfully. IP: 10.0.0.132
[2023-07-17 15:00:12.747][response][INFO] (login) POST /identity/connect/token => 200 OK
[2023-07-17 15:00:12.806][request][INFO] POST /identity/connect/token
[2023-07-17 15:00:12.835][vaultwarden::api::notifications][INFO] Accepting WS connection from 172.29.0.3:38742
[2023-07-17 15:00:12.861][response][INFO] (login) POST /identity/connect/token => 200 OK
[2023-07-17 15:00:12.878][request][INFO] GET /api/sync?excludeDomains=true
[2023-07-17 15:00:13.061][response][INFO] (sync) GET /api/sync?<data..> => 200 OK

[2023-07-17 15:00:12.642][vaultwarden::api::identity][INFO] User bert.proesmans@e-powerinternational.com logged in successfully. IP: 10.0.0.132
Workaround is closing the web vault tabs performing the record move and waiting for some time. Afterwards the server recovered.

Other important requests in the log

[2023-07-17 14:55:32.238][vaultwarden::api::notifications][INFO] Closing WS connection from 172.29.0.3
[2023-07-17 14:55:40.694][vaultwarden::api::notifications][INFO] Closing WS connection from 172.29.0.3
^Both users closed their browser tab that performed the record move. The underlying issue might be websocket related because you'll notice the server moves records after the websockets are closed (don't compete/deadlock anymore?) with very little delay.

[2023-07-17 14:58:40.367][vaultwarden::api::core::two_factor][INFO] User joachim.bos@e-powerinternational.com did not complete a 2FA login within the configured time limit. IP: 10.0.0.22
[2023-07-17 14:58:41.031][vaultwarden::api::core::two_factor][INFO] User bert.proesmans@e-powerinternational.com did not complete a 2FA login within the configured time limit. IP: 10.0.0.132
^Both users 2FA timeout, because after entering username and password there is no prompt for security key until server recovers.

Company event log

message,appIcon,appName,userId,userName,userEmail,date,ip,type,installationId
Logged in,bwi-globe,Web vault - Firefox,0751b9f2-417b-4664-856a-0a0c06594a00,Bert Proesmans,bert.proesmans@e-powerinternational.com,2023-07-17T15:00:12.663260Z,10.0.0.132,User_LoggedIn,
Moved item ee3da8e1 to an organization.,bwi-globe,Web vault - Firefox,0751b9f2-417b-4664-856a-0a0c06594a00,Bert Proesmans,bert.proesmans@e-powerinternational.com,2023-07-17T14:56:57.062436Z,10.0.0.132,Cipher_Shared,
Moved item e1b91b91 to an organization.,bwi-globe,Web vault - Firefox,0751b9f2-417b-4664-856a-0a0c06594a00,Bert Proesmans,bert.proesmans@e-powerinternational.com,2023-07-17T14:56:56.982798Z,10.0.0.132,Cipher_Shared,
Moved item 65b9ccaa to an organization.,bwi-globe,Web vault - Firefox,0751b9f2-417b-4664-856a-0a0c06594a00,Bert Proesmans,bert.proesmans@e-powerinternational.com,2023-07-17T14:56:46.793040Z,10.0.0.132,Cipher_Shared,
Moved item 9d17b3dd to an organization.,bwi-globe,Web vault - Chrome,c0b5aaa0-29cf-4195-a451-35aa3fbf4d58,Joachim Bos,joachim.bos@e-powerinternational.com,2023-07-17T14:56:41.629768Z,10.0.0.22,Cipher_Shared,
Moved item c1a3dfb4 to an organization.,bwi-globe,Web vault - Firefox,0751b9f2-417b-4664-856a-0a0c06594a00,Bert Proesmans,bert.proesmans@e-powerinternational.com,2023-07-17T14:55:09.435256Z,10.0.0.132,Cipher_Shared,
Moved item 9539a8ed to an organization.,bwi-globe,Web vault - Chrome,c0b5aaa0-29cf-4195-a451-35aa3fbf4d58,Joachim Bos,joachim.bos@e-powerinternational.com,2023-07-17T14:55:04.342939Z,10.0.0.22,Cipher_Shared,
Moved item edad5cab to an organization.,bwi-globe,Web vault - Chrome,c0b5aaa0-29cf-4195-a451-35aa3fbf4d58,Joachim Bos,joachim.bos@e-powerinternational.com,2023-07-17T14:54:17.960334Z,10.0.0.22,Cipher_Shared,
Logged in,bwi-globe,Web vault - Chrome,c0b5aaa0-29cf-4195-a451-35aa3fbf4d58,Joachim Bos,joachim.bos@e-powerinternational.com,2023-07-17T14:53:26.313367Z,10.0.0.22,User_LoggedIn,
Logged in,bwi-globe,Web vault - Firefox,0751b9f2-417b-4664-856a-0a0c06594a00,Bert Proesmans,bert.proesmans@e-powerinternational.com,2023-07-17T14:49:01.753323Z,10.0.0.132,User_LoggedIn,

Edit; If required, please tell me how I should collect and deliver the required data to debug this and I'll test again tomorrow.

@Bert-Proesmans commented on GitHub (Jul 17, 2023): Hi, sorry for the wait. I've updated to the latest version just now and **the issue persists**. We performed the same steps as described in the original post with 2 people. The same symptoms happened after two users moved records into the company vault at the same time. <details> <summary>Request log</summary> ``` [2023-07-17 14:54:17.838][request][INFO] PUT /api/ciphers/share [2023-07-17 14:54:17.964][request][INFO] PUT /api/ciphers/share [2023-07-17 14:54:17.989][request][INFO] GET /api/config [2023-07-17 14:54:17.989][response][INFO] (config) GET /api/config => 200 OK [2023-07-17 14:54:18.006][request][INFO] GET /api/ciphers/edad5cab-cd13-4264-8150-9b3e17a79073/details [2023-07-17 14:54:42.718][request][INFO] GET /api/config [2023-07-17 14:54:42.718][response][INFO] (config) GET /api/config => 200 OK [2023-07-17 14:54:42.731][request][INFO] GET /api/config [2023-07-17 14:54:42.731][response][INFO] (config) GET /api/config => 200 OK [2023-07-17 14:54:43.529][request][INFO] GET /api/devices/knowndevice [2023-07-17 14:54:43.838][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK [2023-07-17 14:54:43.848][response][INFO] (get_cipher_details) GET /api/ciphers/<uuid>/details => 200 OK [2023-07-17 14:54:47.509][request][INFO] POST /identity/accounts/prelogin [2023-07-17 14:54:47.848][request][INFO] GET /api/config [2023-07-17 14:54:47.848][response][INFO] (config) GET /api/config => 200 OK [2023-07-17 14:54:47.857][request][INFO] GET /api/config [2023-07-17 14:54:47.857][response][INFO] (config) GET /api/config => 200 OK [2023-07-17 14:54:51.895][request][INFO] GET /api/devices/knowndevice [2023-07-17 14:54:54.085][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK [2023-07-17 14:54:54.088][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK [2023-07-17 14:54:54.117][request][INFO] POST /identity/connect/token [2023-07-17 14:54:55.911][request][INFO] POST /identity/accounts/prelogin [2023-07-17 14:55:04.313][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK [2023-07-17 14:55:04.346][request][INFO] POST /identity/connect/token [2023-07-17 14:55:04.389][request][INFO] GET /api/ciphers/9539a8ed-f2bb-4c59-8289-d1faaeb0d8a2/details [2023-07-17 14:55:04.394][request][INFO] GET /api/config [2023-07-17 14:55:04.394][response][INFO] (config) GET /api/config => 200 OK [2023-07-17 14:55:32.238][vaultwarden::api::notifications][INFO] Closing WS connection from 172.29.0.3 [2023-07-17 14:55:34.342][request][INFO] GET /api/config [2023-07-17 14:55:34.342][response][INFO] (config) GET /api/config => 200 OK [2023-07-17 14:55:34.347][request][INFO] GET /api/config [2023-07-17 14:55:34.347][response][INFO] (config) GET /api/config => 200 OK [2023-07-17 14:55:40.694][vaultwarden::api::notifications][INFO] Closing WS connection from 172.29.0.3 [2023-07-17 14:55:41.446][request][INFO] GET /api/devices/knowndevice [2023-07-17 14:55:45.783][request][INFO] POST /identity/accounts/prelogin [2023-07-17 14:55:50.415][error][ERROR] 2FA token not provided [2023-07-17 14:55:50.415][response][INFO] (login) POST /identity/connect/token => 400 Bad Request [2023-07-17 14:55:50.415][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK [2023-07-17 14:55:50.439][request][INFO] POST /identity/connect/token [2023-07-17 14:56:00.633][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK [2023-07-17 14:56:05.758][response][INFO] (get_cipher_details) GET /api/ciphers/<uuid>/details => 200 OK [2023-07-17 14:56:10.892][error][ERROR] 2FA token not provided [2023-07-17 14:56:10.893][response][INFO] (login) POST /identity/connect/token => 400 Bad Request [2023-07-17 14:56:10.910][error][ERROR] 2FA token not provided [2023-07-17 14:56:10.910][response][INFO] (login) POST /identity/connect/token => 400 Bad Request [2023-07-17 14:56:41.655][response][INFO] (put_cipher_share_selected) PUT /api/ciphers/share => 200 OK [2023-07-17 14:56:41.662][request][INFO] GET /api/ciphers/9d17b3dd-34a2-4d8f-b020-b258003a0c87/details [2023-07-17 14:56:46.728][response][INFO] (get_cipher_details) GET /api/ciphers/<uuid>/details => 200 OK [2023-07-17 14:56:46.736][request][INFO] GET /api/ciphers/c1a3dfb4-8d56-47f0-9c5b-3c5f5df1d89a/details [2023-07-17 14:56:46.760][response][INFO] (get_cipher_details) GET /api/ciphers/<uuid>/details => 200 OK [2023-07-17 14:56:46.827][request][INFO] GET /api/ciphers/65b9ccaa-099e-4ca9-893f-ce52e3b06718/details [2023-07-17 14:56:56.957][response][INFO] (get_cipher_details) GET /api/ciphers/<uuid>/details => 200 OK [2023-07-17 14:56:57.020][request][INFO] GET /api/ciphers/e1b91b91-d055-4133-ab80-399e0bfd552d/details [2023-07-17 14:56:57.040][response][INFO] (get_cipher_details) GET /api/ciphers/<uuid>/details => 200 OK [2023-07-17 14:56:57.089][response][INFO] (put_cipher_share_selected) PUT /api/ciphers/share => 200 OK [2023-07-17 14:56:57.096][request][INFO] GET /api/ciphers/ee3da8e1-3203-48c2-ab48-976788be73a7/details [2023-07-17 14:56:57.112][response][INFO] (get_cipher_details) GET /api/ciphers/<uuid>/details => 200 OK [2023-07-17 14:57:49.306][request][INFO] POST /identity/connect/token [2023-07-17 14:57:49.320][response][INFO] (login) POST /identity/connect/token => 200 OK [2023-07-17 14:57:49.328][request][INFO] GET /api/sync [2023-07-17 14:57:49.371][response][INFO] (sync) GET /api/sync?<data..> => 200 OK [2023-07-17 14:58:40.367][vaultwarden::api::core::two_factor][INFO] User joachim.bos@e-powerinternational.com did not complete a 2FA login within the configured time limit. IP: 10.0.0.22 [2023-07-17 14:58:41.031][vaultwarden::api::core::two_factor][INFO] User bert.proesmans@e-powerinternational.com did not complete a 2FA login within the configured time limit. IP: 10.0.0.132 [2023-07-17 14:59:58.344][request][INFO] GET /api/config [2023-07-17 14:59:58.344][response][INFO] (config) GET /api/config => 200 OK [2023-07-17 14:59:58.355][request][INFO] GET /api/config [2023-07-17 14:59:58.355][response][INFO] (config) GET /api/config => 200 OK [2023-07-17 14:59:59.208][request][INFO] GET /api/devices/knowndevice [2023-07-17 14:59:59.213][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK [2023-07-17 15:00:05.197][request][INFO] POST /identity/accounts/prelogin [2023-07-17 15:00:05.200][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK [2023-07-17 15:00:05.223][request][INFO] POST /identity/connect/token [2023-07-17 15:00:05.301][error][ERROR] 2FA token not provided [2023-07-17 15:00:05.302][response][INFO] (login) POST /identity/connect/token => 400 Bad Request [2023-07-17 15:00:12.399][request][INFO] POST /identity/connect/token [2023-07-17 15:00:12.642][vaultwarden::api::identity][INFO] User bert.proesmans@e-powerinternational.com logged in successfully. IP: 10.0.0.132 [2023-07-17 15:00:12.747][response][INFO] (login) POST /identity/connect/token => 200 OK [2023-07-17 15:00:12.806][request][INFO] POST /identity/connect/token [2023-07-17 15:00:12.835][vaultwarden::api::notifications][INFO] Accepting WS connection from 172.29.0.3:38742 [2023-07-17 15:00:12.861][response][INFO] (login) POST /identity/connect/token => 200 OK [2023-07-17 15:00:12.878][request][INFO] GET /api/sync?excludeDomains=true [2023-07-17 15:00:13.061][response][INFO] (sync) GET /api/sync?<data..> => 200 OK ``` </details> `[2023-07-17 15:00:12.642][vaultwarden::api::identity][INFO] User bert.proesmans@e-powerinternational.com logged in successfully. IP: 10.0.0.132` Workaround is closing the web vault tabs performing the record move and waiting for some time. Afterwards the server recovered. Other important requests in the log `[2023-07-17 14:55:32.238][vaultwarden::api::notifications][INFO] Closing WS connection from 172.29.0.3` `[2023-07-17 14:55:40.694][vaultwarden::api::notifications][INFO] Closing WS connection from 172.29.0.3` ^Both users closed their browser tab that performed the record move. The underlying issue might be websocket related because you'll notice the server moves records after the websockets are closed (don't compete/deadlock anymore?) with very little delay. `[2023-07-17 14:58:40.367][vaultwarden::api::core::two_factor][INFO] User joachim.bos@e-powerinternational.com did not complete a 2FA login within the configured time limit. IP: 10.0.0.22` `[2023-07-17 14:58:41.031][vaultwarden::api::core::two_factor][INFO] User bert.proesmans@e-powerinternational.com did not complete a 2FA login within the configured time limit. IP: 10.0.0.132` ^Both users 2FA timeout, because after entering username and password there is no prompt for security key until server recovers. <details> <summary>Company event log</summary> ``` message,appIcon,appName,userId,userName,userEmail,date,ip,type,installationId Logged in,bwi-globe,Web vault - Firefox,0751b9f2-417b-4664-856a-0a0c06594a00,Bert Proesmans,bert.proesmans@e-powerinternational.com,2023-07-17T15:00:12.663260Z,10.0.0.132,User_LoggedIn, Moved item ee3da8e1 to an organization.,bwi-globe,Web vault - Firefox,0751b9f2-417b-4664-856a-0a0c06594a00,Bert Proesmans,bert.proesmans@e-powerinternational.com,2023-07-17T14:56:57.062436Z,10.0.0.132,Cipher_Shared, Moved item e1b91b91 to an organization.,bwi-globe,Web vault - Firefox,0751b9f2-417b-4664-856a-0a0c06594a00,Bert Proesmans,bert.proesmans@e-powerinternational.com,2023-07-17T14:56:56.982798Z,10.0.0.132,Cipher_Shared, Moved item 65b9ccaa to an organization.,bwi-globe,Web vault - Firefox,0751b9f2-417b-4664-856a-0a0c06594a00,Bert Proesmans,bert.proesmans@e-powerinternational.com,2023-07-17T14:56:46.793040Z,10.0.0.132,Cipher_Shared, Moved item 9d17b3dd to an organization.,bwi-globe,Web vault - Chrome,c0b5aaa0-29cf-4195-a451-35aa3fbf4d58,Joachim Bos,joachim.bos@e-powerinternational.com,2023-07-17T14:56:41.629768Z,10.0.0.22,Cipher_Shared, Moved item c1a3dfb4 to an organization.,bwi-globe,Web vault - Firefox,0751b9f2-417b-4664-856a-0a0c06594a00,Bert Proesmans,bert.proesmans@e-powerinternational.com,2023-07-17T14:55:09.435256Z,10.0.0.132,Cipher_Shared, Moved item 9539a8ed to an organization.,bwi-globe,Web vault - Chrome,c0b5aaa0-29cf-4195-a451-35aa3fbf4d58,Joachim Bos,joachim.bos@e-powerinternational.com,2023-07-17T14:55:04.342939Z,10.0.0.22,Cipher_Shared, Moved item edad5cab to an organization.,bwi-globe,Web vault - Chrome,c0b5aaa0-29cf-4195-a451-35aa3fbf4d58,Joachim Bos,joachim.bos@e-powerinternational.com,2023-07-17T14:54:17.960334Z,10.0.0.22,Cipher_Shared, Logged in,bwi-globe,Web vault - Chrome,c0b5aaa0-29cf-4195-a451-35aa3fbf4d58,Joachim Bos,joachim.bos@e-powerinternational.com,2023-07-17T14:53:26.313367Z,10.0.0.22,User_LoggedIn, Logged in,bwi-globe,Web vault - Firefox,0751b9f2-417b-4664-856a-0a0c06594a00,Bert Proesmans,bert.proesmans@e-powerinternational.com,2023-07-17T14:49:01.753323Z,10.0.0.132,User_LoggedIn, ``` </details> Edit; If required, please tell me how I should collect and deliver the required data to debug this and I'll test again tomorrow.

OVERLORD commented 2026-02-05 01:21:23 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Jul 18, 2023):

The web-sockets are separated from the rest of the code in the sense that it only triggers a call, it shouldn't block anything else. It also is the last call done so all database transactions should be finished already.

WebSocket connections are closed because you close the tabs, which is expected behavior, and those are connections running parallel in a different thread.

Are there any restrictions on the container/pod in the amounts of memory or CPU's?
What kind of storage is used for the sqlite database?

Are there any browser console errors/warnings during these actions?
Are there any limitations or restrictions configured at the reverse proxy? Like ModSecurity, WAF or any other security tools?

@BlackDex commented on GitHub (Jul 18, 2023): The web-sockets are separated from the rest of the code in the sense that it only triggers a call, it shouldn't block anything else. It also is the last call done so all database transactions should be finished already. WebSocket connections are closed because you close the tabs, which is expected behavior, and those are connections running parallel in a different thread. Are there any restrictions on the container/pod in the amounts of memory or CPU's? What kind of storage is used for the sqlite database? Are there any browser console errors/warnings during these actions? Are there any limitations or restrictions configured at the reverse proxy? Like ModSecurity, WAF or any other security tools?

OVERLORD commented 2026-02-05 01:21:31 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Jul 18, 2023):

@Bert-Proesmans Cloud you provide us with the amount of ciphers/vault-items listed for the users in question and the amount for the org. You can extract data information from the /admin panel

@BlackDex commented on GitHub (Jul 18, 2023): @Bert-Proesmans Cloud you provide us with the amount of ciphers/vault-items listed for the users in question and the amount for the org. You can extract data information from the `/admin` panel

OVERLORD commented 2026-02-05 01:21:37 +03:00

Author

Owner

Copy Link

@Bert-Proesmans commented on GitHub (Jul 18, 2023):

The web-sockets are separated from the rest of the code in the sense that it only triggers a call, it shouldn't block anything else. It also is the last call done so all database transactions should be finished already.

That was just a guess, I recognize correlation in time is not always causation.

Are there any restrictions on the container/pod in the amounts of memory or CPU's? What kind of storage is used for the sqlite database?

No container restrictions, the host VM has no CPU/RAM contention. There is still unused disk space left. The persistent store is a volume mount on the local VM docker host.

Are there any browser console errors/warnings during these actions? Are there any limitations or restrictions configured at the reverse proxy? Like ModSecurity, WAF or any other security tools?

No console errors/warnings, no special mention in the container (request) logs. The proxy restricts IPs and blocks common exploits at application level ('Block common exploits' in Nginx Proxy Manager)

Cloud you provide us with the amount of ciphers/vault-items listed for the users in question and the amount for the org.

ORG; 32 users/373 entries
bertp; 32 entries
joachimb; 15 entries

Have you tried replicating this scenario on your own machine? Could you reproduce?

@Bert-Proesmans commented on GitHub (Jul 18, 2023): > The web-sockets are separated from the rest of the code in the sense that it only triggers a call, it shouldn't block anything else. It also is the last call done so all database transactions should be finished already. That was just a guess, I recognize correlation in time is not always causation. > Are there any restrictions on the container/pod in the amounts of memory or CPU's? What kind of storage is used for the sqlite database? No container restrictions, the host VM has no CPU/RAM contention. There is still unused disk space left. The persistent store is a volume mount on the local VM docker host. > Are there any browser console errors/warnings during these actions? Are there any limitations or restrictions configured at the reverse proxy? Like ModSecurity, WAF or any other security tools? No console errors/warnings, no special mention in the container (request) logs. The proxy restricts IPs and blocks common exploits at application level ('Block common exploits' in Nginx Proxy Manager) > Cloud you provide us with the amount of ciphers/vault-items listed for the users in question and the amount for the org. ORG; 32 users/373 entries bertp; 32 entries joachimb; 15 entries Have you tried replicating this scenario on your own machine? Could you reproduce?

OVERLORD commented 2026-02-05 01:21:40 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Jul 18, 2023):

@Bert-Proesmans i have tried to reproduce it, but I'm not able to.

I created an empty org, two new users, imported a list of 3000 vault items (1500 Login and 1500 Secure Notes) for both users.
Both those users now had 3000 items each, so in total 6000 items.

The org had 2 items, one in each collection.

I then clicked on the select all (Which actually selects the first 500 items, not more), and selected the option to move to an organization and prepared the web-vault interface so that it has the save option ready to be clicked for both users, where for user1 i selected collection x, and for user2 i selected collection y.

I then pressed the save buttons right after each other, and they both almost simultaneously posted that data to Vaultwarden.
Vaultwarden was processing both requests at the same time, and it took them both around 5.7/5.8 seconds to fully process those requests.

I also had a third client open in which i switched between the groups and vault tab's, that kinda forces the vault to re-sync for that users, and thus request a data from the database.

It all seems to work just fine no issues. The only thing I notice is that it takes a long time to load the vault, because of the huge amount of ciphers I have now haha.

I'm using SQLite too of course my system doesn't have that much memory, and it even uses swap currently, and i was running both the server and the clients on the exact same system, so all were using a lot of resources.

So, either something strange is happening with your database, or the storage you are using for some reason does not support locking, which could cause strange issues.

Maybe you can check/verify/vacuum your database file, after creating a backup of course.

Please try to run the following on the sqlite database, make sure you stop Vaultwarden before running these queries, and that you created a backup!

Run sqlite3 db.sqlite:

--- Check integrity
PRAGMA integrity_check;

--- Check for foreign key issues
PRAGMA foreign_key_check;

--- If both do not produce an error message, it's ok.
--- If all is ok, run the following queries.

--- Vacuum/Shrink the database by removing all empty spaces
VACUUM;

--- Run some general optimizations, doesn't hurt.
PRAGMA optimize;

If it still causes issues, i have no clue on what it could be.
It could still be your underlying storage for the VM, if that is a NFS or CIFS/Samba share that might cause issues.

@BlackDex commented on GitHub (Jul 18, 2023): @Bert-Proesmans i have tried to reproduce it, but I'm not able to. I created an empty org, two new users, imported a list of 3000 vault items (1500 Login and 1500 Secure Notes) for both users. Both those users now had 3000 items each, so in total 6000 items. The org had 2 items, one in each collection. I then clicked on the select all (Which actually selects the first 500 items, not more), and selected the option to move to an organization and prepared the web-vault interface so that it has the save option ready to be clicked for both users, where for user1 i selected collection x, and for user2 i selected collection y. I then pressed the save buttons right after each other, and they both almost simultaneously posted that data to Vaultwarden. Vaultwarden was processing both requests at the same time, and it took them both around 5.7/5.8 seconds to fully process those requests. I also had a third client open in which i switched between the `groups` and `vault` tab's, that kinda forces the vault to re-sync for that users, and thus request a data from the database. It all seems to work just fine no issues. The only thing I notice is that it takes a long time to load the vault, because of the huge amount of ciphers I have now haha. I'm using SQLite too of course my system doesn't have that much memory, and it even uses swap currently, and i was running both the server and the clients on the exact same system, so all were using a lot of resources. So, either something strange is happening with your database, or the storage you are using for some reason does not support locking, which could cause strange issues. Maybe you can check/verify/vacuum your database file, after creating a backup of course. Please try to run the following on the sqlite database, make sure you stop Vaultwarden before running these queries, and that you created a backup! Run `sqlite3 db.sqlite`: ```sql --- Check integrity PRAGMA integrity_check; --- Check for foreign key issues PRAGMA foreign_key_check; --- If both do not produce an error message, it's ok. --- If all is ok, run the following queries. --- Vacuum/Shrink the database by removing all empty spaces VACUUM; --- Run some general optimizations, doesn't hurt. PRAGMA optimize; ``` If it still causes issues, i have no clue on what it could be. It could still be your underlying storage for the VM, if that is a NFS or CIFS/Samba share that might cause issues.

OVERLORD commented 2026-02-05 01:21:44 +03:00

Author

Owner

Copy Link

@Bert-Proesmans commented on GitHub (Jul 18, 2023):

hmm, your data scope is way larger so that rules out locking issues in application layer.
I'll run those commands on the database and see if it improves anything. If no effect I'll play a bit with sqlite, I have zero experience with the lib but needed an excuse to do some digging. I'll give feedback in a few days.

It could still be your underlying storage for the VM, if that is a NFS or CIFS/Samba share that might cause issues.

The weird thing is that all VM resources are local to the host, we're not using any high latency protocol for compute nor storage in this instance.

I want to reiterate that this specific user story is a minor issue (low priority), the server works as expected 99.9% of the time. That's also the reason why I'm not as responsive as I'd like to be.
If my inspection on the sqlite db doesn't improve the symptoms I propose to close this issue as not reproducible. This could still very well be a platform issue which is out of scope for this tracker.

@Bert-Proesmans commented on GitHub (Jul 18, 2023): hmm, your data scope is way larger so that rules out locking issues in application layer. I'll run those commands on the database and see if it improves anything. If no effect I'll play a bit with sqlite, I have zero experience with the lib but needed an excuse to do some digging. I'll give feedback in a few days. > It could still be your underlying storage for the VM, if that is a NFS or CIFS/Samba share that might cause issues. The weird thing is that all VM resources are local to the host, we're not using any high latency protocol for compute nor storage in this instance. I want to reiterate that this specific user story is a minor issue (low priority), the server works as expected 99.9% of the time. That's also the reason why I'm not as responsive as I'd like to be. If my inspection on the sqlite db doesn't improve the symptoms I propose to close this issue as not reproducible. This could still very well be a platform issue which is out of scope for this tracker.

OVERLORD commented 2026-02-05 01:21:48 +03:00

Author

Owner

Copy Link

@Bert-Proesmans commented on GitHub (Jul 20, 2023):

I've executed all commands on our database and the console didn't report any errors.
We ran through the scenario again and still the same symptoms. Our issue is not solved by database maintenance, sadly.

Thanks for helping out! I'll have to take a deeper look into the machinery running this container.

@Bert-Proesmans commented on GitHub (Jul 20, 2023): I've executed all commands on our database and the console didn't report any errors. We ran through the scenario again and still the same symptoms. Our issue is not solved by database maintenance, sadly. Thanks for helping out! I'll have to take a deeper look into the machinery running this container.

OVERLORD commented 2026-02-05 01:21:51 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Jul 20, 2023):

Very strange. I would indeed suggest to gather some metrics like, CPU, Mem, Disk IO to see if you see anything strange there.
On both the Host and VM.

Ill move this to discussions so that other people can see it, and if you want, you can update us on it :).

@BlackDex commented on GitHub (Jul 20, 2023): Very strange. I would indeed suggest to gather some metrics like, CPU, Mem, Disk IO to see if you see anything strange there. On both the Host and VM. Ill move this to discussions so that other people can see it, and if you want, you can update us on it :).

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label troubleshooting

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1619