I have several issues after migration

ℹ️ Support
, , ,
1

i migrated my nextcloud instance at truenas scale from the true charts appt to the truenas app.

after many many hours leranings about how to migrate and especially the postgres db. now my instance is working again but it has a few issues.

The Basics

  • Nextcloud Server version (e.g., 29.x.x):
    • 31.0.0
  • Operating system and version (e.g., Ubuntu 24.04):
    • TrueNAS scale ElectricEel-24.10.2

  • Web server and version (e.g, Apache 2.4.25):

  • Reverse proxy and version _(e.g. nginx 1.27.2)
    • nginx 2.12.3
  • PHP version (e.g, 8.3):
    • 8.3.17
  • Is this the first time you’ve seen this error? (Yes / No):
    • 2.4.62
  • When did this problem seem to first start?
    • after migration from truecharts app to truenas app
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • truenas app
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • cloudflare dns

Summary of the issue you are facing:

  1. Login isn’t working all the time. Sometimes it seems to log in correctly but after a second i am kicked back to the login screen. Try it again somtimes leads to “temporary error - pleas try again”, somtimes i get logged in again, see a 401 warning where the files should be and kicked out again. after quite a time it is working again. Sometimes it is working also, if i try it in a private tab. Logifiles follows after second issue.

  2. An invalid file:

Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results
=======
- core
	- INVALID_HASH
		- core/js/mimetypelist.js

Raw output
==========
Array
(
    [core] => Array
        (
            [INVALID_HASH] => Array
                (
                    [core/js/mimetypelist.js] => Array
                        (
                            [expected] => 83befc51175b6888bc37997804057c6c8a42d7f6acab0f698e00d64b2d3b6b71e43ef4c59086b9cdd5154b0ed86aae1153ea68770b34cc78e446cac6af86d0ac
                            [current] => 48cbb087056677f82680824f2af0f16a2446139ad2bfb5f9eeed790cf584a4a4b253bcdce874e9954157344b640da28edbdc8eafa5ac45417e0357770ab560e4
                        )

                )

        )

)
  1. warnings and errors in logfile

Log entries

 ValueError hash_hkdf(): Argument #2 ($key) cannot be empty

    /var/www/html/lib/private/Security/Crypto.phpZeile 147

    undefinedundefinedhash_hkdf(
      "sha512",
      {
        "__class__": "SensitiveParameterValue"
      }
    )

    /var/www/html/lib/private/Security/Crypto.phpZeile 102

    OC\Security\Crypto->decryptWithoutSecret(
      "*** sensitive parameters replaced ***"
    )

    /var/www/html/custom_apps/mail/lib/IMAP/IMAPClientFactory.phpZeile 76

    OC\Security\Crypto->decrypt(
      "*** sensitive parameters replaced ***"
    )

    /var/www/html/custom_apps/mail/lib/IMAP/MailboxSync.phpZeile 87

    OCA\Mail\IMAP\IMAPClientFactory->getClient(
      "*** sensitive parameters replaced ***"
    )

    /var/www/html/custom_apps/mail/lib/BackgroundJob/SyncJob.phpZeile 92

    OCA\Mail\IMAP\MailboxSync->sync(
      "*** sensitive parameters replaced ***"
    )

    /var/www/html/lib/public/BackgroundJob/Job.phpZeile 61

    OCA\Mail\BackgroundJob\SyncJob->run(
      {
        "accountId": 3
      }
    )

    /var/www/html/lib/public/BackgroundJob/TimedJob.phpZeile 88

    OCP\BackgroundJob\Job->start(
      {
        "__class__": "OC\\BackgroundJob\\JobList"
      }
    )

    /var/www/html/lib/public/BackgroundJob/TimedJob.phpZeile 75

    OCP\BackgroundJob\TimedJob->start(
      {
        "__class__": "OC\\BackgroundJob\\JobList"
      }
    )

    /var/www/html/cron.phpZeile 168

    OCP\BackgroundJob\TimedJob->execute(
      {
        "__class__": "OC\\BackgroundJob\\JobList"
      }
    )

I found out that this could be this issue: [Bug]: `hash_hkdf(): Argument #2 ($key) cannot be empty` / `HMAC does not match` · Issue #34012 · nextcloud/server · GitHub
But when i replace the secret and the pwsalt with that one of the old installation i get:

Interner Serverfehler

Der Server konnte die Anfrage nicht fertig stellen.

Sollte dies erneut auftreten, sende bitte die nachfolgenden technischen Einzelheiten an deinen Server-Administrator.

Weitere Details können im Server-Protokoll gefunden werden.
Technische Details

    Entfernte Adresse: 192.168.31.1
    Anfragekennung: 7S2DgimOV0tp8XdOxywk

 Exception HMAC does not match.

    /var/www/html/lib/private/Security/Crypto.phpZeile 98

    OC\Security\Crypto->decryptWithoutSecret(
      "*** sensitive parameters replaced ***"
    )

    /var/www/html/lib/private/Session/CryptoSessionData.phpZeile 70

    OC\Security\Crypto->decrypt(
      "*** sensitive parameters replaced ***"
    )

    /var/www/html/lib/private/Session/CryptoSessionData.phpZeile 47

    OC\Session\CryptoSessionData->initializeSession()

    /var/www/html/lib/private/Session/CryptoWrapper.phpZeile 94

    OC\Session\CryptoSessionData->__construct(
      {
        "__class__": "OC\\Session\\Internal"
      },
      {
        "__class__": "OC\\Security\\Crypto"
      },
      "*** sensitive parameters replaced ***"
    )

    /var/www/html/lib/base.phpZeile 410

    OC\Session\CryptoWrapper->wrapSession(
      {
        "__class__": "OC\\Session\\Internal"
      }
    )

    /var/www/html/lib/base.phpZeile 679

    OC::initSession()

    /var/www/html/lib/base.phpZeile 1149

    OC::init()

    /var/www/html/index.phpZeile 22

    undefinedundefinedrequire_once(
      "/var/www/html/lib/base.php"
    )

But it seems, the log errors have no obvious connection to the first issue. logging in most of the time working like it should.

2

Do you use the server-side encryption?

The errors seem to relate to this part…

3

i never used encryption

4

Sorry, my fault, it is the mail app, and probably the cronjob that checks mails.

The issue you found is probably a good starting point. When you migrate the server, you normally reuse the exact same config.php. The problem now is, that the salt and the secret are used at different places. I don’t know all of them, but I imagine at least with the mail app and also the users passwords (and probably more places).
Other place, where I got the wrong hint, is also the server side encryption. Even if it is not used itself, some of the functions might be used for other purposes?

If you migrate a setup, you should keep the same database content, the same file structure, the same config file: Migrating to a different server — Nextcloud latest Administration Manual latest documentation

5

yes, thanks, i messed it up and have not used the old config. now it is too late, i think, because when i use the old one i got the error above and i can not login at all.
are ther ane suggestions? maybe changing it manually in db somhow? searching for the old salt and replace it with the new one?

6

For the mail app, you can try to enter again the password/authentication settings, perhaps this is enough. Or you have to set it up again from 0.