[Self-Hosted/Helm] Can't log into accounts belonging to an organisation #5904
Description
Steps To Reproduce
- Set up the Helm Chart in a k8s cluster. We further use an external MSSQL DB.
- Create an account (sanity check: log out + log in works)
- Import an organization license with that account
- Log out
- Log back in
Expected Result
Login works after importing an organization license.
Actual Result
Login times out.
The identity-pod logs the following error:
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity fail: Microsoft.AspNetCore.Server.Kestrel[13]
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity => SpanId:8099958ca3ae90ef, TraceId:c1d214a1c216086be61bbfedb9ce907e, ParentId:0000000000000000 => ConnectionId:0HND1KVI2MCD8 => RequestPath:/identity/connect/token RequestId:0HND1KVI2MCD8:00000002
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity Connection id "0HND1KVI2MCD8", Request id "0HND1KVI2MCD8:00000002": An unhandled exception was thrown by the application.
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity Microsoft.Data.SqlClient.SqlException (0x80131904): Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity Operation cancelled by user.
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity The statement has been terminated.
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity ---> System.ComponentModel.Win32Exception (258): Unknown error 258
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Microsoft.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Microsoft.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Microsoft.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, SqlCommand command, Boolean callerHasConnectionLock, Boolean asyncClose)
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Microsoft.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& d
ataReady)
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Microsoft.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Microsoft.Data.SqlClient.SqlBulkCopy.RunParser(BulkCopySimpleResultSet bulkCopyHandler)
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Microsoft.Data.SqlClient.SqlBulkCopy.CopyBatchesAsyncContinuedOnSuccess(BulkCopySimpleResultSet internalResults, String updateBulkCommandText, CancellationToken cts, TaskCompletionSource`1 source)
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Microsoft.Data.SqlClient.SqlBulkCopy.CopyBatchesAsyncContinued(BulkCopySimpleResultSet internalResults, String updateBulkCommandText, CancellationToken cts, TaskCompletionSource`1 source)
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Microsoft.Data.SqlClient.SqlBulkCopy.CopyBatchesAsync(BulkCopySimpleResultSet internalResults, String updateBulkCommandText, CancellationToken cts, TaskCompletionSource`1 source)
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Microsoft.Data.SqlClient.SqlBulkCopy.WriteToServerInternalRestContinuedAsync(BulkCopySimpleResultSet internalResults, CancellationToken cts, TaskCompletionSource`1 source)
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity --- End of stack trace from previous location ---
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Bit.Infrastructure.Dapper.Repositories.EventRepository.CreateManyAsync(IEnumerable`1 entities) in /home/runner/work/server/server/src/Infrastructure.Dapper/AdminConsole/Repositories/EventRepository.
cs:line 118
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Bit.Core.Services.RepositoryEventWriteService.CreateManyAsync(IEnumerable`1 e) in /home/runner/work/server/server/src/Core/Services/Implementations/RepositoryEventWriteService.cs:line 23
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Bit.Core.Services.EventRouteService.CreateManyAsync(IEnumerable`1 e) in /home/runner/work/server/server/src/Core/AdminConsole/Services/Implementations/EventRouteService.cs:line 31
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Bit.Core.Services.EventService.LogUserEventAsync(Guid userId, EventType type, Nullable`1 date) in /home/runner/work/server/server/src/Core/AdminConsole/Services/Implementations/EventService.cs:line
84
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Bit.Identity.IdentityServer.RequestValidators.BaseRequestValidator`1.BuildSuccessResultAsync(User user, T context, Device device, Boolean sendRememberToken) in /home/runner/work/server/server/src/Id
entity/IdentityServer/RequestValidators/BaseRequestValidator.cs:line 204
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Bit.Identity.IdentityServer.RequestValidators.BaseRequestValidator`1.ValidateAsync(T context, ValidatedTokenRequest request, CustomValidatorRequestContext validatorContext) in /home/runner/work/serv
er/server/src/Identity/IdentityServer/RequestValidators/BaseRequestValidator.cs:line 190
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Bit.Identity.IdentityServer.RequestValidators.ResourceOwnerPasswordValidator.ValidateAsync(ResourceOwnerPasswordValidationContext context) in /home/runner/work/server/server/src/Identity/IdentitySer
ver/RequestValidators/ResourceOwnerPasswordValidator.cs:line 79
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Duende.IdentityServer.Validation.TokenRequestValidator.ValidateResourceOwnerCredentialRequestAsync(NameValueCollection parameters) in /_/src/IdentityServer/Validation/Default/TokenRequestValidator.c
s:line 601
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Duende.IdentityServer.Validation.TokenRequestValidator.RunValidationAsync(Func`2 validationFunc, NameValueCollection parameters) in /_/src/IdentityServer/Validation/Default/TokenRequestValidator.cs:
line 273
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Duende.IdentityServer.Validation.TokenRequestValidator.ValidateRequestAsync(TokenRequestValidationContext context) in /_/src/IdentityServer/Validation/Default/TokenRequestValidator.cs:line 194
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Duende.IdentityServer.Endpoints.TokenEndpoint.ProcessTokenRequestAsync(HttpContext context) in /_/src/IdentityServer/Endpoints/TokenEndpoint.cs:line 120
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Duende.IdentityServer.Endpoints.TokenEndpoint.ProcessAsync(HttpContext context) in /_/src/IdentityServer/Endpoints/TokenEndpoint.cs:line 81
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Duende.IdentityServer.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IdentityServerOptions options, IEndpointRouter router, IUserSession userSession, IEventService events, IIssuerNameS
ervice issuerNameService, ISessionCoordinationService sessionCoordinationService) in /_/src/IdentityServer/Hosting/IdentityServerMiddleware.cs:line 106
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Duende.IdentityServer.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IdentityServerOptions options, IEndpointRouter router, IUserSession userSession, IEventService events, IIssuerNameS
ervice issuerNameService, ISessionCoordinationService sessionCoordinationService) in /_/src/IdentityServer/Hosting/IdentityServerMiddleware.cs:line 128
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Duende.IdentityServer.Hosting.MutualTlsEndpointMiddleware.Invoke(HttpContext context, IAuthenticationSchemeProvider schemes) in /_/src/IdentityServer/Hosting/MutualTlsEndpointMiddleware.cs:line 95
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Duende.IdentityServer.Hosting.DynamicProviders.DynamicSchemeAuthenticationMiddleware.Invoke(HttpContext context) in /_/src/IdentityServer/Hosting/DynamicProviders/DynamicSchemes/DynamicSchemeAuthent
icationMiddleware.cs:line 51
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Duende.IdentityServer.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) in /_/src/IdentityServer/Hosting/BaseUrlMiddleware.cs:line 27
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Bit.Core.Utilities.CurrentContextMiddleware.Invoke(HttpContext httpContext, ICurrentContext currentContext, GlobalSettings globalSettings) in /home/runner/work/server/server/src/Core/Utilities/Curre
ntContextMiddleware.cs:line 19
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Microsoft.AspNetCore.Builder.Extensions.UsePathBaseMiddleware.InvokeCore(HttpContext context, PathString matchedPath, PathString remainingPath)
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Bit.Identity.Startup.<>c__DisplayClass10_1.<<Configure>b__2>d.MoveNext() in /home/runner/work/server/server/src/Identity/Startup.cs:line 189
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity --- End of stack trace from previous location ---
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity ClientConnectionId:6d3bcd74-dad5-40d1-8749-bfacc6816b22
bitwarden-self-host-identity-6f545db88-tpwfc bitwarden-self-host-identity Error Number:-2,State:0,Class:11
the above log is produced with the 2025.5.3 image
Screenshots or Videos
No response
Additional Context
- We've seen that the helm chart does not receive the latest updates immediately. We have also tried using the 2025.5.3 images for each pod, though that unfortunately did not help.
- Before importing the organization license, everything works as expected (log out + log in, passwords are stored in the DB, attachments for passwords work, etc.).
- After we delete the organization in the
/admin-UI, logging into the accounts works again.
Build Version
self-host-2025.5.1
Environment
Self-Hosted
Environment Details
- EKS k8s cluster
- RDS MSSQL DB (sqlserver-ex, version 16.00.4185.3.v1)
- EFS storage class for PVs
Issue Tracking Info
- I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.