Some of the UniFi UNVR’s have system files on a USB drive. There seem to be a number of the drives failing recently, rendering the UNVR inoperable. Fortunately it is easy to replace. The following steps should preserve the video recordings.
Remove the USB drive (use a heat gun or screw driver to break the glue that is holding the USB drive)
Install new USB drive
Temporarily remove UNVR HDDs (this may not be necessary, but rather be safe then sorry.)
Boot UNVR with new USB drive. (Give it a little time to format and copy contents to the new USB drive. Should not take more then 30 minutes.)
Setup the UNVR like it was before
Power off the UNVR again
Reinstall the HDD’s
Power on the UNVR
Log in and reconfigure the users
Note on Recovery
You could potentially mount the failed or failing USB drive on a Linux machine copy off a UniFi backup. Unfortunately, the UniFi Protect backup does not preserve the users. Just the video groups. You will probably have to resend invites to users.
Note on the video storage drives
It sounds like the UniFi Protect system will try to read the drives and if it can preserve the data or read the raid information it will try to use that. That is what it sounds like at least from the forums. More info on drive management.
You will need a hash of the password to put into the database. We don’t cover that in this post. You could copy the password from a different user account or use a different UniFi instance to change the password and then check the DB to find the hash.
SSH into the UniFi Server
Connect to MongoDB
Connect to Mongo by typing in the following.
mongo -port 27117
Then select the ace database by typing
Find user ObjectId
The admins are in the admin collection/table. Use the following command to list all the users and their name, email, and password hash.
Manually adding the UniFi Protect self signed certificate can be helpful if you are accessing the controller over the local network. It has the benefit of letting your browser remember the password if wanted and not having to verify the certificate.
First we need to acquire the certificate.
Acquire UniFi Protect Certificate
In a Chrome based web browser, go to the IP address of the UniFi Protect NVR
Click in the URL bar where is says “Not secure” -> Certificate -> Details -> Copy to file
Follow the export Wizard. You can use the default settings.
You can now import the certificate by double clicking on the cert.
Note that it says to install the cert in the “Trusted Root Certification Authorities” store
Now we can move on to Configuring the hosts file.
Add unifi.local to system hosts file
We need to add an entry for unifi.local as the cert if for unifi.local hostname and not the controllers IP address.
We’ll essentially be following the same steps outlined in the following post.
Launch notepad as administrator
Open the hosts file in
Add the following line to the bottom of your hosts file. Change the IP address to the IP of your controller.
Save the file.
You should now be set. Open a browser and got to https://unifi.local to access the UniFi Protect Controller.
Now we can extract the zip archive. You can do this on Windows, macOS, or Linux through the GUI or you can extract with
sudo unzip autobackup_6.2.33.zip -d unifi
This will extract all the files and folders to a directory named unifi.
Dump database to JSON
You should now see the db.gz file. This is a compressed archive of the database in BSON (Binary JSON) format. We can use the mongo-tools to convert this to a more human readable JSON format.
sudo apt install mongo-tools
Now we can extract the archive and pipe it through bsondump.
gunzip -c db.gz | bsondump
You can run it through grep to filter out what you need.
You can also dump the db to a json file with
bsondump --bsonFile=db --outFile=db.json
More notes on the decrypt script.
The decrypt script is really simple. It looks like it uses a key to decrypt the UniFi backup and then puts all the contents into a zip file. There is also an encryption script. Theoretically you can decrypt, make changes to the config and then reencrypt and restore to a server.