This article will guide you to recover data on your PC when Synology NAS malfunctions.

Applicable to:

• DSM version 6.2.x and above
• Volumes using the Btrfs or ext4 file systems
• Ubuntu version 18.04 (Download ubuntu-18.04-desktop-amd64.iso here)

Not applicable to:

• Volumes using read-write SSD cache

Recover data using a PC

1. Make sure your PC has sufficient drive slots for drive installation.
2. Remove the drives from your Synology NAS and install them in your PC. For RAID or SHR configurations, you must install all the drives (excluding hot spare drives) in your PC at the same time.
3. Prepare an Ubuntu environment by following the instructions in this tutorial.
4. Go to the Files on the left bar and select Home.
5. Right-click and select New Folder, and create one or more folders as mount points for accessing data.¹
6. Right-click on the new folder(s), click Properties, the parent folder with folder name is ${mount_point}.
   • Example: If the parent folder is /home/ubuntu/ and the folder name is Test, the mount point will be /home/ubuntu/Test/
7. Go to Show Application in the lower-left corner > Type to search....
8. Enter Terminal in the search bar and select Terminal.
9. Enter the following command to obtain the root privileges.
   sudo -i
10. Enter the following commands to install mdadm and lvm2, both of which are RAID management tools. lvm2 must be installed or vgchange will not work.
    apt-get update
apt-get install -y mdadm lvm2
11. Enter the following command to assemble all the drives removed from your Synology NAS. The results may differ according to the storage pool configurations on your Synology NAS.
    mdadm -AsfR && vgchange -ay
12. Enter the following command to get the information of ${device_path}.
    cat /proc/mdstat
lvs
    According to the output of pvs/vgs/lvs, the device paths are as follows:

    	${device_path}
    No lvs output	/dev/${md}2
    With lvs output	/dev/${VG}/${LV}3

    Below are the samples of md status corresponding to its RAID and volume type:

    Device Paths	Classic RAID with single volume
    cat /proc/mdstat	root@ubuntu:~# cat /proc/mdstat Personalities : [raid1] md4 : active raid1 sdc3[0] 73328704 blocks super 1.2 [1/1] [U] unused devices:<none>
    lvs	No output
    ${device_path}	/dev/md4

    Device Paths	SHR with single volume
    cat /proc/mdstat	root@ubuntu:~# cat /proc/mdstat Personalities : [raid1] md3 : active raid1 sda5[0] 73319616 blocks super 1.2 [1/1] [U] unused devices:<none>
    lvs	root@ubuntu:~# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert lv vg1000 -wi-a----- 69.92g
    ${device_path}	/dev/vg1000/lv

    Device Paths	Classic RAID/SHR with multiple volume
    cat /proc/mdstat	Personalities : [raid1] md3 : active raid1 sdc3[0] sdd3[1] 73328704 blocks super 1.2 [2/2] [UU] unused devices:<none>
    lvs	root@ubuntu:~# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy% Sync Convert syno_vg_reserved_area vg1 -wi-a----- 12.00m volume_1 vg1 -wi-a----- 30.00g volume_3 vg1 -wi-a----- 30.00g
    ${device_path}	/dev/vg1/volume_1 /dev/vg1/volume_3

13. Enter the following commands to mount all the drives as read-only to access your data. Enter your device path (according to RAID and volume type in Step 12) in ${device_path} and mount point (created in Step 6) in ${mount_point}. Your data will be placed under the mount point.
    mount ${device_path} ${mount_point} -o ro
14. Check the data in Files > Home > the folders you created in Step 5.
15. For encrypted volumes and shared folders:
    • Mount an encrypted volume on a PC.
    • Mount an encrypted shared folder on a PC.

If you still cannot recover the data through the above steps, refrain from trying any other methods to repair because it may cause more damage to your data. As your last option, seek the help of a local data rescue company. Kindly understand that data retrieval is still not guaranteed.

Mount an encrypted volume on a PC

Make sure you have the recovery key of your encrypted volume. The following steps only work if the recovery key is correct.

1. In Terminal, enter the following command to install cryptsetup.
   apt-get install cryptsetup
2. Enter the following command to decode your recovery key. Replace ${your_recovery_key_path} with the location of the recovery key and ${base64_decode_output_path} with the desired output file name and location.
   base64 --decode ${your_recovery_key_path} > ${base64_decode_output_path}
   • Example: If the recovery key is located at /mnt/volume1.rkey and you want the output file to be named as decode_output and located in /mnt, the entered command will be: base64 --decode /mnt/volume1.rkey > /mnt/decode_output
3. Enter the following command to test if the recovery key is correct. Replace ${base64_decode_output_path} with the output file name and location.
   cryptsetup open --test-passphrase /dev/vgX/volume_Y -S 1 -d ${base64_decode_output_path} -v
   • Example: If the output file name is decode_output and located in /mnt, the entered command will be: cryptsetup open --test-passphrase /dev/vgX/volume_Y -S 1 -d /mnt/decode_output -v
4. Check the result to see if the recovery key is correct:
   • Correct key:
     Key slot 1 unlocked.
Command successful.
   • Incorrect key:
     No key available with this passphrase.
Command failed with code -2 (no permission or bad passphrase).
     Find the correct key and return to the previous step to decode again.
5. Enter the following command to decrypt the encrypted volume with your decoded recovery key.
   cryptsetup open --allow-discards /dev/vgX/volume_Y cryptvol_Y -S 1 -d ${base64_decode_output_path}
6. Enter the following command to mount all the drives as read-only to access your data. Replace ${device_path} with your device path /dev/mapper/cryptvol_Y and ${mount_point} with the mount point created in Step 6). Your data will be placed under the mount point.
   mount ${device_path} ${mount_point} -o ro
7. Refer to Step 14 to recover your data.

Mount an encrypted shared folder on a PC

Make sure you have the encryption key of your encrypted shared folder. The following steps only work if the encryption key is correct.

1. In Terminal, enter the following command to obtain the root privileges.
   sudo -i
2. Enter the following commands to enable universe repo and install ecryptfs-utils.
   apt-get-repository universe
apt-get update
apt-get install ecryptfs-utils
3. Enter the following command to get the FNEK (Filename Encryption Key) value of your encryption key.
   ecryptfs-add-passphrase --fnek
   1. When prompted, enter your encryption key into the Passphrase field.
   2. You will see an output similar to the following:
      Inserted auth tok with sig [79d78a9afb5ebc95] into the user session keyring
Inserted auth tok with sig [e4e4e8a3ca7d5d54] into the user session keyring
      The value within the second square brackets is your FNEK value. Take note of this value because you will need it in the following steps.
4. Use the cd command to navigate to the mount point you have created in Step 6 of the previous section.
   cd ${mount_point}
   • Example: If the mount point ${mount_point} is /home/ubuntu/Test/, the entered command would look like: cd /home/ubuntu/Test/.
5. Create a temporary folder as a mount point for your encrypted shared folder. Use the mkdir command to create a new folder.
   mkdir folder_name
   In the command above, replace folder_name with a name you want to give to the folder.
6. Enter the following command to mount your encrypted shared folder.
   mount -t ecryptfs folder_name
   Make sure to replace folder_name with the name of the temporary folder you have created in the previous step. To complete the mount, additional inputs are required. Follow the instructions below:
   1. Passphrase: Enter your encryption key.
   2. Select cipher: Enter 1 to select aes as the cipher.
   3. Select key bytes: Enter 2 to select 32 as the key bytes.
   4. Enable plaintext passthrough: Enter n to disable this option.
   5. Enable filename encryption: Enter y to enable this option.
   6. Filename Encryption Key (FNEK) Signature: Enter your FNEK value from Step 3.
   7. After entering your FNEK value, you will see an output similar to the following:
      Attempting to mount with the following options:
ecryptfs_unlink_sigs
ecryptfs_fnek_sig=e4e4e8a3ca7d5d54
ecryptfs_key_bytes=32
ecryptfs_cipher=aes
ecryptfs_sig=79d78a9afb5ebc95

WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt], it looks like you have never mounted with this key before. This could mean that you have typed your passphrase wrong.
      The warning message is just a reminder. If you have checked that your encryption key is correct, you can safely ignore this warning and proceed.
   8. Would you like to proceed with the mount: Enter y to agree to proceed with the mount.
   9. Would you like to append sig … in order to avoid this warning in the future: Enter n to continue.
   10. If the mount is successful, you will see the following output:
       Mounted eCryptfs