HI Andrei, I will share my setup, ACS 4.8 though - we also had "similar" issue from 4.5 going forward to 4.8 - there was some settings that needed to be on (for whatever reason), hope this will help
consoleproxy.url.domain *.consoleproxy.net (yes we did buy that one :D ) secstorage.ssl.cert.domain *.consoleproxy.net secstorage.encrypt.copy true (I believe it was this one change required !) (Sorry if this was not helpful, I know you are fighting with 4.11) Anyhow, I would suggest examining keystore DB for the records, to see if they are still correct and in correct sequence - since you say that CPVM is not listening on 443 - seems like SSL chain issue maybe. Cheers On Mon, 9 Jul 2018 at 18:23, Andrei Mikhailovsky <and...@arhont.com.invalid> wrote: > Hi Ivan, > > I have recreated the CPVM, but that didn't help. The SSL cert + chain has > been uploaded a few years ago and was working just fine up to the upgrade > to 4.11.1.0. > > So, the issue must be somewhere else I guess. > > Andrei > > ----- Original Message ----- > > From: "Ivan Kudryavtsev" <kudryavtsev...@bw-sw.com> > > To: "users" <users@cloudstack.apache.org> > > Sent: Monday, 9 July, 2018 17:13:42 > > Subject: Re: Broken guest vm consoles after upgrading to 4.11.1.0 > > > Try recreatin CPVM, it worked for me. I haven't met such problem with > wrong > > ports... Have you uploaded SSL chain to ACS? > > > > пн, 9 июл. 2018 г., 23:05 Andrei Mikhailovsky <and...@arhont.com.invalid > >: > > > >> Ivan, thanks. > >> > >> I have found this option and changed from the default False value to > True. > >> Restarted the management server and the CPVM. I can now see that the > >> generated link has changed to the IP address + domain (inf the form of > >> x-x-x-x.domain.com). However, this did not solve the problem as it is > >> trying to connect over port 443. The CPVM is not listening on that port, > >> only on port 80. So, it is not really helping me. > >> > >> Andrei > >> > >> ----- Original Message ----- > >> > From: "Ivan Kudryavtsev" <kudryavtsev...@bw-sw.com> > >> > To: "users" <users@cloudstack.apache.org> > >> > Sent: Monday, 9 July, 2018 11:40:07 > >> > Subject: Re: Broken guest vm consoles after upgrading to 4.11.1.0 > >> > >> > Hey, Andrei. There is a parameter ib global vars about SSL and CPVM > which > >> > fixes it. Don't remember the name, but met it as well as you. I > suppose > >> > it's a bug. > >> > > >> > пн, 9 июл. 2018 г., 17:35 Andrei Mikhailovsky > <and...@arhont.com.invalid > >> >: > >> > > >> >> Hello everyone, > >> >> > >> >> I have upgraded ACS from 4.11.0.0 to 4.11.1.0 over the weekend and > have > >> >> noticed that after performing all the usual stuff, like upgrading > >> virtual > >> >> routers and recreating console proxy / ssvm I have lost access to > the vm > >> >> consoles (both guest vms and system vms). I have performed the > creation > >> of > >> >> host keys by clicking the button in ACS Gui. All hosts seems to have > >> done > >> >> this successfully with the Status changing from Unsecure to Up. The > >> console > >> >> access worked just fine prior to 4.11.1.0 upgrade. > >> >> > >> >> When I click on the Console button, a new browser window pops up. The > >> page > >> >> is empty. Inspecting the source I get the following (modified a bit > to > >> save > >> >> space and replaced the domain name): > >> >> > >> >> > >> >> > >> >> <html><title>VM-Name</title><frameset><frame > >> >> src="http://*.DOMAIN.com/ajax?token=qxXZQlpCi7xa-o8XgJM6Z_fb<MORE > >> >> STUFF HERE>“></frame></frameset></html> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> Looking at the above, it is obvious that the *.DOMAIN.com is not > valid. > >> If > >> >> I copy the URL and change the *.DOMAIN.com to the public IP address > of > >> the > >> >> console proxy, I get access to the console just fine. > >> >> > >> >> Cheers > >> >> > >> >> > >> >> > -- Andrija Panić
