Thanks Andrija, I will look into this tomorrow. Cheers
----- Original Message ----- > From: "Andrija Panic" <andrija.pa...@gmail.com> > To: "users" <users@cloudstack.apache.org> > Sent: Monday, 9 July, 2018 22:58:09 > Subject: Re: Broken guest vm consoles after upgrading to 4.11.1.0 > In 4.8 - to make sure you are NOT hitting the improper SSL chain build, > after the MGMT server restart, you could grep for following line in the > MGMT logs > > "Could not find and construct a valid SSL certificate" > > but in 4.11 (master) I can't find this by searching within the > repo...strange... > > > On Mon, 9 Jul 2018 at 23:35, Andrija Panic <andrija.pa...@gmail.com> wrote: > >> HI Andrei, >> >> I will share my setup, ACS 4.8 though - we also had "similar" issue from >> 4.5 going forward to 4.8 - there was some settings that needed to be on >> (for whatever reason), hope this will help >> >> consoleproxy.url.domain *.consoleproxy.net (yes we did buy that one >> :D ) >> secstorage.ssl.cert.domain *.consoleproxy.net >> secstorage.encrypt.copy true (I believe it was this one change >> required !) >> >> (Sorry if this was not helpful, I know you are fighting with 4.11) >> >> Anyhow, I would suggest examining keystore DB for the records, to see if >> they are still correct and in correct sequence - since you say that CPVM is >> not listening on 443 - seems like SSL chain issue maybe. >> >> Cheers >> >> >> >> >> >> On Mon, 9 Jul 2018 at 18:23, Andrei Mikhailovsky <and...@arhont.com.invalid> >> wrote: >> >>> Hi Ivan, >>> >>> I have recreated the CPVM, but that didn't help. The SSL cert + chain has >>> been uploaded a few years ago and was working just fine up to the upgrade >>> to 4.11.1.0. >>> >>> So, the issue must be somewhere else I guess. >>> >>> Andrei >>> >>> ----- Original Message ----- >>> > From: "Ivan Kudryavtsev" <kudryavtsev...@bw-sw.com> >>> > To: "users" <users@cloudstack.apache.org> >>> > Sent: Monday, 9 July, 2018 17:13:42 >>> > Subject: Re: Broken guest vm consoles after upgrading to 4.11.1.0 >>> >>> > Try recreatin CPVM, it worked for me. I haven't met such problem with >>> wrong >>> > ports... Have you uploaded SSL chain to ACS? >>> > >>> > пн, 9 июл. 2018 г., 23:05 Andrei Mikhailovsky <and...@arhont.com.invalid >>> >: >>> > >>> >> Ivan, thanks. >>> >> >>> >> I have found this option and changed from the default False value to >>> True. >>> >> Restarted the management server and the CPVM. I can now see that the >>> >> generated link has changed to the IP address + domain (inf the form of >>> >> x-x-x-x.domain.com). However, this did not solve the problem as it is >>> >> trying to connect over port 443. The CPVM is not listening on that >>> port, >>> >> only on port 80. So, it is not really helping me. >>> >> >>> >> Andrei >>> >> >>> >> ----- Original Message ----- >>> >> > From: "Ivan Kudryavtsev" <kudryavtsev...@bw-sw.com> >>> >> > To: "users" <users@cloudstack.apache.org> >>> >> > Sent: Monday, 9 July, 2018 11:40:07 >>> >> > Subject: Re: Broken guest vm consoles after upgrading to 4.11.1.0 >>> >> >>> >> > Hey, Andrei. There is a parameter ib global vars about SSL and CPVM >>> which >>> >> > fixes it. Don't remember the name, but met it as well as you. I >>> suppose >>> >> > it's a bug. >>> >> > >>> >> > пн, 9 июл. 2018 г., 17:35 Andrei Mikhailovsky >>> <and...@arhont.com.invalid >>> >> >: >>> >> > >>> >> >> Hello everyone, >>> >> >> >>> >> >> I have upgraded ACS from 4.11.0.0 to 4.11.1.0 over the weekend and >>> have >>> >> >> noticed that after performing all the usual stuff, like upgrading >>> >> virtual >>> >> >> routers and recreating console proxy / ssvm I have lost access to >>> the vm >>> >> >> consoles (both guest vms and system vms). I have performed the >>> creation >>> >> of >>> >> >> host keys by clicking the button in ACS Gui. All hosts seems to have >>> >> done >>> >> >> this successfully with the Status changing from Unsecure to Up. The >>> >> console >>> >> >> access worked just fine prior to 4.11.1.0 upgrade. >>> >> >> >>> >> >> When I click on the Console button, a new browser window pops up. >>> The >>> >> page >>> >> >> is empty. Inspecting the source I get the following (modified a bit >>> to >>> >> save >>> >> >> space and replaced the domain name): >>> >> >> >>> >> >> >>> >> >> >>> >> >> <html><title>VM-Name</title><frameset><frame >>> >> >> src="http://*.DOMAIN.com/ajax?token=qxXZQlpCi7xa-o8XgJM6Z_fb<MORE >>> >> >> STUFF HERE>“></frame></frameset></html> >>> >> >> >>> >> >> >>> >> >> >>> >> >> >>> >> >> >>> >> >> >>> >> >> Looking at the above, it is obvious that the *.DOMAIN.com is not >>> valid. >>> >> If >>> >> >> I copy the URL and change the *.DOMAIN.com to the public IP address >>> of >>> >> the >>> >> >> console proxy, I get access to the console just fine. >>> >> >> >>> >> >> Cheers >>> >> >> >>> >> >> >>> >> >> >>> >> >> >> -- >> >> Andrija Panić >> > > > -- > > Andrija Panić