Thank you again, Stephan; all is resolved after re-importing the certificates
one more time.
-Antoine
> On Jan 15, 2024, at 4:19 AM, Stephan Bienek <stephan....@bienek.org> wrote:
>
> Hello Antoine,
>
> we had exactly the same issue.
>
> Re-uploading and re-applying all certificates according to the documentation
> solved the issue, they were lost during the update.
>
> Best regards,
> Stephan
>
>> Antoine Boucher <antoi...@haltondc.com> hat am 15.01.2024 06:32 CET
>> geschrieben:
>>
>>
>> Hello,
>>
>> The console access now fails on KVM hosts after upgrading from ACS 4.17.2 to
>> ACS 4.18.1
>> The console has been working flawlessly on 4.17.2 with SSL and
>> www-xxx-yyy-zzz.domain.com configuration.
>> I see some authentication and loading resource issues in the following Proxy
>> logs. Everything else works well, including the console access on Xen hosts.
>>
>> The firewall on the host is disabled, times are synced, the management
>> server is using the local time zone, and the KVM hosts are using UTC.
>>
>> What am I missing?
>>
>> Regards,
>> Antoine
>>
>>
>> Note: The KVM host IP has been changed to 10.xx.xx.xx
>>
>>
>> MANAGEMENT SERVER LOGS
>>
>> 2024-01-14 23:57:20,027 DEBUG [c.c.a.m.AgentManagerImpl]
>> (AgentManager-Handler-4:null) (logid:) SeqA 104-3099: Processing Seq
>> 104-3099: { Cmd , MgmtId: -1, via: 104, Ver: v1, Flags: 11,
>> [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":"493","_loadInfo":"{
>> "connections": [],
>> "removedSessions": []
>> }","wait":"0","bypassHostMaintenance":"false"}}] }
>> 2024-01-14 23:57:20,032 DEBUG [c.c.a.m.AgentManagerImpl]
>> (AgentManager-Handler-4:null) (logid:) SeqA 104-3099: Sending Seq 104-3099:
>> { Ans: , MgmtId: 130593671224, via: 104, Ver: v1, Flags: 100010,
>> [{"com.cloud.agent.api.AgentControlAnswer":{"result":"true","wait":"0","bypassHostMaintenance":"false"}}]
>> }
>> 2024-01-14 23:57:21,363 DEBUG [c.c.a.m.AgentManagerImpl]
>> (AgentManager-Handler-5:null) (logid:) SeqA 102-2964: Processing Seq
>> 102-2964: { Cmd , MgmtId: -1, via: 102, Ver: v1, Flags: 11,
>> [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":"488","_loadInfo":"{
>> "connections": [],
>> "removedSessions": []
>> }","wait":"0","bypassHostMaintenance":"false"}}] }
>> 2024-01-14 23:57:21,367 DEBUG [c.c.a.m.AgentManagerImpl]
>> (AgentManager-Handler-5:null) (logid:) SeqA 102-2964: Sending Seq 102-2964:
>> { Ans: , MgmtId: 130593671224, via: 102, Ver: v1, Flags: 100010,
>> [{"com.cloud.agent.api.AgentControlAnswer":{"result":"true","wait":"0","bypassHostMaintenance":"false"}}]
>> }
>> 2024-01-14 23:57:23,558 DEBUG [c.c.a.ApiServlet]
>> (qtp279593458-695:ctx-2e31e696) (logid:a3f76229) ===START=== 104.28.133.19
>> -- GET
>> virtualmachineid=bca11a2a-f642-4ded-a8d8-809a046de56b&command=createConsoleEndpoint&response=json
>> 2024-01-14 23:57:23,559 DEBUG [c.c.a.ApiServlet]
>> (qtp279593458-695:ctx-2e31e696) (logid:a3f76229) Two factor authentication
>> is already verified for the user 2, so skipping
>> 2024-01-14 23:57:23,574 DEBUG [c.c.a.ApiServer]
>> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) CIDRs from
>> which account 'Account
>> [{"accountName":"admin","id":2,"uuid":"2cee75f9-8bc4-11ec-9c43-001e67fd4838"}]'
>> is allowed to perform API calls: 0.0.0.0/0,::/0
>> 2024-01-14 23:57:23,579 INFO [o.a.c.a.DynamicRoleBasedAPIAccessChecker]
>> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Account
>> [Account
>> [{"accountName":"admin","id":2,"uuid":"2cee75f9-8bc4-11ec-9c43-001e67fd4838"}]]
>> is Root Admin or Domain Admin, all APIs are allowed.
>> 2024-01-14 23:57:23,581 WARN [o.a.c.a.ProjectRoleBasedApiAccessChecker]
>> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Project is
>> null, ProjectRoleBasedApiAccessChecker only applies to projects, returning
>> API [createConsoleEndpoint] for user [User
>> {"username":"admin","uuid":"2cefb708-8bc4-11ec-9c43-001e67fd4838"}.] as
>> allowed.
>> 2024-01-14 23:57:23,591 WARN [c.c.a.d.ParamGenericValidationWorker]
>> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Received
>> unknown parameters for command createConsoleEndpoint. Unknown parameters :
>> client-inet-address
>> 2024-01-14 23:57:23,607 DEBUG [c.c.c.ConsoleProxyManagerImpl]
>> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Assign
>> previous allocated console proxy for user vm : 59
>> 2024-01-14 23:57:23,614 DEBUG [c.c.a.t.Request]
>> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Seq
>> 59-4686558362232422593: Sending { Cmd , MgmtId: 130593671224, via:
>> 59(cs-kvm01), Ver: v1, Flags: 100011,
>> [{"com.cloud.agent.api.GetVncPortCommand":{"id":"59","name":"i-11-59-VM","wait":"0","bypassHostMaintenance":"false"}}]
>> }
>> 2024-01-14 23:57:23,679 DEBUG [c.c.a.t.Request]
>> (AgentManager-Handler-7:null) (logid:) Seq 59-4686558362232422593:
>> Processing: { Ans: , MgmtId: 130593671224, via: 59, Ver: v1, Flags: 10,
>> [{"com.cloud.agent.api.GetVncPortAnswer":{"address":"10.xxx.xxx.xxx","port":"5905","result":"true","wait":"0","bypassHostMaintenance":"false"}}]
>> }
>> 2024-01-14 23:57:23,680 DEBUG [c.c.a.t.Request]
>> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Seq
>> 59-4686558362232422593: Received: { Ans: , MgmtId: 130593671224, via:
>> 59(cs-kvm01), Ver: v1, Flags: 10, { GetVncPortAnswer } }
>> 2024-01-14 23:57:23,680 INFO [o.a.c.c.ConsoleAccessManagerImpl]
>> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Parse host
>> info returned from executing GetVNCPortCommand. host info: 10.xxx.xxx.xxx
>> 2024-01-14 23:57:23,769 DEBUG [c.c.c.ConsoleProxyManagerImpl]
>> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Assign
>> previous allocated console proxy for user vm : 59
>> 2024-01-14 23:57:23,774 DEBUG [c.c.a.t.Request]
>> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Seq
>> 102-5612892510587191300: Sending { Cmd , MgmtId: 130593671224, via:
>> 102(v-488-VM), Ver: v1, Flags: 100011,
>> [{"com.cloud.agent.api.proxy.AllowConsoleAccessCommand":{"sessionUuid":"d7e6f73b-230a-43b7-95dc-dfc20c2f8992","wait":"0","bypassHostMaintenance":"false"}}]
>> }
>> 2024-01-14 23:57:23,817 DEBUG [c.c.a.t.Request]
>> (AgentManager-Handler-13:null) (logid:) Seq 102-5612892510587191300:
>> Processing: { Ans: , MgmtId: 130593671224, via: 102, Ver: v1, Flags: 10,
>> [{"com.cloud.agent.api.Answer":{"result":"true","wait":"0","bypassHostMaintenance":"false"}}]
>> }
>> 2024-01-14 23:57:23,817 DEBUG [c.c.a.t.Request]
>> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Seq
>> 102-5612892510587191300: Received: { Ans: , MgmtId: 130593671224, via:
>> 102(v-488-VM), Ver: v1, Flags: 10, { Answer } }
>> 2024-01-14 23:57:23,829 DEBUG [c.c.c.ConsoleProxyManagerImpl]
>> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) Assign
>> previous allocated console proxy for user vm : 59
>> 2024-01-14 23:57:23,833 DEBUG [c.c.a.ApiServlet]
>> (qtp279593458-695:ctx-2e31e696 ctx-ced9fb8e) (logid:a3f76229) ===END===
>> 104.28.133.19 -- GET
>> virtualmachineid=bca11a2a-f642-4ded-a8d8-809a046de56b&command=createConsoleEndpoint&response=json
>> 2024-01-14 23:57:24,738 DEBUG [c.c.a.m.AgentManagerImpl]
>> (AgentManager-Handler-15:null) (logid:) SeqA 102-2965: Processing Seq
>> 102-2965: { Cmd , MgmtId: -1, via: 102, Ver: v1, Flags: 11,
>> [{"com.cloud.agent.api.ConsoleAccessAuthenticationCommand":{"_host":"10.xxx.xxx.xxx","_port":"5905","_vmId":"bca11a2a-f642-4ded-a8d8-809a046de56b","_sid":"UysC5FUxYMMtUvYBlzJLSQ","_ticket":"4ywKfs2GYjKVD+CkRYFseKlsBVJwGdfWWlDN/Vp3llos2plRn2Ek4lxkOgMzMkmuhcBTk998OE3j9n7/S7yUpw==","sessionUuid":"d7e6f73b-230a-43b7-95dc-dfc20c2f8992","_isReauthenticating":"false","wait":"0","bypassHostMaintenance":"false"}}]
>> }
>> 2024-01-14 23:57:24,740 DEBUG [c.c.c.AgentHookBase]
>> (AgentManager-Handler-15:null) (logid:) Console authentication. Ticket in
>> url for 10.xxx.xxx.xxx:5905-bca11a2a-f642-4ded-a8d8-809a046de56b is
>> 4ywKfs2GYjKVD+CkRYFseKlsBVJwGdfWWlDN/Vp3llos2plRn2Ek4lxkOgMzMkmuhcBTk998OE3j9n7/S7yUpw==
>> 2024-01-14 23:57:24,741 DEBUG [c.c.c.AgentHookBase]
>> (AgentManager-Handler-15:null) (logid:) Console authentication. Ticket in 1
>> minute boundary for 10.xxx.xxx.xxx:5905-bca11a2a-f642-4ded-a8d8-809a046de56b
>> is
>> 4ywKfs2GYjKVD+CkRYFseKlsBVJwGdfWWlDN/Vp3llos2plRn2Ek4lxkOgMzMkmuhcBTk998OE3j9n7/S7yUpw==
>> 2024-01-14 23:57:24,744 DEBUG [c.c.c.AgentHookBase]
>> (AgentManager-Handler-15:null) (logid:) Acquiring session
>> [d7e6f73b-230a-43b7-95dc-dfc20c2f8992] as it was just used.
>> 2024-01-14 23:57:24,761 DEBUG [c.c.a.m.AgentManagerImpl]
>> (AgentManager-Handler-15:null) (logid:) SeqA 102-2965: Sending Seq 102-2965:
>> { Ans: , MgmtId: 130593671224, via: 102, Ver: v1, Flags: 100010,
>> [{"com.cloud.agent.api.ConsoleAccessAuthenticationAnswer":{"_success":"true","_isReauthenticating":"false","_port":"0","result":"true","wait":"0","bypassHostMaintenance":"false"}}]
>> }
>> 2024-01-14 23:57:24,850 DEBUG [c.c.a.m.AgentManagerImpl]
>> (AgentManager-Handler-6:null) (logid:) SeqA 102-2966: Processing Seq
>> 102-2966: { Cmd , MgmtId: -1, via: 102, Ver: v1, Flags: 11,
>> [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":"488","_loadInfo":"{
>> "connections": [
>> {
>> "id": 13,
>> "clientInfo": "",
>> "host": "10.xxx.xxx.xxx",
>> "port": 5905,
>> "tag": "bca11a2a-f642-4ded-a8d8-809a046de56b",
>> "createTime": 1705294644803,
>> "lastUsedTime": 1705294644803,
>> "sessionUuid": "d7e6f73b-230a-43b7-95dc-dfc20c2f8992"
>> }
>> ]
>> }","wait":"0","bypassHostMaintenance":"false"}}] }
>> 2024-01-14 23:57:24,855 DEBUG [c.c.a.m.AgentManagerImpl]
>> (AgentManager-Handler-6:null) (logid:) SeqA 102-2966: Sending Seq 102-2966:
>> { Ans: , MgmtId: 130593671224, via: 102, Ver: v1, Flags: 100010,
>> [{"com.cloud.agent.api.AgentControlAnswer":{"result":"true","wait":"0","bypassHostMaintenance":"false"}}]
>> }
>> 2024-01-14 23:57:30,026 DEBUG [c.c.a.m.AgentManagerImpl]
>> (AgentManager-Handler-14:null) (logid:) SeqA 104-3100: Processing Seq
>> 104-3100: { Cmd , MgmtId: -1, via: 104, Ver: v1, Flags: 11,
>> [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":"493","_loadInfo":"{
>> "connections": [],
>> "removedSessions": []
>> }","wait":"0","bypassHostMaintenance":"false"}}] }
>> 2024-01-14 23:57:30,030 DEBUG [c.c.a.m.AgentManagerImpl]
>> (AgentManager-Handler-14:null) (logid:) SeqA 104-3100: Sending Seq 104-3100:
>> { Ans: , MgmtId: 130593671224, via: 104, Ver: v1, Flags: 100010,
>> [{"com.cloud.agent.api.AgentControlAnswer":{"result":"true","wait":"0","bypassHostMaintenance":"false"}}]
>> }
>> 2024-01-14 23:57:31,364 DEBUG [c.c.a.m.AgentManagerImpl]
>> (AgentManager-Handler-12:null) (logid:) SeqA 102-2967: Processing Seq
>> 102-2967: { Cmd , MgmtId: -1, via: 102, Ver: v1, Flags: 11,
>> [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":"488","_loadInfo":"{
>> "connections": [
>> {
>> "id": 13,
>> "clientInfo": "",
>> "host": "10.xxx.xxx.xxx",
>> "port": 5905,
>> "tag": "bca11a2a-f642-4ded-a8d8-809a046de56b",
>> "createTime": 1705294644803,
>> "lastUsedTime": 1705294644803,
>> "sessionUuid": "d7e6f73b-230a-43b7-95dc-dfc20c2f8992"
>> }
>> ],
>> "removedSessions": []
>> }","wait":"0","bypassHostMaintenance":"false"}}] }
>> 2024-01-14 23:57:31,368 DEBUG [c.c.a.m.AgentManagerImpl]
>> (AgentManager-Handler-12:null) (logid:) SeqA 102-2967: Sending Seq 102-2967:
>> { Ans: , MgmtId: 130593671224, via: 102, Ver: v1, Flags: 100010,
>> [{"com.cloud.agent.api.AgentControlAnswer":{"result":"true","wait":"0","bypassHostMaintenance":"false"}}]
>> }
>>
>>
>>
>> CONSOLE PROXY LOGS
>>
>> 2024-01-15 04:57:24,497 INFO
>> [cloud.consoleproxy.ConsoleProxyResourceHandler] (Thread-175:null) Get
>> resource request for /resource/noVNC/vnc.html
>> 2024-01-15 04:57:24,506 INFO
>> [cloud.consoleproxy.ConsoleProxyResourceHandler] (Thread-175:null) Sent file
>> /resource/noVNC/vnc.html with content type text/html
>> 2024-01-15 04:57:24,630 INFO
>> [cloud.consoleproxy.ConsoleProxyResourceHandler] (Thread-176:null) Get
>> resource request for /resource/noVNC/app/sounds/bell.mp3
>> 2024-01-15 04:57:24,635 INFO
>> [cloud.consoleproxy.ConsoleProxyResourceHandler] (Thread-176:null) Sent file
>> /resource/noVNC/app/sounds/bell.mp3 with content type
>> application/octet-stream
>> 2024-01-15 04:57:24,735 INFO [cloud.consoleproxy.ConsoleProxyNoVNCHandler]
>> (qtp1640959236-39:null) Get websocket connection request from remote IP :
>> 104.28.133.19
>> 2024-01-15 04:57:24,810 INFO [cloud.consoleproxy.ConsoleProxyNoVncClient]
>> (Thread-177:null) Connect to VNC server directly. host: 10.xxx.xxx.xxx,
>> port: 5905
>> 2024-01-15 04:57:24,815 INFO [consoleproxy.vnc.NoVncClient]
>> (Thread-177:null) Connecting to VNC server 10.xxx.xxx.xxx:5905 ...
>> 2024-01-15 04:57:25,028 INFO [vnc.security.VncAuthSecurity]
>> (Thread-177:null) VNC server requires password authentication
>> 2024-01-15 04:57:25,041 INFO [vnc.security.VncAuthSecurity]
>> (Thread-177:null) Finished VNCAuth security
>>
>>
>>
>>
>> Antoine Boucher
