RE: Excluding a VM from health checks

I make it the other way, I add a tag for the VM I want a health check to happen, and no tag if I don't want a health check.

Then, in the backup's schedule, I add my tag:

Have you enabled uefi and secure boot for that VM (in the Advanced Tab)?

I'm gonna try the same and will let you know.

@olivierlambert
Yes, confusing, indeed
I just now restarted XO and the toolstack one more time to be sure. Yesterday, it was OK at the beginning but the issue reappeared after a few hours.
I'll let you know ASAP.

@olivierlambert
I mean if use commit 0ccfd4b, there is no issue, if I use a more recent one, like the latest 583c7, the issue is appearing.

@14wkinnersley
That issue is definitely coming from XO from source, it does not appear with XOA.

I revert my XO to commit 0ccfd4b and now everything is back to normal.

I don't know if our issue is also related to self-signed cert, but there's been other issues with latest commit of XO, we should stick to that version until a solution is implemented.

Same issue on my host, with commit 8e5d9.
I tried the health check, and it is stuck.
I do not see any error message, the log just says pending.

I tried a restore check with XOA 5.91.2, no issue on that side, only XO from source seems to be not working.

@MathieuRA
OK, thanks for the answer.

Looking forward for XO6

Thanks for the info and the faster than light answer ️

@pierrebrunet
Hello Pierre,

Sorry for that late response, but yes, latest version is working fine and has solved the issue.

Thanks for the fix.

It doesn't work in my case, even though the replicates have different MAC addresses

  "netboxError": [
    {
      "address": [
        "Duplicate IP address found in global table: xxx.xxx.xxx.xxx/xx"
      ]
    },
    {}

Have you done something appart from changing the MAC address?

Hello,

I just started to use Netbox and was really happy to see that there's a plugin for XenOrchestra.
I set it up and it's working as expected on the first sync.

On the next sync, it didn't succeed because of a duplicated IP address.
Indeed, my active XO instance is backed up with DR backup on different hosts.
That means of course that there are halted VM's having the same IP address as the active one.

Is there any way to avoid the sync of these DR VM to netbox? Perhaps with tagging?
Or some other workaround?

I already tried to add that IP address as a VIP address in Netbox, but the sync still fails.

Thanks,

@pierrebrunet
Hello Pierre,

Sorry for that late response, but yes, latest version is working fine and has solved the issue.

Thanks for the fix.

@pierrebrunet
XO from source, commit 1ee07 from today.

@pierrebrunet Just posted it above

@pierrebrunet

Hello,

I've updated the cert with signed assertion and response

I also tried with a brand new certificate.

Unfortunately, login is still failing.

From xo-server:

Oct 09 08:11:17 xo-ce xo-server[272092]: Error: SAML assertion audience mismatch. Expected: 1671ff50-10e1-4a02-a0c5-4ed298898281 Received: https://XO_DNS_RECORD/
Oct 09 08:11:17 xo-ce xo-server[272092]:     at /opt/xo/xo-builds/xen-orchestra-202510090759/node_modules/@node-saml/node-saml/src/saml.ts:1264:18
Oct 09 08:11:17 xo-ce xo-server[272092]:     at Array.map (<anonymous>)
Oct 09 08:11:17 xo-ce xo-server[272092]:     at SAML.checkAudienceValidityError (/opt/xo/xo-builds/xen-orchestra-202510090759/node_modules/@node-saml/node-saml/src/saml.ts:1259:8)
Oct 09 08:11:17 xo-ce xo-server[272092]:     at SAML.processValidlySignedAssertionAsync (/opt/xo/xo-builds/xen-orchestra-202510090759/node_modules/@node-saml/node-saml/src/saml.ts:1151:32)
Oct 09 08:11:17 xo-ce xo-server[272092]:     at SAML.validatePostResponseAsync (/opt/xo/xo-builds/xen-orchestra-202510090759/node_modules/@node-saml/node-saml/src/saml.ts:808:16)

And here is the plug-in configuration:

I'm not expert at all in SAML, sorry not being able to debug deeper.

Hello,

Has the saml-auth plugin updated recently ?

Using XOCE, commit c0065, it was working fine. Updating today to latest release, SAML authentication (Microsoft Entra ID), is not working anymore, I land on a page with a
'Internal server error' message.

Thanks,

@dant123
Old topic but thanks a lot for your first post, it was quite helpful for me to setup authentification with Microsoft Entra.

I just didn't get immediately that you also need to specify the callback URL in the XO plugin settings, not only in the enterprise application in the Microsoft portal.

My XO is behind a reverse proxy with a Let's Encrypt certificate, but it is also working with a self-signed certificate and a local DNS record.

@olivierlambert Might be worth an addendum in the official documentation with specific screenshots for Microsoft Entra?

Hello,

Indeed, disabling NBD for the delta backups, they are no more VDI attached to Dom0.

My upgrade path was from 8.2.1 stable to 8.3 using the ISO installation.

@Tristis-Oris
It seems that since updating to 8.3, I also have VDI attached to control domain I cannot delete, they appear after a backup.
The only solution to forget them is to a pool reboot.