RE: How do I/should I disable the local webserver

@stormi Thank you very much. I didn't even look at the directory name while I was troubleshooting. It was /var/disablweb.. missed an e. All set now.

Well.. unfortunately, that wasn't the only issue. The job that was scheduled for Friday night is still running and still receiving the CIFS error.

Still digging..

@olivierlambert said in Missing VMs from Restore:

Try to see after a new backup with this version We'll see then.

Thank you. I'll check it after tonight's run.

Well.. unfortunately, that wasn't the only issue. The job that was scheduled for Friday night is still running and still receiving the CIFS error.

Still digging..

Diving into the OS, I found that the Crowdstrike Sensor was eating up all of the memory. I disabled it and was able to do a backup.

I am setting up a new set of servers, and have created a SMB remote on Windows Server 2022. I have three backup jobs running through XO; one for pool metadata, one that runs twice a day, and one that runs nightly. They are all going to the same remote.

The one for the metadata works fine, every time.

The other two will run for a day or two, then "hang up" with Started as the last run detail. When I switch over to the console of the XO, I see "CIFS: VFS: No writable handle in writepages rc=-9". Also, memory is pegged at 32GB. If I reboot the XO, they seem to run for a day or two more, then start getting the error again. This last time, the backup job that backs up 6 VMs finished, and the one that backs up 5 VMs is stuck.

Any ideas? I am running the latest XO from source, on top of Ubuntu 24.04

@olivierlambert That seems to have fixed the issue. I can now see and utilize the nvme drive.

@olivierlambert Worth a try.. rebooting now.

Fresh install of XCP-NG 8.3. Trying to pass a NVMe drive through to a fresh install of Windows Server 2022. I started out with the Citrix drivers, which resulted in a blue screen. Uninstalled those, and installed the test drivers. I can now boot into Windows with the NVMe passthrough enabled. However, I can't see it. When I go into device manager, I see a status of "This device cannot start. (Code 10). {Operation Failed} The requested operation was unsuccessful."

I've checked to see if the Intel VDT (or whatever it is) is disabled, and it is. There are no Windows updates for the NVMe..

Any help would be appreciated.

@stormi Thank you very much. I didn't even look at the directory name while I was troubleshooting. It was /var/disablweb.. missed an e. All set now.

@stormi Thank you for the instructions. It works great on most of our servers, but on one of them, we can no longer connect via xo. It gives a connection refused (ECONNREFUSED). I commented out the line in the conf file, and restarted the toolstack, and it connected fine... uncommented, and it went back to the connection refused. Other servers at other sites all work fine. Just this one is giving fits.

@olivierlambert There is a login form to spin up an instance of XO.. not sure if something can be injected there... but that was another bullet point on their list as well... the password field doesn't have autocompletion turned off. Both are low priority items, and I know the autocompletion css tag doesn't work across the board with all browsers.

We've got several xcp-ng servers stood up, across many sites. We recently had a security audit, in which we granted the audit machine to various vlans which normally wouldn't be open, after they found no issues on on the 3 vlans that we gave them access to initially. On all of our xcp-ng hosts, they found an issue with the "x-frame-options" returned by the built in web server (see below). Since these servers are on segregated vlans, which aren't accessible by any hosts other than our own, I'm not super worried about it, but have been asked to investigate. Is there a way to disable the built in web server on all of the hosts? Is this what's used for xo to talk to the hosts?

From the auditors:
The remote web server does not set an X-Frame-Options response header or a Content-Security-Policy 'frame-ancestors' response header in all content responses. This could potentially expose the site to a clickjacking or UI redress attack, in which an attacker can trick a user into clicking an area of the vulnerable page that is different than what the user perceives the page to be. This can result in a user performing fraudulent or malicious transactions.