Hi @qwkcroc, Unfortunately there are no packages available for XCP-ng right now. The current work for Q35 support takes place on top of upstream versions of Xen and Qemu that are more recent than the ones ran by XCP-ng. Once upstreamed it will be possible to backport it (and we will do so of course) but it's not yet planned. Also, additionally to Xen and Qemu, there will be work needed on the XCP-ng toolstack before being able to enable Q35 support and PCIe device passthhroug. My work trees are available for both Xen and Qemu so if you feel adventurous enough you can give it a try. I was able to passthough an NVMe device to a VM using this kind of setup (with some hacks in Qemu though...). Regards, Thierry

@jivanpal We do not currently have any plans to support elliptic curve keys - this is a very sensitive topic given different governmental security requirements around the world. Note that Let's Encrypt recommends a dual setup for this exact reason: "Our recommendation is to serve a dual-cert config, offering an RSA certificate by default, and a (much smaller) ECDSA certificate to those clients that indicate support." (https://letsencrypt.org/docs/integration-guide/)

@iLix The sizing of the VM in XCP-NG was bigger compared to the source

Workaround found here https://xcp-ng.org/forum/post/94626 Seems like turning "Use NDB to transfer disk if available" switch ON and save backup job, then turn the switch OFF and save backup job again, will fix the issue. Thanks to @RobWhalley and have a nice day everyone.

@StephenAOINS This endpoint is not currently present in our REST API swagger, but we do plan to add it to the list of endpoints. We are currently finalizing the migration of existing endpoints, the next step will be adding new ones. We will keep you informed when it is available. Feel free to come back to us if you want to learn more and follow our blog posts. have a good day

@olivierlambert I agree, ping @thomas-dkmt

@gb.123 In XO on the "Advanced" tab for the VM I added the GPU devices by first adding them both as "Attached PCIs" near the bottom of the page. I also disabled the "VGA" option under "Xen Settings" and clicked the "+" next to "GPUs" and added the vGPU type "passthrough () 0x0" which was available on the drop-down list. I don't know if it matters or not, but I also set the "Static Max", "Dynamic Min", and "Dynamic Max" memory limits under "VM limits" to the total RAM size I allocated the VM.

This is normal, as the tasks endpoints are in the old REST API (undocumented by Swagger). We are gradually migrating to the new REST API to document all endpoints.

@Niall-Con Thank you! I'll take a look to that and will ping you to test on real hardware. Just need to find time (in the middle of storm right now), so it'll take one or two weeks most probably.

@uberiain said in XCP-ng Center 25.04 Released: Hi, with this modification on MainWindow.cs in private List<TabPage> GetNewTabPages() adding this at the end: This will add the tab back in XCP-ng Center but I don't think it works in XCP-ng 8.3. I just upgraded from 8.2.1 to 8.3 when I logged into XCP-ng Center I saw the error message Active Directory authorization is not available","Server 'xcp-ng-TEST' has failed to connect to the Active Directory server. INTERNAL_ERROR: [ Xapi_systemctl.Systemctl_fail(""INTERNAL_ERROR: [ Subprocess exited with unexpected code 1; stdout = [ ]; stderr = [ Job for winbind.service failed because the control process exited with error code. See \""systemctl status winbind.service\"" and \""journalctl -xe\"" for details.\n ] ]"") ]","xcp-ng-TEST","Jul 11, 2025 3:58 PM"," # systemctl status winbind.service winbind.service - Samba Winbind Daemon Loaded: loaded (/usr/lib/systemd/system/winbind.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Fri 2025-07-11 16:01:28 AEST; 3min 15s ago Docs: man:winbindd(8) man:samba(7) man:smb.conf(5) Main PID: 9593 (code=exited, status=1/FAILURE) Status: "Starting process..." I haven't figured out what to do yet. None of the users can log into XCP-ng Center using their Active Directory credentials and only root can log in. EDIT: Actually winbind wasn't even used in XCP-ng 8.2.1, I'm not sure why this service started up in 8.3. XCP-ng 8.2.1# systemctl status winbind.service ● winbind.service - Samba Winbind Daemon Loaded: loaded (/usr/lib/systemd/system/winbind.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: man:winbindd(8) man:samba(7) man:smb.conf(5) But I can see that windbind is used for XenServer 8.4 https://docs.xenserver.com/en-us/xenserver/8/users Anyone got suggestions on how to get AD authentication working with XCP-ng Center again? Or add users manaully? SOLUTION: What I found after following the steps in the in the XenServer page above is that if I disable AD Authentication then re-enable it then it will work. To Disable AD Authentication: xe pool-disable-external-auth Enable AD Authentication: xe pool-enable-external-auth auth-type=AD service-name=full-qualified-domain config:user=username config:pass=password Without the Users tab in XCP-ng Center, CLI command is needed to add or remove users. Refer to the XenServer page above. xe subject-add subject-name=entity_name

@olivierlambert Hmm. It may just be easier to do a restore and export. I tried doing a file restore of / but I get a Cannot GET error when trying to download the tgz. I don't see anything in the UI to indicate what the problem is or if it actually created the tgz.

@olivierlambert thanks! for the info @pdonias do you have any idea what could be wrong? cheers Ringo

@olivierlambert Tried this - XCPNG | ~/_scripts > netstat -tulpn | sed -n '1,2p;/5900\|80/p' Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:5900 0.0.0.0:* LISTEN 1741/vncterm tcp 0 0 0.0.0.0:10809 0.0.0.0:* LISTEN 2896/xapi-nbd tcp6 0 0 :::80 :::* LISTEN 2887/xapi udp 0 0 0.0.0.0:780 0.0.0.0:* 1029/rpcbind udp6 0 0 :::780 :::* 1029/rpcbind VNC on the XCPNg box is listening to 127.0.01 : 5900, may be - I should change this to listen to 0.0.0.0 ? Also, something to do with protocol used - the browser > inspect > network - seems to use ws:// protocol and receives a 101 - upgrade, should it have been vnc ? ( apologies if its a random guess rant here) -- Attached screenshot of browser console logs. FYI - 192.168.0.49:3000 - is where my XOA VM is running as a VM on XCP Ng (192.168.0.45) and the logs below is when the console for itself (i.e. same IP) [image: 1751716444788-selection_157.png]

@BSmithITGuy said in Ubuntu 22.04.5 custom template - additional steps missing from documentation: If you are trying to create an Ubuntu template and are having trouble on XCP-NG 8.3 (some or all probably applies to previous versions), keep reading. Very nice. Very thorough. This inspired me to share a relevant part of my cleanup script. Maybe it will be of some additional help to everyone: echo "Resetting machine ID..." > /etc/machine-id rm -f /etc/machine-info echo "Cleaning APT cache..." apt-get clean echo "Removing netplan configuration..." # Ubuntu < 24.04 rm -f /etc/netplan/00-installer-config.yaml # Ubuntu >= 24.04 rm -f /etc/netplan/50-cloud-init.yaml echo "Cloud-init cleanup..." if [[ -f "/etc/cloud/clean.d/99-installer" ]]; then chmod a-x /etc/cloud/clean.d/99-installer fi # Ubuntu < 24.04 rm -f /etc/cloud/cloud.cfg.d/99-installer.cfg /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg # Ubuntu >= 24.04 rm -f /etc/cloud/cloud.cfg.d/90-installer-network.cfg if [[ -x "$(command -v cloud-init)" ]]; then cloud-init clean --logs --seed else echo " No cloud-init detected. Skipping cloud-init cleanup!" fi echo "Removing SSH host keys..." find /etc/ssh/ -type f -name 'ssh_host_*' -delete The code is self explanatory but here are some additional tips: It's nice to do cleanup of APT cache. This will free up some space but also force the user to update APT cache on first run after VM has been provisioned. If APT cache is not cleaned, it will grow stale over time inside a template and, after some time, package installation in new VMs will start to break. Doing apt update before any package installation is good practice but people tend to easily forget it. This will force them to do it. Ubuntu installer relies on some cloud-init config for some first boot setup which has to be removed if cloud-init is to be used once again for provisioning VMs. You correctly identified these files for removal but there is a difference in Ubuntu older than 24.04 and Ubuntu 24.04 and newer. The reason I do chmod a-x /etc/cloud/clean.d/99-installer is to prevent cloud-init from removing /etc/cloud/ds-identify.cfg when doing cloud-init clean (default behavior). Because I override the default /etc/cloud/ds-identify.cfg, I don't want cloud-init clean to remove it. I remove all the other files explicitly. Additional note, /etc/cloud/clean.d/99-installer should not be removed. It should just be chmoded because it is part of the cloud-init package and will reappear on cloud-init package update. It's better to use cloud-init clean --logs --seed command to clean any runtime cloud-init leftovers and logs instead of removing them explicitly like rm -rf /var/lib/cloud/instance. SSH host keys should be removed so that they can be regenerated on first boot of newly provisioned VM. If you don't do it, all your VMs will have same host keys which could be considered as security issue.

@olivierlambert Thanks!

Hmm I'm not sure it's even possible due to the nature of isolation provided by Xen Let me ask @Team-Hypervisor-Kernel

See that as a positive experience: you have learned many things

Hello @ronan-a I will reproduce the case, i will re-destroy one hypervisor and retrigger the case. Thank you @ronan-a et @olivierlambert If you need me to tests some special case don't hesit, we have a pool dedicated for this

The initial reason we've chosen to create an "all-in-one" ISO image was to simplify further configuration of an automated installation with PXE / Answerfile. We tried driver disks before, though in our special case of mellanox-mlnxen-alt and hardware without any other NICs, I believe it always ends up requiring manual intervention. I haven't found a way to load the driver disk in the installer that is not connected to the network. I think, even though my approach requires a bit more effort, it can still prove useful in some cases.