@stormi I really appreciate the continued help. I'm not sure it works. On my single-host pool master—the one I want to join into my half-upgraded pool—I run the command: xe host-emergency-disable-tls-verification It returns with no errors. If I do xe host-param-list and look through the parameters for my host, I see: tls-verification-enabled ( RO): false This is the only thing I see documented that can turn off TLS verification. If some other command like pool-uninstall-ca-certificate would have the effect of disabling TLS verification, I can't see that documented anywhere. In fact, even though xe pool-uninstall-ca-certificate appears to be a valid command that my xe binary knows about, I can't find that particular command documented at all. Even after the emergency-disable-tls-verification, if I attempt to join that host to the half-upgraded pool (using xe pool-join...) I get: Error code: POOL_JOINING_HOST_TLS_VERIFICATION_MISMATCH It seems like even though the host has TLS verification off, the fact that its pool has verification enabled is blocking the action.

Feel free to create a trial on an XOA, test stable and latest and tell us. It might be also related to your environment, but if it works at some commit and not later, it's weird. @florent & @bastien-nollet maybe?

Great! Keep us posted

@Greg_E said in XCP-ng Windows PV tools announcements: Just wanted to add a comment: Thanks for continuing to release the drivers in an ISO. I was having some slowness with the 9.0.9 versions that are currently included with XCP-ng, this is a new Windows 11 25h2 that I'm working with to prototype a workflow in my lab. I just grabbed the 9.1.x ISO from Github and copied it to my ISO SR and installed. There seems to be a slight performance increase in this Win11 VM. That said, 25h2 is horribly bloated with junk, so much so that I think I'm going to need to strip a bunch out before I put this version into production. This might be a condition for MicroWin customization. Or maybe add a couple of things to the LTSC version (we have licensing for this at work). Download the full Windows 11 ISO then use Microsoft Windows ADK. To customise, strip down unwanted parts, including appx provision packages and slipstream in drivers and/or msi installers. If your using a high enough edition of Windows 11 version 25H2 don’t forget the new GroupPolicy option to remove default packages!

It won't disappear tomorrow, but I'd like to phase it out sooner than later (before 2027? who knows)

hardware_report_2025-12-12_17-20-47.txt lspci.txt mlx.txt pci.txt Diagnostic logs

@ovicz Yes, it's loaded lsmod | grep i915 i915 5373952 0 i2c_algo_bit 20480 2 xe,i915 drm_buddy 32768 2 xe,i915 video 81920 2 xe,i915 ttm 135168 3 drm_ttm_helper,xe,i915 drm_display_helper 331776 2 xe,i915 cec 106496 3 drm_display_helper,xe,i915 dmesg starts the same as your output, the only difference is that I have GuC disabled. dmesg | grep i915 [ 1.609000] i915 0000:00:08.0: [drm] Found alderlake_s (device ID 4690) integrated display version 12.00 stepping C0 [ 1.609986] i915 0000:00:08.0: [drm] VT-d active for gfx access [ 1.610073] i915 0000:00:08.0: [drm] Using Transparent Hugepages [ 1.611342] i915 0000:00:08.0: Invalid PCI ROM header signature: expecting 0xaa55, got 0x4556 [ 1.611345] i915 0000:00:08.0: [drm] Failed to find VBIOS tables (VBT) [ 1.612136] i915 0000:00:08.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 1.614455] i915 0000:00:08.0: [drm] Finished loading DMC firmware i915/adls_dmc_ver2_01.bin (v2.1) [ 3.583673] i915 0000:00:08.0: [drm] [ENCODER:261:DDI A/PHY A] failed to retrieve link info, disabling eDP [ 3.605422] i915 0000:00:08.0: [drm] GT0: GuC firmware i915/tgl_guc_70.bin version 70.49.4 [ 3.605426] i915 0000:00:08.0: [drm] GT0: HuC firmware i915/tgl_huc.bin version 7.9.3 [ 3.615402] i915 0000:00:08.0: [drm] GT0: HuC: authenticated for all workloads [ 3.615410] i915 0000:00:08.0: [drm] GT0: GUC: submission disabled [ 3.615414] i915 0000:00:08.0: [drm] GT0: GUC: SLPC disabled [ 3.616508] i915 0000:00:08.0: [drm] Protected Xe Path (PXP) protected content support initialized [ 3.617330] i915 0000:00:08.0: [drm] Registered 4 planes with drm panic [ 3.617354] [drm] Initialized i915 1.6.0 for 0000:00:08.0 on minor 1 [ 3.627390] i915 0000:00:08.0: [drm] Cannot find any crtc or sizes [ 3.637349] i915 0000:00:08.0: [drm] Cannot find any crtc or sizes [ 3.657358] i915 0000:00:08.0: [drm] Cannot find any crtc or sizes Having edited /etc/modprobe.d/i915.conf by adding options i915 enable_guc=3 enable_huc=1 fixed the GuC part as well, however I still have the same issue. Cannot find any crtc or sizes is the only part which is not in your output. /etc/default/grub is clean, I don't have NOMODESET: cat /etc/default/grub GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="rd.lvm.lv=fedora/root rhgb quiet" GRUB_DISABLE_RECOVERY="true"

@MathieuRA The context for my question is I created an app to control my VMs and though my app said a VM started it really didn't. When I went into the logs I noticed an error, so my thought is to be able to check the logs would be helpful to find out if there is an error or not. Let me update my app because I'm thinking I can get around not having access to the logs. Thank you for the prompt response! Have a blessed day!

In other words, you can safely remove them.

@denis.grilli really big news, I need to have XO STOR working Thanks for your problems and support correting them

okay weird. Let's see if there's other reports then

Thanks Olivier! That is what we assumed, but with how the 3 hosts per pool was in there under the essentials licenses it was up for debate

But giving your feedback on how you solved it might help many people in the future Thanks!

@Forza you will have to switch to LATEST to profit from end month release STABLE is one version behind LATEST both are production ready.

The installer is built. We are testing it, then we will be able to provide it to you so you can test it in turn.

It's not meant to be used like that. If you are behind a NAT, the right approach is to have your XOA behind the NAT and inside the same network than the hosts. That's because hosts will always use and return their internal IPs to connect to some resources (stats, consoles etc.). XOA deals with that easily as being the "main control point" for all hosts behind your NAT (or a XO proxy if you prefer).

The roadmap depends a lot on the feedback we have on it More demand/popular, faster we'll implement stuff

Ok I've figured out root cause. My config override has only one option: ignoreVmSnapshotResources = true And I had to change it with adding [selfService] on a line below Also I found out that override config for XO5 interface needs to have absolute paths to xo-web and @XenOrchestra in it. With relative paths it didn't work.