XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Xen Orchestra cannot connect to XCP-ng Host

    Scheduled Pinned Locked Moved Solved Management
    9 Posts 2 Posters 2.2k Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      darabontors
      last edited by

      Dear community,

      I have a strange connection problem. I have the following situation:
      I need to install XCP-ng with DHCP assigned IP address so that I can connect it to my Xen Orchestra. I can connect to the host with this DHCP IP address. After I finish setting up my XCP-ng from Xen Orchestra, I need to give the host a new IP for management. A static IP, on a VLAN network.

      After the IP change, I could connect to the host with this new IP. After moving the host to a different location, suddenly there is an unspecified connection error while connecting to the host. This problem is only between Xen Orchestra and the host. I can connect with XCP-ng Center to the host, no problem. All networking works as should.

      I mention that when I changed the IP of the host, I also changed the root password.

      I suspect it is a certificate issue. It is the self signed certificate that XCP-ng generated during installation.

      The host is not exposed to the public internet. I use a VPN to connect it to Xen Orchestra.

      I'm using Xen Orchestra from the sources.

      Please help me fix this issue. This is a remote host and I already reinstalled XCP-ng, but the issue came back.

      1 Reply Last reply Reply Quote 0
      • DanpD Offline
        Danp Pro Support Team
        last edited by

        Did you set the proxy address for the new IP under Settings > Servers?

        D 1 Reply Last reply Reply Quote 0
        • D Offline
          darabontors @Danp
          last edited by darabontors

          @Danp Thanks for responding.
          I dont't use a HTTP proxy. I do have ping from Xen Orchestra to the host and from the host to the Xen Orchestra.

          I did get this error message in the logs:

          server.enable
          {
          "id": "XXXXXXXXXXXXX"
          }
          {
          "originalUrl": "https://X.X.X.X/jsonrpc",
          "url": "https://X.X.X.X/jsonrpc",
          "call": {
          "method": "session.login_with_password",
          "params": "* obfuscated *"
          },
          "message": "408 Request Timeout",
          "name": "Error",
          "stack": "Error: 408 Request Timeout
          at Object.assertSuccess (/opt/xen-orchestra/node_modules/http-request-plus/index.js:162:19)
          at httpRequestPlus (/opt/xen-orchestra/node_modules/http-request-plus/index.js:217:22)
          at file:///opt/xen-orchestra/packages/xen-api/transports/json-rpc.mjs:13:17"
          }

          I can connect via XCP-ng Center to the host, no problem. It's just Xen Orchestra that can't connect.

          1 Reply Last reply Reply Quote 0
          • DanpD Offline
            Danp Pro Support Team
            last edited by

            It makes sense to me that it works with software running on your local workstation that is configured to use the VPN.

            Is XO running as a VM on a different host? If so, how does it know to use the VPN?

            D 1 Reply Last reply Reply Quote 0
            • D Offline
              darabontors @Danp
              last edited by darabontors

              @Danp
              The is WireGuard site to site VPN set up. If ping works from inside the VM hosting Xen Orchestra how can Xen Orchestra have no access?

              I am almost sure it is a certificate issue of some kind. I would like to generate a new certificate or somehow make Xen Orchestra ignore the certificate. I think XCP-ng Center ignores it by default, that is why it works from XCP-ng Center.

              What do you thing?

              1 Reply Last reply Reply Quote 0
              • DanpD Offline
                Danp Pro Support Team
                last edited by

                Are you using the Unauthorized Certificates option on the Servers tab?

                D 1 Reply Last reply Reply Quote 0
                • D Offline
                  darabontors @Danp
                  last edited by

                  Yes.

                  1 Reply Last reply Reply Quote 0
                  • DanpD Offline
                    Danp Pro Support Team
                    last edited by

                    Make sure your XO is up-to-date. You could also test using XOA to see if the problem also exists there.

                    1 Reply Last reply Reply Quote 0
                    • D Offline
                      darabontors
                      last edited by

                      I found the problem.
                      I am using OPNsense and forgot to disable TX checksum offloading. Very interesting that this checksum offloading caused catastrophic network disruptions on a Realtek nic, but no noticeable performance hit on Intel nics. This was an old host that featured a Realtek card. All my recent hosts that I use have only Intel nics. That is why I forgot about the whole offloading thing.

                      Thanks for the tips.

                      Best wishes to the whole community!

                      1 Reply Last reply Reply Quote 1
                      • DanpD Danp marked this topic as a question on
                      • DanpD Danp has marked this topic as solved on
                      • First post
                        Last post