@Greg_E said in XCP-ng Windows PV tools announcements: @john.c I'll have to update group policy and check that out, would be a time saver. Everything I use is an Enterprise level of some kind, using EDU in production right now, and Pro/Enterprise evaluation in the lab. I was looking at running a post imaging script to prevent some of the bloat, but a GPO might be easier. You can use Windows ADK to customise the installation media and build a custom ISO. That file can then be placed on your ISO SR. The GPO is especially effective when combined with a custom ISO built using Windows ADK. I have tried this myself and it’s very effective doing it this way, the Windows ADK tool is very powerful but will require time to learn. Will save time with all of the extra installations, if you use a custom ISO.

@stormi I really appreciate the continued help. I'm not sure it works. On my single-host pool master—the one I want to join into my half-upgraded pool—I run the command: xe host-emergency-disable-tls-verification It returns with no errors. If I do xe host-param-list and look through the parameters for my host, I see: tls-verification-enabled ( RO): false This is the only thing I see documented that can turn off TLS verification. If some other command like pool-uninstall-ca-certificate would have the effect of disabling TLS verification, I can't see that documented anywhere. In fact, even though xe pool-uninstall-ca-certificate appears to be a valid command that my xe binary knows about, I can't find that particular command documented at all. Even after the emergency-disable-tls-verification, if I attempt to join that host to the half-upgraded pool (using xe pool-join...) I get: Error code: POOL_JOINING_HOST_TLS_VERIFICATION_MISMATCH It seems like even though the host has TLS verification off, the fact that its pool has verification enabled is blocking the action.

hardware_report_2025-12-12_17-20-47.txt lspci.txt mlx.txt pci.txt Diagnostic logs

@denis.grilli really big news, I need to have XO STOR working Thanks for your problems and support correting them

The installer is built. We are testing it, then we will be able to provide it to you so you can test it in turn.

It won't disappear tomorrow, but I'd like to phase it out sooner than later (before 2027? who knows)

It's not meant to be used like that. If you are behind a NAT, the right approach is to have your XOA behind the NAT and inside the same network than the hosts. That's because hosts will always use and return their internal IPs to connect to some resources (stats, consoles etc.). XOA deals with that easily as being the "main control point" for all hosts behind your NAT (or a XO proxy if you prefer).

@ovicz Yes, it's loaded lsmod | grep i915 i915 5373952 0 i2c_algo_bit 20480 2 xe,i915 drm_buddy 32768 2 xe,i915 video 81920 2 xe,i915 ttm 135168 3 drm_ttm_helper,xe,i915 drm_display_helper 331776 2 xe,i915 cec 106496 3 drm_display_helper,xe,i915 dmesg starts the same as your output, the only difference is that I have GuC disabled. dmesg | grep i915 [ 1.609000] i915 0000:00:08.0: [drm] Found alderlake_s (device ID 4690) integrated display version 12.00 stepping C0 [ 1.609986] i915 0000:00:08.0: [drm] VT-d active for gfx access [ 1.610073] i915 0000:00:08.0: [drm] Using Transparent Hugepages [ 1.611342] i915 0000:00:08.0: Invalid PCI ROM header signature: expecting 0xaa55, got 0x4556 [ 1.611345] i915 0000:00:08.0: [drm] Failed to find VBIOS tables (VBT) [ 1.612136] i915 0000:00:08.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 1.614455] i915 0000:00:08.0: [drm] Finished loading DMC firmware i915/adls_dmc_ver2_01.bin (v2.1) [ 3.583673] i915 0000:00:08.0: [drm] [ENCODER:261:DDI A/PHY A] failed to retrieve link info, disabling eDP [ 3.605422] i915 0000:00:08.0: [drm] GT0: GuC firmware i915/tgl_guc_70.bin version 70.49.4 [ 3.605426] i915 0000:00:08.0: [drm] GT0: HuC firmware i915/tgl_huc.bin version 7.9.3 [ 3.615402] i915 0000:00:08.0: [drm] GT0: HuC: authenticated for all workloads [ 3.615410] i915 0000:00:08.0: [drm] GT0: GUC: submission disabled [ 3.615414] i915 0000:00:08.0: [drm] GT0: GUC: SLPC disabled [ 3.616508] i915 0000:00:08.0: [drm] Protected Xe Path (PXP) protected content support initialized [ 3.617330] i915 0000:00:08.0: [drm] Registered 4 planes with drm panic [ 3.617354] [drm] Initialized i915 1.6.0 for 0000:00:08.0 on minor 1 [ 3.627390] i915 0000:00:08.0: [drm] Cannot find any crtc or sizes [ 3.637349] i915 0000:00:08.0: [drm] Cannot find any crtc or sizes [ 3.657358] i915 0000:00:08.0: [drm] Cannot find any crtc or sizes Having edited /etc/modprobe.d/i915.conf by adding options i915 enable_guc=3 enable_huc=1 fixed the GuC part as well, however I still have the same issue. Cannot find any crtc or sizes is the only part which is not in your output. /etc/default/grub is clean, I don't have NOMODESET: cat /etc/default/grub GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="rd.lvm.lv=fedora/root rhgb quiet" GRUB_DISABLE_RECOVERY="true"

The roadmap depends a lot on the feedback we have on it More demand/popular, faster we'll implement stuff

Ok I've figured out root cause. My config override has only one option: ignoreVmSnapshotResources = true And I had to change it with adding [selfService] on a line below Also I found out that override config for XO5 interface needs to have absolute paths to xo-web and @XenOrchestra in it. With relative paths it didn't work.

Feel free to create a trial on an XOA, test stable and latest and tell us. It might be also related to your environment, but if it works at some commit and not later, it's weird. @florent & @bastien-nollet maybe?

@Bastien-Nollet Great, thanks!

I would like to suggest to configure a remote syslog server. it centralizes all the log s and give you full control over the retention. It would also avoid situation where a disk full would impact your logging as well XCP-ng or XOA host operations. For your XCP-NG host go to you POOl, select Advanced tab and configure the Remote syslog host section to point to your syslog server. For XOA, you can follow the instruction here : https://docs.xen-orchestra.com/backups#send-xo-logs-to-an-external-syslog-server

If one day, some sad soul encounters these errors and nothing seems to be working or making sense you may have the same issue I did. Back story: Earlier this year, I had a Pool with 3 hosts. Through a series of unfortunate events. The Master died, I recovered as best as I could and assumed all was well as I rebuilt the environment since all of my vm's appeared to be working (except Xen Orchestra). I tried different versions (Ubuntu, Debian, XOA, XO via Docker, etc.). Error: backupNg.runJob { "id": "ea4a9d00-db35-45a9-8a15-f700891d55c6", "schedule": "0811579b-8ad3-4f29-8581-15a35c9c4597" } { "library": "SSL routines", "reason": "tlsv1 unrecognized name", "code": "ERR_SSL_TLSV1_UNRECOGNIZED_NAME", "call": { "duration": 21, "method": "session.login_with_password", "params": "* obfuscated *" } } [image: 1765346178618-a19c2386-f194-4268-af87-3c2307bb9cdd-image.png] In my case, my database was corrupted. By rejoining host to the same damaged pool, the issue remained. In was confusing since an old instance of xen orchestra running Ubuntu 18.04 was the only instance that could run backups successfully. Newer instances could do everything except run backups. Either way, hopefully this never happens to you. If it does, your servers backend database might be the issue. Thanks again to everyone that helped me figure this out throughout the year!

Thanks Olivier! That is what we assumed, but with how the 3 hosts per pool was in there under the essentials licenses it was up for debate