@julienXOvates Thanks for the quick reply, that’s very helpful!

@dthenot said: you will also likely need to give the host-uuid of the host the disk is on Thanks, and I'm assuming this UUID or Machine ID from: [14:45 xcp-kbbn NAS]# dmidecode --type SYSTEM # dmidecode 3.0 Getting SMBIOS data from sysfs. SMBIOS 3.3.0 present. # SMBIOS implementations newer than version 3.0 are not # fully supported by this version of dmidecode. Handle 0x0001, DMI type 1, 27 bytes System Information Manufacturer: ASUS Product Name: System Product Name Version: System Version Serial Number: System Serial Number UUID: E7AE9723-CB08-A278-5C45-7C10C9473BD0 Wake-up Type: Power Switch SKU Number: SKU Family: To be filled by O.E.M. OR [12:46 xcp-kbbn NAS]# hostnamectl Static hostname: xcp-kbbn Icon name: computer-desktop Chassis: desktop Machine ID: c668f529e66c42b9815fe12f3401df82 Boot ID: dd70b200b25341c688aee9fbc58d20a2 Virtualization: xen Operating System: XCP-ng 8.3 Kernel: Linux 4.19.0+1 Architecture: x86-64 the command would look like this correct: xe sr-create type=udev device-config:location=/srv/NAS name-label="NAS Disks" host-uuid=E7AE9723-CB08-A278-5C45-7C10C9473BD0 or c668f529e66c42b9815fe12f3401df82 UPDATE: I tried the new command but I got these error messages: [14:45 xcp-kbbn NAS]# xe sr-create type=udev device-config:location=/srv/NAS name-label="NAS Disks" host-uuid=E7AE9723-CB08-A278-5C45-7C10C9473BD0 The uuid you supplied was invalid. type: host uuid: E7AE9723-CB08-A278-5C45-7C10C9473BD0 [15:14 xcp-kbbn NAS]# ls [15:19 xcp-kbbn NAS]# xe sr-create type=udev device-config:location=/srv/NAS name-label="NAS Disks" host-uuid=c668f529e66c42b9815fe12f3401df82 The uuid you supplied was invalid. type: host uuid: c668f529e66c42b9815fe12f3401df82 then I was successful (I believe with you confirmation) when I left our the host-uuid param: [15:19 xcp-kbbn NAS]# xe sr-create type=udev device-config:location=/srv/NAS name-label="NAS Disks" b802722e-67ac-5aba-8d6c-e565d2d7fa0d and then it was listed as a SR: [image: 1779139583485-screenshot-from-2026-05-18-15-24-03.png] now to the next task command: xe sr-scan uuid=b802722e-67ac-5aba-8d6c-e565d2d7fa0d was successful, but I have another Question, the size of the device is not showing, is this normal being that it was done this way? UPDATE 2.0: I just discovered the xe command: [15:27 xcp-kbbn NAS]# xe host-list uuid ( RO) : 9a5e5bb3-bdb9-41ea-9505-6f6fe630f369 name-label ( RW): xcp-kbbn the uuid does not match the ones provided above, do I need to remove the SR and do it over again using this uuid? I will give it a try using another folder.... UPDATE 2.1: I executed the command using the above uuid: [15:35 xcp-kbbn srv]# xe sr-create type=udev device-config:location=/srv/NAS name-label="NAS Disks" host-uuid=9a5e5bb3-bdb9-41ea-9505-6f6fe630f369 6fc531a0-19a0-b9c1-c78e-c687fce5ff84 and was successful, but now my question for the device size, is it normal or not due to creating it this way? UPDATE 2.2: I forgot to do: ln -s /dev/sda /srv/NAS/sda #although it might be better to use a stable identifier if you have multiple disks xe sr-scan uuid=<UUID of the udev SR> be right back..... UPDATE 3.0: Success, I have all HDs attached to my VM, access all files and the sizes are reported! : [image: 1779147782991-screenshot-from-2026-05-18-17-25-38.png] List of attached disks: [image: 1779147797114-screenshot-from-2026-05-18-17-18-07.png] The VM: [image: 1779148373193-screenshot-from-2026-05-18-17-51-19.png] Thanks for your help!...

the last rewrite of the stream processing ( spring 2025 ) focused on stability and memory footprint, and , on a standard cpu, it tops at around 300MB/s per backup job. Your benchmarks are very interesting, and they confirm most of it. this limit was not really an issue since, in most case the xapi was limiting around 100MB/s per disk , but it will be more a more visible limit Note that master have some fixes on the memory usage (not related to backups) That's why we have started an internal workforce focused on performance, with all the teams from the kernel to the backups, including storage, network and xapi. If I can brag a little : [image: 1779106650898-afd7b59b-a4f0-4a92-88ee-2c7ba52d18bf-image.jpeg] i9 , nvme disk , backup to a nvme disk in passthrough, xoa and vm are on the same host, so it's quite far from real world data, but it shows where the limit is

@JL457 Hi, For now it looks like Wasabi is not sending us the correct date format, which is strange because we support this provider and don't usually have issues. In order to allow us to investigate further, could you send us the full backup job logs ? You can find them by clicking on the failed backup status and then on the download logs button: [image: 1779106635704-export-logs.png] Relevant XO logs would also help. If you are a client, also don't hesitate to open a ticket with an open support tunnel. Thanks.

@taghjichte From my testing you would need to passthought a device for audio. If need for professional audio work then yes a pci passthough would be the perferred option. With that said. @dinhngtu As for sound I have never looked much into it but the only vm I heard make sound is from Fedora even while booted from install iso. Kubuntu or windows with xen drivers installed no audio. (find for me at the moment) While audio seems to work in Fedora from iso it seems to be limited to left channel. Local system is connected to 5.1 sound.

@tsukraw I am taking the ticket and will keep you informed as soon as possible

@johnnezero The full HTML versions will render much better. The PDF conversion is less than perfect. iIll try to get those uploaded, as well.

Take it with a grain of salt, but I think bonds are usually managed as a whole rather than edited port by port in the UI. As far as I can tell, the supported route is from the network section in Xen Orchestra (the bonding part of the infrastructure docs is here: https://docs.xen-orchestra.com/xo5/manage_infrastructure#network-bonding), and on the CLI side, the bond commands are documented at https://docs.xcp-ng.org/appendix/cli_reference#bond-create (there's a matching bond-destroy command alongside it). My honest guess is you may end up destroying and recreating the bond with the four ports you want to keep, since I'm not sure removing a single member in place is exposed anywhere, but I could easily be wrong. If there's a cleaner way that avoids the recreate, someone will let us know.

This is a nice bit of community tooling, and thanks for keeping it updated and being upfront about the "use at your own risk" part. On the naming point a few people raised, I think the distinction folks are drawing is fair: XOA is the Vates-built appliance, and anything you compile yourself is XO from sources. The official docs cover that path at https://docs.xen-orchestra.com/xo5/installation#from-the-sources, including the note that there is no pro support for that method. Hope the project keeps going well!

Quick update now that Vates has published their official advisory. First, kudos to the Vates security team for the thorough and timely response. VSA-2026-014 is well-documented and covers the full picture, including a third CVE I had not covered in my earlier posts. VSA-2026-014 confirms what I outlined above: XCP-ng is affected by CVE-2026-43284 (XFRM-ESP) and is NOT affected by CVE-2026-43500 (no RxRPC support). The CVE I had missed: CVE-2026-46300 ("Fragnesia") also affects XCP-ng via the XFRM ESP-in-TCP subsystem. The same esp4/esp6 blacklist mitigation applies, with the same caveat @semarie raised: it will break encrypted private networks on XCP-ng. Now that the VSA and official mitigation guidance are public, I'm releasing the diagnostic script I built. It's Python 3.6, no external dependencies, safe to run on production dom0. It tests whether an unprivileged process can engage the esp4 engine via the XFRM interface inside a user namespace — without touching any exploit code. Since both CVE-2026-43284 and CVE-2026-46300 (Fragnesia) require esp4 or esp6 to be reachable from an unprivileged namespace, and share the same mitigation, a positive result confirms exposure to both. Blacklist esp4/esp6, then run the script again — ACCESS DENIED means both CVEs are mitigated. One important note before running it: please read the code before executing it on any of your systems. This is good practice with any script from the internet, regardless of the source. The code is intentionally short and straightforward so you can review it quickly and satisfy yourself that it does exactly what it says. VSA-2026-014: https://docs.vates.tech/security/advisories/2026/vates-sa-2026-014/ Diagnostic tool: https://github.com/grabesec/XCP_ng_CVE-2026-43284_tester A kernel patch from Vates is in progress. Apply as soon as it lands.

Thanks for the ping and for narrowing it down; that live-migration repro is a really useful signal. I don't know enough about how the guest tools report IPs back through XAPI to say where the canonicalisation should happen, but it sounds like something @Team-Hypervisor-Kernel might want to look at since the trigger is on the agent side after migration. If it turns out to be reproducible on another Windows guest version (2022, 2019), that might help narrow it further; no pressure though, you've already done the hard part.

Yes it's for this summer, can't tell more precisely (because I don't know ^^)

Dug a little deeper. For a VM where the disks are not shown the following XO API call fails: /rest/v0/vms/a519e879-3971-9210-51b6-7df14336e7b7/vdis { "error": "no such VDI ac37700d-3157-4df7-b8e8-e1799a994591", "data": { "id": "ac37700d-3157-4df7-b8e8-e1799a994591", "type": [ "VDI" ] } } Also the VDI cannot be retrieved over the XO API: /rest/v0/vms/a519e879-3971-9210-51b6-7df14336e7b7 ... "$VBDs": [ "4ea8a3cd-0d1b-dc60-4d9c-fd70e060f06c", "9f4ca686-9fc2-35a9-c3e9-c871c9f68aba" ], ... /rest/v0/vbds/9f4ca686-9fc2-35a9-c3e9-c871c9f68aba { "type": "VBD", "attached": false, "bootable": false, "device": "xvda", "is_cd_drive": false, "position": "0", "read_only": false, "VDI": "ac37700d-3157-4df7-b8e8-e1799a994591", "VM": "a519e879-3971-9210-51b6-7df14336e7b7", "id": "9f4ca686-9fc2-35a9-c3e9-c871c9f68aba", "uuid": "9f4ca686-9fc2-35a9-c3e9-c871c9f68aba", "$pool": "93d361b7-f549-53b7-a3aa-c9695bf0abe4", "$poolId": "93d361b7-f549-53b7-a3aa-c9695bf0abe4", "_xapiRef": "OpaqueRef:1d424d94-f540-2eb4-9e52-2a9b21ec0a19" } /rest/v0/vdis/ac37700d-3157-4df7-b8e8-e1799a994591 { "error": "no such VDI ac37700d-3157-4df7-b8e8-e1799a994591", "data": { "id": "ac37700d-3157-4df7-b8e8-e1799a994591", "type": "VDI" } } However the VDI can be listed using the xe cli: $ xe vm-list uuid=a519e879-3971-9210-51b6-7df14336e7b7 uuid ( RO) : a519e879-3971-9210-51b6-7df14336e7b7 name-label ( RW): XXX power-state ( RO): halted $ xe vbd-list vm-uuid=a519e879-3971-9210-51b6-7df14336e7b7 uuid ( RO) : 4ea8a3cd-0d1b-dc60-4d9c-fd70e060f06c vm-uuid ( RO): a519e879-3971-9210-51b6-7df14336e7b7 vm-name-label ( RO): XXX vdi-uuid ( RO): <not in database> empty ( RO): true device ( RO): xvdd uuid ( RO) : 9f4ca686-9fc2-35a9-c3e9-c871c9f68aba vm-uuid ( RO): a519e879-3971-9210-51b6-7df14336e7b7 vm-name-label ( RO): XXX vdi-uuid ( RO): ac37700d-3157-4df7-b8e8-e1799a994591 empty ( RO): false device ( RO): xvda $ xe vdi-list uuid=ac37700d-3157-4df7-b8e8-e1799a994591 uuid ( RO) : ac37700d-3157-4df7-b8e8-e1799a994591 name-label ( RW): XXX Disk 0 name-description ( RW): Created by XO sr-uuid ( RO): 977b7e63-bb84-57b2-3e0d-206afea553bf virtual-size ( RO): 34359738368 sharable ( RO): false read-only ( RO): false Seems almost like something changed in the XCP-ng API which XO cannot consume.

Ah excellente nouvelle Je passe le sujet en résolu !

@psafont Thank you for the quick response. I also found a similar issue: the other-config:auto-scan=true parameter is not being applied during xe sr-create either. As with the name-description parameter, the workaround is to add it separately afterwards using xe sr-param-add.

@julienXOvates Excellent, thanks for looking at this Julien! Rob

@yomeyo I had this also, but problem disappeared itself. https://github.com/xcp-ng/xcp/issues/793 [image: a3dcbb0b-fe7a-4389-addc-247190039a18] IgorGlock created this issue in xcp-ng/xcp open XN-xenguestagent-rs skips IPv4 at Windows boot #793

@Mathieu-L linstor n l was included in my original post. All nodes were updated to May 2026 Security and Maintenance Updates for XCP-ng 8.3 LTS, all nodes were restarted. May 2026 Updates #2 for XCP-ng 8.3 LTS was released, and a couple days later I installed on all hosts. No host restarted. When xen04 was restarted, that is when this issue happened. I had used systemctl restart linstor-controller here (https://xcp-ng.org/forum/post/105309) to restart the controller.

Thanks for that information. I will make this message short because @stormi is busy but I want to say thanks to Vates and XCP-ng for all their work done to support Windows on the Xen platform. This includes TPM2 and secure boot support and Microsoft-signed pv drivers. Well done!