RE: XCP-ng host restarts at random intervals

I believe I have the definitive cause for this 'random host reboot' issue.

After 6 months of problem-free operation, I have experienced the host reboot issue again on this server. The host was running only Linux VMs, so the theory of Windows VMs on the host contributing to the reboot issue has proven false. As with each time before, there are no indications in any relevant log files that the host is going to reboot. I think at this point I can definitively say that the reboot is caused by a faulty SuperMicro motherboard.

I've learned my lesson: use HPE servers! This SuperMicro system will be melted down for scrap.

@splastunov Yes, all VMs are for in-house use and all were built by me personally.

I have previously followed the same steps that you followed in your case. I updated the BIOS on the host server and moved VMs one by one.

Moving VMs one by one is how I eventually found that I only had the problem when a Windows Server VM was on the host. When I had this problem occur with a fresh Windows Server 2022 VM which had no applications installed, I started to suspect that it was related to Windows. I was then able to confirm that this only occurred with Windows VMs.

Thanks for the info. I think these are great steps toward finding the problem.

Since I last posted on this topic, I've found that the random reboots only occur when there are Windows Server VMs on the host (Tested with 2019 and 2022). The issue will not occur when running Linux VMs.

My issue seems very similar to the problem described (and solved) in https://xcp-ng.org/forum/topic/6683/windows-server-2019-sporadic-reboot/7

The difference is that in my case, the host restarted and in the other post, the poster reports that the VMs are restarting. Since the poster also tested RAM and found no problems but was able to solve the issue by replacing a suspected DIMM, that information may be useful in the host reboot scenario that I experience.

FYI, I have not replaced the RAM yet and may not actually do it since the server in question is aging and will likely be replaced (with HP hardware) soon.

Secure Boot was not enabled in the VM. I enabled Secure Boot in the VM and was able to install KB5012170 without any problem.

I tested further to see if there were any issues related to enabling then disabling Secure Boot in the VM. I did not experience any problems booting the VM after disabling Secure Boot. There were no problems booting the VM after moving it to a pool where the default UEFI Certificates had not been installed.

For anyone wanting to resolve the KB5012170 update error, here are the steps I took:

• On the pool/host for the VM, install the UEFI Certificates with secureboot-certs install
• Shut down the problem VM
• Enable Secure Boot on the VM. I do this via Xen Orchestra but it can also be done with xe vm-param-set uuid=[uuid of VM] platform:secureboot=true
• Boot the VM
• Apply the KB5012170 update
• Shut down the VM
• Disable Secure Boot on the VM via XO or xe vm-param-set uuid=[uuid of VM] platform:secureboot=false
• Boot the VM

https://xcp-ng.org/docs/guides.html#guest-uefi-secure-boot is a very thorough guide on Secure Boot in XCP-ng.

Thanks for the help @stormi

I've not been able to find information on the signature used by the UEFI bootloader and if that is on the DBX update in KB5012170. Since my original post, Microsoft has updated the Known Issues documentation for KB5012170 and it seems that this problem is now 'known' and has a proposed resolution of, "We are presently investigating and will provide an update in an upcoming release."

So at this point, it appears Microsoft is investigating this as an issue Microsoft needs to resolve, not an issue with the bootloader itself.

Reference: https://support.microsoft.com/en-us/topic/kb5012170-security-update-for-secure-boot-dbx-august-9-2022-72ff5eed-25b4-47c7-be28-c42bd211bb15
(see the third issue listed in Known Issues, which didn't exist until after my initial post)

I'm attempting to determine if a problem I'm having with installing Windows 10 update KB5012170 is related to the UEFI bootloader used by the VM.

XCP-ng version is 8.2.1 and is nearly fully patched (have not installed 4.13.4-9.24.1.xcpng8.2 yet).

I started noticing 4 Windows 10 VMs (on separate hosts) rebooting every night for the past 5 days and found that KB5012170 was not installing because of error 0x800f0922. I've found that this is probably because of the UEFI bootloader now being in the Secure Boot DBX (Forbidden Signature Database). I'm basing this on this this article: https://www.bleepingcomputer.com/news/security/windows-kb5012170-secure-boot-dbx-update-may-fail-with-0x800f0922-error/

Apparently if the UEFI bootloader is signed by keys from one of three vendors (New Horizon Datasys Inc, CryptoPro Secure Disk, Eurosoft (UK) Ltd) then KB5012170 will fail to install with error 0x800f0922 because these signatures have been blacklisted.

I know the VMs are using the TianoCore UEFI implementation. I've looked at the TianoCore bugtracker but didn't find anything related - although if issue is in fact caused by Microsoft blacklisting the signature, I don't know that would even be a bug, per se.

@olivierlambert Just tell people to stick with HP hardware This problem server is a SuperMicro system board and it's the second of the same model of which I've had a hardware problem. The other board stopped working completely so it was a different failure mode. Once I obsolete this hardware, I will have no more SuperMicro boards in production.

@olivierlambert I have been able to confirm this is a hardware reboot. Since I've been working this issue for a year and the restarts were so rare, at some point I convinced myself that the hardware was not restarting even thought my monitoring and logging was telling me otherwise.

Thanks for your help in guiding me to reconsider what I thought I already knew. Thankfully the restarts have become more frequent and I have had 3 reboots in 10 days. That frequency has allowed me to catch what was really happening.

I was wrong about the hypervisor, it is restarting. I confused myself and didn't make the connection.

In /var/log/xen/hypervisor.log... I see an entry Logfile Opened with the timestamp of when the log rotates then I see another Logfile Opened at the timestamp that the hypervisor restarts, followed by the Xen log data during boot.

So I guess I need to be thinking about why the hypervisor is restarting. Now I'm questioning if the hardware is restarting. I have not seen a hardware restart in the IPMI data and the recovery time seemed too short for a hardware restart HOWEVER the lack of evidence is not evidence itself so I think my next move will be to monitor the hardware in a way that I can confirm or deny a hardware restart.

Thanks for your help @olivierlambert . It may be a couple of months before this happens again but I'll report back what I find once it happens.

I was able to run Memtest for 86 hours, completed 9 passes and had no memory errors.

Maybe I'm approaching this incorrectly. I've been assuming there is a problem in dom0 since the kernel is starting without any indication as to why. What could be telling the kernel to restart? The hardware never restarts and since dom0 restarts in a very short period of time (seconds, from best I can tell), the hypervisor seems to keep running.

I have a very limited knowledge of this stack so I know I could be completely wrong.

@olivierlambert Sadly, nothing showing but the restart. I'll run Memtest. I think I did this at some point but I don't have a record of doing it and it's not a bad idea anyway.

I have an XCP-ng installation (8.2.1, all patches but most recent) which will restart at random intervals. Usually this interval is a couple months but has been as short as a week. This started just over one year ago. This server has been running since 2018 (with XCP-ng upgrades). The server is in a single host pool.

This isn't a normal crash. A kernel panic does not occur. There is no indication of a shutdown. The kernel just stops then is booting a couple of seconds later.
Kdump is working but there is no logging from kdump when this happens. I can force a kernel panic and I get logging by kdump when I force it so I know kdump is working.

I would expect this to be a hardware issue however the hardware does not restart. The hardware remains running. The kernel will restart. I know this by monitoring hardware, kernel uptime and reviewing log data.

There is no consistency in time of day or day of week. This usually occurs when the one VM on the server is idle.

I'm unable to find any indication in any log that something's gone wrong. I only can find the kernel restarting.

I've tried many hardware configurations, updated firmware on the system board, and RAID controller over the past year and continue to have the same results. I have re-installed XCP-ng and also have experienced the same issue through various patches applied though the past year.

If there is a way that this could be caused by hardware without leaving any trace and not rebooting the hardware, I don't know what that could be but I'd be happy to hear any ideas.

Does anyone have any thoughts on what I could monitor or what I might look into? The one thing I've not done is move the one VM on the host to another host. I don't suspect the VM itself is the cause because there is usually no load on the VM when the restart occurs. There are licensing entanglements which result in about 24 hours of downtime and require a re-install of software though the provider's support if I move the VM - so I've not done this for testing.