RE: Excluding a VM from health checks

I make it the other way, I add a tag for the VM I want a health check to happen, and no tag if I don't want a health check.

Then, in the backup's schedule, I add my tag:

Have you enabled uefi and secure boot for that VM (in the Advanced Tab)?

I'm gonna try the same and will let you know.

@olivierlambert
Yes, confusing, indeed
I just now restarted XO and the toolstack one more time to be sure. Yesterday, it was OK at the beginning but the issue reappeared after a few hours.
I'll let you know ASAP.

@olivierlambert
I mean if use commit 0ccfd4b, there is no issue, if I use a more recent one, like the latest 583c7, the issue is appearing.

@14wkinnersley
That issue is definitely coming from XO from source, it does not appear with XOA.

I revert my XO to commit 0ccfd4b and now everything is back to normal.

I don't know if our issue is also related to self-signed cert, but there's been other issues with latest commit of XO, we should stick to that version until a solution is implemented.

Same issue on my host, with commit 8e5d9.
I tried the health check, and it is stuck.
I do not see any error message, the log just says pending.

I tried a restore check with XOA 5.91.2, no issue on that side, only XO from source seems to be not working.

@MathieuRA
OK, thanks for the answer.

Looking forward for XO6

Thanks for the info and the faster than light answer ️

@pierrebrunet
Hello Pierre,

Sorry for that late response, but yes, latest version is working fine and has solved the issue.

Thanks for the fix.

@pierrebrunet
Hello Pierre,

Sorry for that late response, but yes, latest version is working fine and has solved the issue.

Thanks for the fix.

@pierrebrunet
XO from source, commit 1ee07 from today.

@pierrebrunet Just posted it above

@pierrebrunet

Hello,

I've updated the cert with signed assertion and response

I also tried with a brand new certificate.

Unfortunately, login is still failing.

From xo-server:

Oct 09 08:11:17 xo-ce xo-server[272092]: Error: SAML assertion audience mismatch. Expected: 1671ff50-10e1-4a02-a0c5-4ed298898281 Received: https://XO_DNS_RECORD/
Oct 09 08:11:17 xo-ce xo-server[272092]:     at /opt/xo/xo-builds/xen-orchestra-202510090759/node_modules/@node-saml/node-saml/src/saml.ts:1264:18
Oct 09 08:11:17 xo-ce xo-server[272092]:     at Array.map (<anonymous>)
Oct 09 08:11:17 xo-ce xo-server[272092]:     at SAML.checkAudienceValidityError (/opt/xo/xo-builds/xen-orchestra-202510090759/node_modules/@node-saml/node-saml/src/saml.ts:1259:8)
Oct 09 08:11:17 xo-ce xo-server[272092]:     at SAML.processValidlySignedAssertionAsync (/opt/xo/xo-builds/xen-orchestra-202510090759/node_modules/@node-saml/node-saml/src/saml.ts:1151:32)
Oct 09 08:11:17 xo-ce xo-server[272092]:     at SAML.validatePostResponseAsync (/opt/xo/xo-builds/xen-orchestra-202510090759/node_modules/@node-saml/node-saml/src/saml.ts:808:16)

And here is the plug-in configuration:

I'm not expert at all in SAML, sorry not being able to debug deeper.

Hello,

Has the saml-auth plugin updated recently ?

Using XOCE, commit c0065, it was working fine. Updating today to latest release, SAML authentication (Microsoft Entra ID), is not working anymore, I land on a page with a
'Internal server error' message.

Thanks,

@dant123
Old topic but thanks a lot for your first post, it was quite helpful for me to setup authentification with Microsoft Entra.

I just didn't get immediately that you also need to specify the callback URL in the XO plugin settings, not only in the enterprise application in the Microsoft portal.

My XO is behind a reverse proxy with a Let's Encrypt certificate, but it is also working with a self-signed certificate and a local DNS record.

@olivierlambert Might be worth an addendum in the official documentation with specific screenshots for Microsoft Entra?

Hello,

Indeed, disabling NBD for the delta backups, they are no more VDI attached to Dom0.

My upgrade path was from 8.2.1 stable to 8.3 using the ISO installation.

@Tristis-Oris
It seems that since updating to 8.3, I also have VDI attached to control domain I cannot delete, they appear after a backup.
The only solution to forget them is to a pool reboot.

I make it the other way, I add a tag for the VM I want a health check to happen, and no tag if I don't want a health check.

Then, in the backup's schedule, I add my tag:

Hello,

Is there a way to do multiple health check without starting them one by one?

In the restore tab, if I select multiple backups with the tick box, the restore health check icon appears in the top right corner, but if I click on it, I got an error message: t is not a function.

One other way would be to create a schedule in the backup job, but it doesn't seem possible to do just a health check without first creating a new backup.

Thanks for your help,