On Tue, Feb 3, 2015 at 1:04 PM, Sandro Bonazzola <sbonazzo@redhat.com> wrote:

Have you imported the CA in your browser?
You can download the certificate authority by navigating 'https://<your engine address>/ca.crt'.

Yes I already imported it, see this screenshot:

https://drive.google.com/file/d/0BwoPbcrMv8mvblp5amdoQmFaX1E/view?usp=sharing

In fact if I try to go to ca.crt page again from firefox I receive the message (translated from italian):

This certificate results already installed as a certificate of a certification authority

Any particular log to check?

When I click console button in user portal I get this on engine.log

2015-02-03 14:20:10,125 INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (ajp--127.0.0.1-8702-5) [65265ef3] Running command: SetVmTicketCommand internal: false. Entities affected : ID: 168470b1-b7eb-4dab-8fa4-6b744e2ad738 Type: VMAction group CONNECT_TO_VM with role type USER

2015-02-03 14:20:10,130 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-5) [65265ef3] START, SetVmTicketVDSCommand(HostName = ovnode04, HostId = 36fec87b-c21f-4157-ab2f-434b67c05cb9, vmId=168470b1-b7eb-4dab-8fa4-6b744e2ad738, ticket=foy2cb1NuPds, validTime=120,m userName=ovadmin, userId=92fa8316-45ac-47bb-9bbd-be80709bf888), log id: 6da35818

2015-02-03 14:20:10,189 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-5) [65265ef3] FINISH, SetVmTicketVDSCommand, log id: 6da35818

2015-02-03 14:20:10,233 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-5) [65265ef3] Correlation ID: 65265ef3, Call Stack: null, Custom Event ID: -1, Message: user ovadmin@ldap1 initiated console session for VM ubuntutrusty

and in ssl_access _log of engine:

192.168.1.128 - - [03/Feb/2015:14:20:10 +0100] "POST /ovirt-engine/userportal/GenericApiGWTService HTTP/1.1" 200 3389

192.168.1.128 - - [03/Feb/2015:14:20:10 +0100] "POST /ovirt-engine/userportal/GenericApiGWTService HTTP/1.1" 200 315

192.168.1.128 - - [03/Feb/2015:14:20:10 +0100] "POST /ovirt-engine/userportal/GenericApiGWTService HTTP/1.1" 200 4060

192.168.1.128 - - [03/Feb/2015:14:20:14 +0100] "GET /ovirt-engine/services/novnc-main.html?host=ovirtmgr.localdomain.local&port=6100 HTTP/1.1" 304 -

192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/vnc.js HTTP/1.1" 304 -

192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/base.css HTTP/1.1" 304 -

192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/util.js HTTP/1.1" 304 -

192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/webutil.js HTTP/1.1" 304 -

192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/base64.js HTTP/1.1" 304 -

192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/des.js HTTP/1.1" 304 -

192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/websock.js HTTP/1.1" 304 -

192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/input.js HTTP/1.1" 304 -

192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/display.js HTTP/1.1" 304 -

192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/rfb.js HTTP/1.1" 304 -

192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/jsunzip.js HTTP/1.1" 304 -

and in ssl_request_log:

[03/Feb/2015:14:20:10 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "POST /ovirt-engine/userportal/GenericA

piGWTService HTTP/1.1" 3389

[03/Feb/2015:14:20:10 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "POST /ovirt-engine/userportal/GenericA

piGWTService HTTP/1.1" 315

[03/Feb/2015:14:20:10 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "POST /ovirt-engine/userportal/GenericA

piGWTService HTTP/1.1" 4060

[03/Feb/2015:14:20:14 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/novnc-main.

html?host=ovirtmgr.localdomain.local&port=6100 HTTP/1.1" -

[03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc

/include/vnc.js HTTP/1.1" -

[03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc

/include/base.css HTTP/1.1" -

[03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc

/include/util.js HTTP/1.1" -

[03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc

/include/webutil.js HTTP/1.1" -

[03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc/include/base64.js HTTP/1.1" -

[03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc/include/des.js HTTP/1.1" -

[03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc/include/websock.js HTTP/1.1" -

perhaps anything related with iptables rules on host?

No, the issue here is that novnc was orphaned in epel6 and we built a custom novnc within ovirt for having it back.
Now someone took maintainership of novnc within epel6 and in order to get it back the package must have enough karma.
That's why test is requested.

Ah ok, I didn't remember this .

As soon as I will solve the 1006 error I can go ahead

Gianluca