can connect to a vm which has spice console protocol by remote-viewer but that not working with vnc protocol
the remote-viewer can't validate the server certs, is this a bug on the remote-viewerside or in the hypervisor?
this problem is generally known? will it be fixed?

вс, 29 мар. 2020 г. в 12:52, David David <dd432690@gmail.com>:
there is no such problem with the ovirt-engine 4.2.5.2-1.el7
it appeared when upgrading to 4.3.*

вс, 29 мар. 2020 г. в 12:46, David David <dd432690@gmail.com>:
tested on four different workstations with: fedora20, fedora31 and windows10(remote-manager last vers)

вс, 29 мар. 2020 г. в 12:39, Strahil Nikolov <hunter86_bg@yahoo.com>:
On March 29, 2020 9:47:02 AM GMT+03:00, David David <dd432690@gmail.com> wrote:
>I did as you said:
>copied from engine /etc/ovirt-engine/ca.pem onto my desktop into
>/etc/pki/ca-trust/source/anchors and then run update-ca-trust
>it didn’t help, still the same errors
>
>
>пт, 27 мар. 2020 г. в 21:56, Strahil Nikolov <hunter86_bg@yahoo.com>:
>
>> On March 27, 2020 12:23:10 PM GMT+02:00, David David
><dd432690@gmail.com>
>> wrote:
>> >here is debug from opening console.vv by remote-viewer
>> >
>> >2020-03-27 14:09 GMT+04:00, Milan Zamazal <mzamazal@redhat.com>:
>> >> David David <dd432690@gmail.com> writes:
>> >>
>> >>> yes i have
>> >>> console.vv attached
>> >>
>> >> It looks the same as mine.
>> >>
>> >> There is a difference in our logs, you have
>> >>
>> >>   Possible auth 19
>> >>
>> >> while I have
>> >>
>> >>   Possible auth 2
>> >>
>> >> So I still suspect a wrong authentication method is used, but I
>don't
>> >> have any idea why.
>> >>
>> >> Regards,
>> >> Milan
>> >>
>> >>> 2020-03-26 21:38 GMT+04:00, Milan Zamazal <mzamazal@redhat.com>:
>> >>>> David David <dd432690@gmail.com> writes:
>> >>>>
>> >>>>> copied from qemu server all certs except "cacrl" to my
>> >desktop-station
>> >>>>> into /etc/pki/
>> >>>>
>> >>>> This is not needed, the CA certificate is included in console.vv
>> >and no
>> >>>> other certificate should be needed.
>> >>>>
>> >>>>> but remote-viewer is still didn't work
>> >>>>
>> >>>> The log looks like remote-viewer is attempting certificate
>> >>>> authentication rather than password authentication.  Do you have
>> >>>> password in console.vv?  It should look like:
>> >>>>
>> >>>>   [virt-viewer]
>> >>>>   type=vnc
>> >>>>   host=192.168.122.2
>> >>>>   port=5900
>> >>>>   password=fxLazJu6BUmL
>> >>>>   # Password is valid for 120 seconds.
>> >>>>   ...
>> >>>>
>> >>>> Regards,
>> >>>> Milan
>> >>>>
>> >>>>> 2020-03-26 2:22 GMT+04:00, Nir Soffer <nsoffer@redhat.com>:
>> >>>>>> On Wed, Mar 25, 2020 at 12:45 PM David David
><dd432690@gmail.com>
>> >>>>>> wrote:
>> >>>>>>>
>> >>>>>>> ovirt 4.3.8.2-1.el7
>> >>>>>>> gtk-vnc2-1.0.0-1.fc31.x86_64
>> >>>>>>> remote-viewer version 8.0-3.fc31
>> >>>>>>>
>> >>>>>>> can't open vm console by remote-viewer
>> >>>>>>> vm has vnc console protocol
>> >>>>>>> when click on console button to connect to a vm, the
>> >remote-viewer
>> >>>>>>> console disappear immediately
>> >>>>>>>
>> >>>>>>> remote-viewer debug in attachment
>> >>>>>>
>> >>>>>> You an issue with the certificates:
>> >>>>>>
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.238:
>> >>>>>> ../src/vncconnection.c Set credential 2 libvirt
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>> >>>>>> ../src/vncconnection.c Searching for certs in /etc/pki
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>> >>>>>> ../src/vncconnection.c Searching for certs in /root/.pki
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>> >>>>>> ../src/vncconnection.c Failed to find certificate
>CA/cacert.pem
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>> >>>>>> ../src/vncconnection.c No CA certificate provided, using
>GNUTLS
>> >global
>> >>>>>> trust
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>> >>>>>> ../src/vncconnection.c Failed to find certificate CA/cacrl.pem
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>> >>>>>> ../src/vncconnection.c Failed to find certificate
>> >>>>>> libvirt/private/clientkey.pem
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>> >>>>>> ../src/vncconnection.c Failed to find certificate
>> >>>>>> libvirt/clientcert.pem
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>> >>>>>> ../src/vncconnection.c Waiting for missing credentials
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>> >>>>>> ../src/vncconnection.c Got all credentials
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.239:
>> >>>>>> ../src/vncconnection.c No CA certificate provided; trying the
>> >system
>> >>>>>> trust store instead
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240:
>> >>>>>> ../src/vncconnection.c Using the system trust store and CRL
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240:
>> >>>>>> ../src/vncconnection.c No client cert or key provided
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.240:
>> >>>>>> ../src/vncconnection.c No CA revocation list provided
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.241:
>> >>>>>> ../src/vncconnection.c Handshake was blocking
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.243:
>> >>>>>> ../src/vncconnection.c Handshake was blocking
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.251:
>> >>>>>> ../src/vncconnection.c Handshake was blocking
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298:
>> >>>>>> ../src/vncconnection.c Handshake done
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.298:
>> >>>>>> ../src/vncconnection.c Validating
>> >>>>>> (remote-viewer:2721): gtk-vnc-DEBUG: 11:56:25.301:
>> >>>>>> ../src/vncconnection.c Error: The certificate is not trusted
>> >>>>>>
>> >>>>>> Adding people that may know more about this.
>> >>>>>>
>> >>>>>> Nir
>> >>>>>>
>> >>>>>>
>> >>>>
>> >>>>
>> >>
>> >>
>>
>> Hello,
>>
>> You can try to take the engine's CA (maybe it's  useless) and put it
>on
>> your system in:
>> /etc/pki/ca-trust/source/anchors (if it's  EL7 or a Fedora) and then
>run
>> update-ca-trust
>>
>> Best Regards,
>> Strahil Nikolov
>>

Hey David,

What is you workstation's OS ?
Also, have you tried from another workstation ?

Best Regards,
Strahil Nikolov