Hi Patrick,

The ovirt-vmconsole is a for emulated serial connections (via a ssh tunnel).

The VNC ports are the same range as spice 5900 - 6923.

Do you have encryption enabled for VNC?


Regards,
               Paul S.

From: Patrick Hibbs <hibbsncc1701@gmail.com>
Sent: 14 December 2021 22:53
To: Staniforth, Paul <P.Staniforth@leedsbeckett.ac.uk>
Cc: oVirt Users Mailing List <users@ovirt.org>
Subject: Re: [ovirt-users] Re: remote-viewer VNC mode issue
 

Caution External Mail: Do not click any links or open any attachments unless you trust the sender and know that the content is safe.

Hello,

Well a quick check of the hosts say that they have ovirt-vmconsole enabled on their firewall, but there doesn't seem to be any logs for the vmconsoles on them. Running wireshark on one of the end-user machines shows that the host does send packets back and forth but then the end-user machine TCP resets the connection. (I assume due to the credential failure.) So it doesn't seem to be a firewall issue.

Is there anything I can do to get some more logs from the vmconsoles on the Host?

Thanks.

-Patrick Hibbs

On Tue, 2021-12-14 at 12:56 +0000, Staniforth, Paul wrote:
Hello Patrick,
                        with noVNC the connection is made via the websocket-poxy service (probably on the engine server).
The remote-viewer connects directly from the client machine to the virtual host the VM is running on. Maybe check the network/firewall between the client and the host, also the OTP expires after 120 seconds.


Regards,

Paul S.

From: Strahil Nikolov via Users <users@ovirt.org>
Sent: 14 December 2021 12:12
To: hibbsncc1701@gmail.com <hibbsncc1701@gmail.com>; oVirt Users Mailing List <users@ovirt.org>
Subject: [ovirt-users] Re: remote-viewer VNC mode issue
 

Caution External Mail: Do not click any links or open any attachments unless you trust the sender and know that the content is safe.

The most common problem is the CA of oVirt not trusted in the web browser of the client.


Best Regards,
Strahil Nikolov

On Sun, Dec 12, 2021 at 0:00, Patrick Hibbs
<hibbsncc1701@gmail.com> wrote:
Hello,

    As oVirt unfortuately now requires VNC for the VM consoles,
I've been attempting to get VNC mode working on my end user clients.

    The noVNC browser client works just fine, but for some reason
the default download to remote-viewer fails on the same hosts.

All the end-user gets is a quick flash of the remote-viewer window on
their screen.

Running remote-viewer in debug mode I get this:

---log snip---

$ remote-viewer -v --debug Downloads/console.vv
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.906: Opening display
to Downloads/console.vv
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.906: Guest (null) has
a vnc display
Guest (null) has a vnc display
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.952: Spice foreign
menu updated
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.952: After open
connection callback fd=-1
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.952: Opening
connection to display at Downloads/console.vv
Opening connection to display at Downloads/console.vv
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.953: fullscreen
display 0: 0
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.953: notebook show
status 0x560a419d2280
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.032: notebook show
status 0x560a419d2280
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.032: Insert display 0
0x560a423fa1e0
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.032: notebook show
status 0x560a419d2280
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.052: Allocated
1024x740
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.052: Child allocate
1024x640
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.053: Got VNC
credential request for 1 credential(s)
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.067: Not removing
main window 0 0x560a4195d910
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.067: Disconnected
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.067: close
vnc=0x560a419fc220
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.068: notebook show
status 0x560a419d2280
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.068: Guest (null)
display has disconnected, shutting down
Guest (null) display has disconnected, shutting down

---log snip---

It seems to be failing a credential request, but I'm not sure why. The
engine logs only show the VM console ticket being created, but does not
show any connection attempts unless noVNC is used.

---log snip---

2021-12-11 16:48:23,402-05 INFO
[org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-16)
[68b90cfe] Running command: SetVmTicketCommand internal: false.
Entities affected :  ID: bb05ab12-91e5-4ab6-92b1-b911ed78f64f Type:
VMAction group CONNECT_TO_VM with role type USER
2021-12-11 16:48:23,414-05 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
(default task-16) [68b90cfe] START, SetVmTicketVDSCommand(HostName = --
REDACTED--, SetVmTicketVDSCommandParameters:{hostId='1fdd841b-477f-
4d13-9935-7908924dd5a1', vmId='bb05ab12-91e5-4ab6-92b1-b911ed78f64f',
protocol='VNC', ticket='ocziPsEOF4km', validTime='120', userName='--
REDACTED--@--REDACTED--', userId='e83ab2b3-c464-49a4-a0ab-
4e62e8131304', disconnectAction='LOCK_SCREEN'}), log id: f6dccdd
2021-12-11 16:48:23,435-05 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
(default task-16) [68b90cfe] FINISH, SetVmTicketVDSCommand, return: ,
log id: f6dccdd
2021-12-11 16:48:23,461-05 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-16) [68b90cfe] EVENT_ID: VM_SET_TICKET(164), User --
REDACTED--@--REDACTED--@--REDACTED-- initiated console session for VM
Test
#

---log snip---

What else can I do to troubleshoot this?

- Patrick Hibbs

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
To view the terms under which this email is distributed, please go to:-
https://leedsbeckett.ac.uk/disclaimer/email


To view the terms under which this email is distributed, please go to:-
https://leedsbeckett.ac.uk/disclaimer/email