Hi, re-enroll form the UI was not possible because the installation butten was greyd out ... i ended up re-installing both hosts newly from iso (during that time all VMs were offline because of local storage). After iso installation i was able to re-install the hosts via ovirt-engine and then they were back green online in the engine. Regards, Kilian ________________________________ Von: Strahil Nikolov <hunter86_bg@yahoo.com> Gesendet: Samstag, 3. September 2022 17:47:31 An: Kilian Ries; users@ovirt.org Betreff: Re: [ovirt-users] VDSNetworkException: protocol version not accepted by client I would re-enroll the hosts from the web UI to verify that some cert was not missed. Best Regards, Strahil Nikolov On Thu, Sep 1, 2022 at 19:42, Kilian Ries <mail@kilian-ries.de> wrote: Hi, im running an oVirt 4.2.8 cluster with two nodes. A few days ago, my SSL certificates expired. After that, i changed all the certificates on the engine via "engine-upgrade" command and issued new vdsm client certificates. Then i copied the new certificates to my ovirt nodes and restarted vdsmd (systemctl restart vdsmd). Now i'm still not able to connect to my ovirt nodes. In the engine log i can see the following error: ### 2022-09-01 18:25:51,822+02 INFO [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp Reactor) [] Connecting to /192.168.xx.xx 2022-09-01 18:25:51,827+02 ERROR [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] Unable to process messages The server selected protocol version TLS10 is not accepted by client preferences [TLS12] 2022-09-01 18:25:51,829+02 ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-ManagedThreadFactory-engineScheduled-Thread-88) [] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: VDSNetworkException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12] ### I searched my vdsm client config but i cannot see any specific TLS version set (every option with TLS is commented - seems to be the default): ### $grep -R -i TLS /etc/vdsm/ /etc/vdsm/vdsm.conf:# ssl_protocol = tlsv1 /etc/vdsm/vdsm.conf:# https://docs.python.org/2/library/ssl.html. e.g. OP_NO_TLSv1, /etc/vdsm/vdsm.conf:# OP_NO_TLSv1_1 By default tlv1, tlsv1.1 and tlsv1.2 are enabled. ### On the engine i didn't find any setting to set a specific TLS version - there seems to have been a setting (VdsmSSLProtocol) but that got deprecated years ago. Does anybody know why my engine is still not able to connect to the client vdsmd? I also tried to set "ssl_protocol = tlsv1" via vdsm.conf but that didn't work ... Thanks Regards, Kilian PS: Name : vdsm Architektur : x86_64 Version : 4.19.37 Ausgabe : 1.el7.centos Name : ovirt-engine Architektur : noarch Version : 4.2.8.2 Ausgabe : 1.el7 _______________________________________________ Users mailing list -- users@ovirt.org<mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org<mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/QCSD37GWDX5WX7...