Thanks Mostafa. However setting was already true --- # engine-config -g ImageTransferProxyEnabled Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false ImageTransferProxyEnabled: true version: general --- Also if this wasn't the case it is likely that imageio would not work in the first cluster (presently it also works in the first cluster) and all clusters show the same hosts in the drop down screen in the upload page (cluster1: app1+app2) even though the rest of the clusters have no access to the san cluster 1 uses.. I can confirm on the engine /etc/ovirt-imageio/conf.d/50-engine.conf ----- [tls] enable = true key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass cert_file = /etc/pki/ovirt-engine/certs/apache.cer ca_file = /etc/pki/ovirt-engine/apache-ca.pem [backend_http] ca_file = /etc/pki/ovirt-engine/ca.pem [remote] port = 54323 [local] enable = false [control] transport = tcp port = 54324 [handlers] keys = logfile [logger_root] handlers = logfile level = INFO ----- and on ovirt hosts (from any cluster - working or not) ----- [tls] enable = true key_file = /etc/pki/vdsm/keys/vdsmkey.pem cert_file = /etc/pki/vdsm/certs/vdsmcert.pem ca_file = /etc/pki/vdsm/certs/cacert.pem [remote] port = 54322 [local] enable = true [control] transport = unix ----- Anyone got any suggestions - its been broken now for several months ? (btw I do not fully get how this mailing list works as this thread no longer links to my original post.. is it worth reposting again? for technical support forums seem better (also have code formatting, etc and easier to post images to explain what I am seeing ,etc..)