Hi Kapil, If you run CloudStack in FIPS-mode, it does not work for now.
According to https://qemu-project.gitlab.io/qemu/system/vnc-security.html#with-passwords Password authentication is not supported when operating in FIPS 140-2 compliance mode as it requires the use of the DES cipher. However, CloudStack generates VNC password for all VMs, VMs are also started on hypervisors (for example KVM hosts) with a VNC password. -Wei On Tue, Feb 20, 2024 at 9:55 AM Kapil Bhuskute <kbhusk...@qualys.com.invalid> wrote: > Hello, > We have a POD setup with CloudStack 4.19 latest version and all schema > with a Zone, POD, and cluster has been setup using a Advance Shared > networking Architecture. > We have a couple of VMs spun up on this environment now and were trying to > access its VM console via VNC port. However, it has been observed that the > VM console connections are getting timed out due to failed authentication > errors observed on the vmconsoleproxy System VM logs. > > VM Console not working . We have mysql ssl enabled and console proxy ssl > is disabled for now. > Failed to connect/access token expired. > While checking logs on CCVM ..we see vnc auth failed. > 2024-02-13 16:12:12,926 INFO [vnc.security.VncTLSSecurity] > (Thread-86:null) Processing VNC TLS security > 2024-02-13 16:12:12,930 INFO [utils.nio.Link] (Thread-86:null) Conf file > found: /usr/local/cloud/systemvm/conf/agent.properties > 2024-02-13 16:12:12,964 INFO [vnc.security.VncAuthSecurity] > (Thread-83:null) Finished VNCAuth security > 2024-02-13 16:12:12,966 ERROR [consoleproxy.vnc.NoVncClient] > (Thread-83:null) Connection to VNC server failed: wrong password. > 2024-02-13 16:12:12,966 ERROR [consoleproxy.vnc.NoVncClient] > (Thread-83:null) Connection to VNC server failed: wrong password. - Reason: > Authentication failed > 2024-02-13 16:12:13,164 INFO [vnc.security.VncAuthSecurity] > (Thread-86:null) VNC server requires password authentication > 2024-02-13 16:12:13,184 INFO [vnc.security.VncAuthSecurity] > (Thread-86:null) Finished VNCAuth security > > > Kindly suggest if anyone is aware of any fix for this. > > Regards, > Kapil B >
