Hi Granwille
You could perform the step to set the parameter for
enable.secure.session.cookie
as false and restart the services.
I think that should solve the issue, If you still face issues, you can
report back.
On Thu, Nov 21, 2024 at 12:21 PM Granwille Strauss
<granwi...@namhost.com.invalid> wrote:
> Sorry, here's an additional extract from the management log I missed:
>
> 2024-11-21 08:45:49,676 DEBUG [c.c.a.ApiServlet] (
> qtp1002191352-377:ctx-e40381da) (logid:a03bee2e) ===START===
> MYPERSONALIP -- GET
> codefor2fa=431393&command=validateUserTwoFactorAuthenticationCode&response=json&sessionkey=Ra4WZrj9gF8X4N5f-dp97ojamzM
> 2024-11-21 08:45:49,676 DEBUG [c.c.a.ApiServlet] (
> qtp1002191352-377:ctx-e40381da) (logid:a03bee2e) Verifying two factor
> authentication
> 2024-11-21 08:45:49,680 INFO [o.a.c.a.TotpUserTwoFactorAuthenticator] (
> qtp1002191352-377:ctx-e40381da) (logid:a03bee2e) 2FA matches user's input
> 2024-11-21 08:45:49,682 ERROR [c.c.u.HttpUtils] (
> qtp1002191352-377:ctx-e40381da) (logid:a03bee2e) JSESSIONID from cookie
> is invalid.
> 2024-11-21 08:45:49,682 DEBUG [c.c.a.ApiSessionListener] (
> qtp1002191352-377:ctx-e40381da) (logid:a03bee2e) Session destroyed by Id
> : node01c0ywb03y2om96eklwssoc8fb4 , session:
> Session@5e69e572{id=node01c0ywb03y2om96eklwssoc8fb4,x=node01c0ywb03y2om96eklwssoc8fb4.node0,req=1,res=true}
> , source:
> Session@5e69e572{id=node01c0ywb03y2om96eklwssoc8fb4,x=node01c0ywb03y2om96eklwssoc8fb4.node0,req=1,res=true}
> , event: javax.servlet.http.HttpSessionEvent[source=Session@5e69e572
> {id=node01c0ywb03y2om96eklwssoc8fb4,x=node01c0ywb03y2om96eklwssoc8fb4.node0,req=1,res=true}]
>
>
> Would this solve the issue perhaps:
> https://github.com/apache/cloudstack/issues/9848#issuecomment-2437218354
> I just want to verify before I actually run the command in the DB.
> On 11/21/24 08:33, Granwille Strauss wrote:
>
> Good Day
>
> I upgraded to 4.19.1.3 today from 41.19.1.1, and for some reason I cannot
> access the UI with my admin account, as 2FA is failing to verify.
>
> Error on the UI reads:
>
> - Unable to verify 2FA with provided code, please retry
>
> Cloudstack management log:
>
> tail -fn0 management-server.log
> 2024-11-21 08:21:29,439 DEBUG [o.a.c.h.HAManagerImpl] (
> BackgroundTaskPollManager-2:ctx-7e5d09b8) (logid:dbd27c4c) HA health
> check task is running...
> 2024-11-21 08:21:30,392 DEBUG [c.c.a.ApiServlet] (
> qtp1002191352-332:ctx-4074b039) (logid:defc7041) ===START===
> MYPERSONALIP -- GET
> codefor2fa=349648&command=validateUserTwoFactorAuthenticationCode&response=json&sessionkey=3JmLr3LEqBZL1NV-Hfk4mH-tsjA
> 2024-11-21 08:21:30,393 DEBUG [c.c.a.ApiServlet] (
> qtp1002191352-332:ctx-4074b039) (logid:defc7041) Verifying two factor
> authentication
> 2024-11-21 08:21:30,398 DEBUG [c.c.a.ApiSessionListener] (
> qtp1002191352-332:ctx-4074b039) (logid:defc7041) Session destroyed by Id
> : node019szb4zxdd91rtp9lsbxdj5761 , session:
> Session@de3eebc{id=node019szb4zxdd91rtp9lsbxdj5761,x=node019szb4zxdd91rtp9lsbxdj5761.node0,req=1,res=true}
> , source:
> Session@de3eebc{id=node019szb4zxdd91rtp9lsbxdj5761,x=node019szb4zxdd91rtp9lsbxdj5761.node0,req=1,res=true}
> , event: javax.servlet.http.HttpSessionEvent[source=Session@de3eebc
> {id=node019szb4zxdd91rtp9lsbxdj5761,x=node019szb4zxdd91rtp9lsbxdj5761.node0,req=1,res=true}]
> 2024-11-21 08:21:30,398 DEBUG [c.c.a.ApiServlet] (
> qtp1002191352-332:ctx-4074b039) (logid:defc7041) ===END=== MYPERSONALIP
> -- GET
> codefor2fa=349648&command=validateUserTwoFactorAuthenticationCode&response=json&sessionkey=3JmLr3LEqBZL1NV-Hfk4mH-tsjA
> 2024-11-21 08:21:30,446 DEBUG [c.c.a.ApiServlet] (
> qtp1002191352-333:ctx-85d71c7f) (logid:b11a725a) ===START===
> MYPERSONALIP -- GET command=logout&response=json
> 2024-11-21 08:21:30,446 DEBUG [c.c.a.ApiServlet] (
> qtp1002191352-333:ctx-85d71c7f) (logid:b11a725a) ===END=== MYPERSONALIP
> -- GET command=logout&response=json
> 2024-11-21 08:21:30,537 DEBUG [c.c.a.ApiServlet] (
> qtp1002191352-332:ctx-ca7c22b5) (logid:39a1f14b) ===START===
> MYPERSONALIP -- GET command=listIdps&response=json
> 2024-11-21 08:21:30,537 DEBUG [c.c.a.ApiServlet] (
> qtp1002191352-330:ctx-d3860219) (logid:0ffdd348) ===START===
> MYPERSONALIP -- GET command=listOauthProvider&response=json
> 2024-11-21 08:21:30,537 DEBUG [c.c.a.ApiServer] (
> qtp1002191352-332:ctx-ca7c22b5 ctx-0c2f8fe1) (logid:39a1f14b) The given
> command listIdps either does not exist, is not available for user, or not
> available from ip address 'MYPERSONALIP'.
> 2024-11-21 08:21:30,537 DEBUG [c.c.a.ApiServlet] (
> qtp1002191352-332:ctx-ca7c22b5 ctx-0c2f8fe1) (logid:39a1f14b) ===END===
> MYPERSONALIP -- GET command=listIdps&response=json
> 2024-11-21 08:21:30,539 DEBUG [c.c.a.ApiServlet] (
> qtp1002191352-330:ctx-d3860219) (logid:0ffdd348) ===END=== MYPERSONALIP
> -- GET command=listOauthProvider&response=json
> 2024-11-21 08:21:30,796 DEBUG [c.c.a.m.AgentManagerImpl] (
> AgentManager-Handler-12:null) (logid:) SeqA 66-404835: Processing Seq
> 66-404835: { Cmd , MgmtId: -1, via: 66, Ver: v1, Flags: 11,
> [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":"243","_loadInfo":"{
> "connections": [],
> "removedSessions": []
> }","wait":"0","bypassHostMaintenance":"false"}}] }
> 2024-11-21 08:21:30,800 DEBUG [c.c.a.m.AgentManagerImpl] (
> AgentManager-Handler-12:null) (logid:) SeqA 66-404835: Sending Seq
> 66-404835: { Ans: , MgmtId: 66988330791813, via: 66, Ver: v1, Flags:
> 100010,
> [{"com.cloud.agent.api.AgentControlAnswer":{"result":"true","wait":"0","bypassHostMaintenance":"false"}}]
> }
> 2024-11-21 08:21:31,174 DEBUG [c.c.s.StatsCollector] (
> StatsCollector-4:ctx-b7a44806) (logid:062229b8) StorageCollector is
> running...
> 2024-11-21 08:21:31,180 DEBUG [c.c.h.o.r.Ovm3HypervisorGuru] (
> StatsCollector-4:ctx-b7a44806) (logid:062229b8) getCommandHostDelegation:
> class com.cloud.agent.api.GetStorageStatsCommand
> 2024-11-21 08:21:31,180 DEBUG [c.c.h.XenServerGuru] (
> StatsCollector-4:ctx-b7a44806) (logid:062229b8) We are returning the
> default host to execute commands because the command is not of Copy type.
>
>
> I followed the upgrade documentation as I always to. And prior to the
> update, I was able to log in successfully. I attempted a few times and
> rebooted cloustack-management a few times too, nothing. I tested other
> admin user accounts too, and none of them are working. Is there anyway
> around this?
> --
> Regards / Groete
>
> <https://www.namhost.com> Granwille Strauss // Senior Systems Admin
>
> *e:* granwi...@namhost.com
> *m:* +264 81 323 1260 <+264813231260>
> *w:* www.namhost.com
>
> <https://www.facebook.com/namhost> <https://twitter.com/namhost>
> <https://www.instagram.com/namhostinternetservices/>
> <https://www.linkedin.com/company/namhost>
> <https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA>
>
> <https://www.namhost.com/your-move>
>
> Namhost Internet Services (Pty) Ltd ,
>
> 24 Black Eagle Rd, Hermanus, 7210, RSA
>
>
>
> The content of this message is confidential. If you have received it by
> mistake, please inform us by email reply and then delete the message. It is
> forbidden to copy, forward, or in any way reveal the contents of this
> message to anyone without our explicit consent. The integrity and security
> of this email cannot be guaranteed over the Internet. Therefore, the sender
> will not be held liable for any damage caused by the message. For our full
> privacy policy and disclaimers, please go to
> https://www.namhost.com/privacy-policy
>
>
> --
> Regards / Groete
>
> <https://www.namhost.com> Granwille Strauss // Senior Systems Admin
>
> *e:* granwi...@namhost.com
> *m:* +264 81 323 1260 <+264813231260>
> *w:* www.namhost.com
>
> <https://www.facebook.com/namhost> <https://twitter.com/namhost>
> <https://www.instagram.com/namhostinternetservices/>
> <https://www.linkedin.com/company/namhost>
> <https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA>
>
> <https://www.namhost.com/your-move>
>
> Namhost Internet Services (Pty) Ltd ,
>
> 24 Black Eagle Rd, Hermanus, 7210, RSA
>
>
>
> The content of this message is confidential. If you have received it by
> mistake, please inform us by email reply and then delete the message. It is
> forbidden to copy, forward, or in any way reveal the contents of this
> message to anyone without our explicit consent. The integrity and security
> of this email cannot be guaranteed over the Internet. Therefore, the sender
> will not be held liable for any damage caused by the message. For our full
> privacy policy and disclaimers, please go to
> https://www.namhost.com/privacy-policy
>
>
