Hi NischalThank you, I went ahead and pleased to confirm the mentioned work around worked. Thank you very much.
On 11/21/24 08:58, Nischal P wrote:
Hi Granwille You could perform the step to set the parameter for enable.secure.session.cookie as false and restart the services. I think that should solve the issue, If you still face issues, you can report back. On Thu, Nov 21, 2024 at 12:21 PM Granwille Strauss <granwi...@namhost.com.invalid> wrote:Sorry, here's an additional extract from the management log I missed: 2024-11-21 08:45:49,676 DEBUG [c.c.a.ApiServlet] ( qtp1002191352-377:ctx-e40381da) (logid:a03bee2e) ===START=== MYPERSONALIP -- GET codefor2fa=431393&command=validateUserTwoFactorAuthenticationCode&response=json&sessionkey=Ra4WZrj9gF8X4N5f-dp97ojamzM 2024-11-21 08:45:49,676 DEBUG [c.c.a.ApiServlet] ( qtp1002191352-377:ctx-e40381da) (logid:a03bee2e) Verifying two factor authentication 2024-11-21 08:45:49,680 INFO [o.a.c.a.TotpUserTwoFactorAuthenticator] ( qtp1002191352-377:ctx-e40381da) (logid:a03bee2e) 2FA matches user's input 2024-11-21 08:45:49,682 ERROR [c.c.u.HttpUtils] ( qtp1002191352-377:ctx-e40381da) (logid:a03bee2e) JSESSIONID from cookie is invalid. 2024-11-21 08:45:49,682 DEBUG [c.c.a.ApiSessionListener] ( qtp1002191352-377:ctx-e40381da) (logid:a03bee2e) Session destroyed by Id : node01c0ywb03y2om96eklwssoc8fb4 , session: Session@5e69e572{id=node01c0ywb03y2om96eklwssoc8fb4,x=node01c0ywb03y2om96eklwssoc8fb4.node0,req=1,res=true} , source: Session@5e69e572{id=node01c0ywb03y2om96eklwssoc8fb4,x=node01c0ywb03y2om96eklwssoc8fb4.node0,req=1,res=true} , event: javax.servlet.http.HttpSessionEvent[source=Session@5e69e572 {id=node01c0ywb03y2om96eklwssoc8fb4,x=node01c0ywb03y2om96eklwssoc8fb4.node0,req=1,res=true}] Would this solve the issue perhaps: https://github.com/apache/cloudstack/issues/9848#issuecomment-2437218354 I just want to verify before I actually run the command in the DB. On 11/21/24 08:33, Granwille Strauss wrote: Good Day I upgraded to 4.19.1.3 today from 41.19.1.1, and for some reason I cannot access the UI with my admin account, as 2FA is failing to verify. Error on the UI reads: - Unable to verify 2FA with provided code, please retry Cloudstack management log: tail -fn0 management-server.log 2024-11-21 08:21:29,439 DEBUG [o.a.c.h.HAManagerImpl] ( BackgroundTaskPollManager-2:ctx-7e5d09b8) (logid:dbd27c4c) HA health check task is running... 2024-11-21 08:21:30,392 DEBUG [c.c.a.ApiServlet] ( qtp1002191352-332:ctx-4074b039) (logid:defc7041) ===START=== MYPERSONALIP -- GET codefor2fa=349648&command=validateUserTwoFactorAuthenticationCode&response=json&sessionkey=3JmLr3LEqBZL1NV-Hfk4mH-tsjA 2024-11-21 08:21:30,393 DEBUG [c.c.a.ApiServlet] ( qtp1002191352-332:ctx-4074b039) (logid:defc7041) Verifying two factor authentication 2024-11-21 08:21:30,398 DEBUG [c.c.a.ApiSessionListener] ( qtp1002191352-332:ctx-4074b039) (logid:defc7041) Session destroyed by Id : node019szb4zxdd91rtp9lsbxdj5761 , session: Session@de3eebc{id=node019szb4zxdd91rtp9lsbxdj5761,x=node019szb4zxdd91rtp9lsbxdj5761.node0,req=1,res=true} , source: Session@de3eebc{id=node019szb4zxdd91rtp9lsbxdj5761,x=node019szb4zxdd91rtp9lsbxdj5761.node0,req=1,res=true} , event: javax.servlet.http.HttpSessionEvent[source=Session@de3eebc {id=node019szb4zxdd91rtp9lsbxdj5761,x=node019szb4zxdd91rtp9lsbxdj5761.node0,req=1,res=true}] 2024-11-21 08:21:30,398 DEBUG [c.c.a.ApiServlet] ( qtp1002191352-332:ctx-4074b039) (logid:defc7041) ===END=== MYPERSONALIP -- GET codefor2fa=349648&command=validateUserTwoFactorAuthenticationCode&response=json&sessionkey=3JmLr3LEqBZL1NV-Hfk4mH-tsjA 2024-11-21 08:21:30,446 DEBUG [c.c.a.ApiServlet] ( qtp1002191352-333:ctx-85d71c7f) (logid:b11a725a) ===START=== MYPERSONALIP -- GET command=logout&response=json 2024-11-21 08:21:30,446 DEBUG [c.c.a.ApiServlet] ( qtp1002191352-333:ctx-85d71c7f) (logid:b11a725a) ===END=== MYPERSONALIP -- GET command=logout&response=json 2024-11-21 08:21:30,537 DEBUG [c.c.a.ApiServlet] ( qtp1002191352-332:ctx-ca7c22b5) (logid:39a1f14b) ===START=== MYPERSONALIP -- GET command=listIdps&response=json 2024-11-21 08:21:30,537 DEBUG [c.c.a.ApiServlet] ( qtp1002191352-330:ctx-d3860219) (logid:0ffdd348) ===START=== MYPERSONALIP -- GET command=listOauthProvider&response=json 2024-11-21 08:21:30,537 DEBUG [c.c.a.ApiServer] ( qtp1002191352-332:ctx-ca7c22b5 ctx-0c2f8fe1) (logid:39a1f14b) The given command listIdps either does not exist, is not available for user, or not available from ip address 'MYPERSONALIP'. 2024-11-21 08:21:30,537 DEBUG [c.c.a.ApiServlet] ( qtp1002191352-332:ctx-ca7c22b5 ctx-0c2f8fe1) (logid:39a1f14b) ===END=== MYPERSONALIP -- GET command=listIdps&response=json 2024-11-21 08:21:30,539 DEBUG [c.c.a.ApiServlet] ( qtp1002191352-330:ctx-d3860219) (logid:0ffdd348) ===END=== MYPERSONALIP -- GET command=listOauthProvider&response=json 2024-11-21 08:21:30,796 DEBUG [c.c.a.m.AgentManagerImpl] ( AgentManager-Handler-12:null) (logid:) SeqA 66-404835: Processing Seq 66-404835: { Cmd , MgmtId: -1, via: 66, Ver: v1, Flags: 11, [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":"243","_loadInfo":"{ "connections": [], "removedSessions": [] }","wait":"0","bypassHostMaintenance":"false"}}] } 2024-11-21 08:21:30,800 DEBUG [c.c.a.m.AgentManagerImpl] ( AgentManager-Handler-12:null) (logid:) SeqA 66-404835: Sending Seq 66-404835: { Ans: , MgmtId: 66988330791813, via: 66, Ver: v1, Flags: 100010, [{"com.cloud.agent.api.AgentControlAnswer":{"result":"true","wait":"0","bypassHostMaintenance":"false"}}] } 2024-11-21 08:21:31,174 DEBUG [c.c.s.StatsCollector] ( StatsCollector-4:ctx-b7a44806) (logid:062229b8) StorageCollector is running... 2024-11-21 08:21:31,180 DEBUG [c.c.h.o.r.Ovm3HypervisorGuru] ( StatsCollector-4:ctx-b7a44806) (logid:062229b8) getCommandHostDelegation: class com.cloud.agent.api.GetStorageStatsCommand 2024-11-21 08:21:31,180 DEBUG [c.c.h.XenServerGuru] ( StatsCollector-4:ctx-b7a44806) (logid:062229b8) We are returning the default host to execute commands because the command is not of Copy type. I followed the upgrade documentation as I always to. And prior to the update, I was able to log in successfully. I attempted a few times and rebooted cloustack-management a few times too, nothing. I tested other admin user accounts too, and none of them are working. Is there anyway around this? -- Regards / Groete <https://www.namhost.com> Granwille Strauss // Senior Systems Admin *e:* granwi...@namhost.com *m:* +264 81 323 1260 <+264813231260> *w:* www.namhost.com <https://www.facebook.com/namhost> <https://twitter.com/namhost> <https://www.instagram.com/namhostinternetservices/> <https://www.linkedin.com/company/namhost> <https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA> <https://www.namhost.com/your-move> Namhost Internet Services (Pty) Ltd , 24 Black Eagle Rd, Hermanus, 7210, RSA The content of this message is confidential. If you have received it by mistake, please inform us by email reply and then delete the message. It is forbidden to copy, forward, or in any way reveal the contents of this message to anyone without our explicit consent. The integrity and security of this email cannot be guaranteed over the Internet. Therefore, the sender will not be held liable for any damage caused by the message. For our full privacy policy and disclaimers, please go to https://www.namhost.com/privacy-policy -- Regards / Groete <https://www.namhost.com> Granwille Strauss // Senior Systems Admin *e:* granwi...@namhost.com *m:* +264 81 323 1260 <+264813231260> *w:* www.namhost.com <https://www.facebook.com/namhost> <https://twitter.com/namhost> <https://www.instagram.com/namhostinternetservices/> <https://www.linkedin.com/company/namhost> <https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA> <https://www.namhost.com/your-move> Namhost Internet Services (Pty) Ltd , 24 Black Eagle Rd, Hermanus, 7210, RSA The content of this message is confidential. If you have received it by mistake, please inform us by email reply and then delete the message. It is forbidden to copy, forward, or in any way reveal the contents of this message to anyone without our explicit consent. The integrity and security of this email cannot be guaranteed over the Internet. Therefore, the sender will not be held liable for any damage caused by the message. For our full privacy policy and disclaimers, please go to https://www.namhost.com/privacy-policy
-- Regards / Groete <https://www.namhost.com> Granwille Strauss // Senior Systems Admin *e:* granwi...@namhost.com *m:* +264 81 323 1260 <tel:+264813231260> *w:* www.namhost.com <https://www.namhost.com/><https://www.facebook.com/namhost> <https://twitter.com/namhost> <https://www.instagram.com/namhostinternetservices/> <https://www.linkedin.com/company/namhost> <https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA>
<https://www.namhost.com/your-move> Namhost Internet Services (Pty) Ltd , 24 Black Eagle Rd, Hermanus, 7210, RSA
The content of this message is confidential. If you have received it by mistake, please inform us by email reply and then delete the message. It is forbidden to copy, forward, or in any way reveal the contents of this message to anyone without our explicit consent. The integrity and security of this email cannot be guaranteed over the Internet. Therefore, the sender will not be held liable for any damage caused by the message. For our full privacy policy and disclaimers, please go to https://www.namhost.com/privacy-policy
smime.p7s
Description: S/MIME Cryptographic Signature
