Problems with Spice Unable to Connect to Graphics Server

[jonc]

Has anybody got a resolution for this issue? I'm continuing to see this same error even after Proxmox has been updated with the latest packages which supposedly fix this problem. I've tried connecting from multiple Windows 7 systems all with the same result.

 

[ThomasS]

Three weeks ago user Shadow postet a workaround. Besides there was a comment about an official fix from

This will be fixed in libpve-access-control 3.0-8 and pve-manager 3.1-22

I checked the current versions:

# aptitude versions libpve-access-control pve-manager
Paket libpve-access-control:
i   3.0-6
Paket pve-manager:
i   3.1-3

The solution is: Seems that you have to wait for the already fixed packages.

PS: If you not accessing proxmox from your LAN - did you opened the nescessary ports?

 

[dietmar]

The solution is: Seems that you have to wait for the already fixed packages.

The new packages are already uploaded (please re-check).

 

[ThomasS]

Also if I have no valid subscription? Or is there something wrong with my (normally original installed) configuration?

Linux proxmox 2.6.32-23-pve #1 SMP Tue Aug 6 07:04:06 CEST 2013 x86_64


root@proxmox:~# aptitude update
Treffer http://ftp.de.debian.org wheezy Release.gpg
Treffer http://ftp.de.debian.org wheezy Release
Treffer http://security.debian.org wheezy/updates Release.gpg
Ign https://enterprise.proxmox.com wheezy Release.gpg
Treffer http://ftp.de.debian.org wheezy/main amd64 Packages
Treffer http://security.debian.org wheezy/updates Release
Treffer http://ftp.de.debian.org wheezy/contrib amd64 Packages
Treffer http://security.debian.org wheezy/updates/main amd64 Packages
Treffer http://ftp.de.debian.org wheezy/contrib Translation-en
Treffer http://ftp.de.debian.org wheezy/main Translation-de_DE
Treffer http://security.debian.org wheezy/updates/contrib amd64 Packages
Treffer http://ftp.de.debian.org wheezy/main Translation-de
Treffer http://security.debian.org wheezy/updates/contrib Translation-en
Treffer http://ftp.de.debian.org wheezy/main Translation-en
Treffer http://security.debian.org wheezy/updates/main Translation-en
Ign https://enterprise.proxmox.com wheezy Release
Feh https://enterprise.proxmox.com wheezy/pve-enterprise amd64 Packages
  The requested URL returned error: 401
Ign https://enterprise.proxmox.com wheezy/pve-enterprise Translation-de_DE
Ign https://enterprise.proxmox.com wheezy/pve-enterprise Translation-de
Ign https://enterprise.proxmox.com wheezy/pve-enterprise Translation-en
91% [Arbeite]W: Herunterladen von https://enterprise.proxmox.com/debian/dists/wheezy/pve-enterprise/binary-amd64/Packages fehlgeschlagen: The requested URL returned error: 401
E: Some index files failed to download. They have been ignored, or old ones used instead.
E: Paket-Zwischenspeicher konnte nicht neu erzeugt werden


root@proxmox:~# aptitude full-upgrade
Es werden keine Pakete installiert, aktualisiert oder entfernt.
0 Pakete aktualisiert, 0 zusätzlich installiert, 0 werden entfernt und 0 nicht aktualisiert.
0 B an Archiven müssen heruntergeladen werden. Nach dem Entpacken werden 0 B zusätzlich belegt sein.


root@proxmox:~# aptitude versions libpve-access-control pve-manager
Paket libpve-access-control:
i   3.0-6                                                                     100


Paket pve-manager:
i   3.1-3                                                                     100

 

[jonc]

The new packages are already uploaded (please re-check).

Like I said, I am running the latest packages:

Package libpve-access-control:
i   3.0-8

Package pve-manager:
i   3.1-24

 

[ThomasS]

Mhh, anyhow I do not understand why proxmox isn't gathering the content from the update site. I don't think that I had ever touched the config-files. Nevertheless here are the files where the 'ignored https://enterprise.proxmox.com' is mentioned:

cat /etc/apt/sources.list.d/pve-enterprise.list
> deb https://enterprise.proxmox.com/debian wheezy pve-enterprise

cat /etc/apt/apt.conf.d/75pveconf
>APT
>{
>  NeverAutoRemove
>  {
>        "^pve-kernel-.*";
>  };
>}
>
>
>Acquire::https::enterprise.proxmox.com::CaInfo "/etc/apt/pve-repo-ca-certificates.crt";
>Acquire::https::enterprise.proxmox.com::Verify-Peer "true";

cat /etc/apt/apt.conf.d/76pveproxy
>// no proxy configured

 

[jonc]

Interesting, I also don't have the new Comodo certificate. It just isn't present on the system and this was supposedly part of the most recent update.

 

[dietmar]

Interesting, I also don't have the new Comodo certificate. It just isn't present on the system and this was supposedly part of the most recent update.

see http://pve.proxmox.com/wiki/Package_repositories

 

[jonc]

see http://pve.proxmox.com/wiki/Package_repositories

I'm on the PVE no subscription repo. I don't understand what's going on here, are you trying to say that if I don't have a valid subscription I won't be able to get the Comodo certs?

deb http://ftp.debian.org/debian wheezy main contrib

# PVE pve-no-subscription repository provided by proxmox.com, NOT recommended f$
deb http://download.proxmox.com/debian wheezy pve-no-subscription

# security updates
deb http://security.debian.org/ wheezy/updates main contrib

 

[m.ardito]

I'm on the PVE no subscription repo. I don't understand what's going on here, are you trying to say that if I don't have a valid subscription I won't be able to get the Comodo certs?

in theory this shoud not be the case...

And what is the difference to pve-enterprise? Why should you use pve-enterprise for production servers?

The Proxmox VE Enterprise repository is an additional and NEW offering for our commercial subscribers, introduced with 3.1. It contains packages which are from proven quality as they are already in the pve-no-subscription repository, so these packages are additionally tested on thousands of servers worldwide.

• We move packages from pve-no-subscription to pve-enterprise after some time if everything works as expected.
• So basically the new pve-enterprise repository is expected to have less bugs than the pve-no-subscription repository

Marco

 

[dietmar]

I'm on the PVE no subscription repo. I don't understand what's going on here, are you trying to say that if I don't have a valid subscription I won't be able to get the Comodo certs?

No, the pve-no-subscription repository contains the latest vncterm package.

 

[jonc]

I'm not a developer so I'm just reporting this from a Sysadmin point of view. It's not working. My Proxmox host is a standard setup, nothing unusual about it. There are probably others experiencing the same issue but couldn't care less to report it.

 

[mir]

Did you remember to empty your java cache as well?

 

[pezi]

Hi!
Same problem - BUT in my case the problem was caused by a running SQUID, additional installed on the proxmox node, which use the same port 3128 like the spiceproxy!

Peter

 

[ThomasS]

If I got that right you have to manually set up the update repositorys if you have no subscription. Isn't it possible to configure the proper repository links automatically depending on having a valid subscription or not? Otherwise you would not get updates maybe without taking notice of it.

 

[pezi]

Hi!

My problemes with the graphic server were only related to conflicting ports! No commercial subscription. Only a up-to-date system.

proxmox-ve-2.6.32: 3.1-114 (running kernel: 2.6.32-26-pve)
pve-manager: 3.1-24 (running version: 3.1-24/060bd5a6)
lvm2: 2.02.98-pve4
clvm: 2.02.98-pve4
corosync-pve: 1.4.5-1
openais-pve: 1.1.4-3
libqb0: 0.11.1-2
redhat-cluster-pve: 3.2.0-2
resource-agents-pve: 3.9.2-4
fence-agents-pve: 4.0.0-2
pve-cluster: 3.0-8
qemu-server: 3.1-8
pve-firmware: 1.0-23
libpve-common-perl: 3.0-9
libpve-access-control: 3.0-8
libpve-storage-perl: 3.0-18
pve-libspice-server1: 0.12.4-2
vncterm: 1.1-6
vzctl: 4.0-1pve4
vzprocps: 2.0.11-2
vzquota: 3.1-2
pve-qemu-kvm: 1.4-17
ksm-control-daemon: 1.1-1
glusterfs-client: 3.4.1-1

Peter

 

[externo6]

I get error
GSpice-WARNING **: Socket I/O timed out

Any ideas?

 

[wahmed]

From this morning, i can no longer access "any" VM using SPICE. All was working. Only thing change was i replaced a dead NIC on Node 1 and now i cannot connect SPICE on any node. Everytime it ends up with Unable to connect graphics.

 

[mackpaul1967]

Spice was working perfectly for me then all of a sudden it stopped. I get the "unable to connect to graphics server" I have done some troubleshooting it seems to me, to be an issue with the spiceproxy. I have done a clean install of proxmox/updated and still have the same issue.

I have done everything that this thread has suggested. If I bypass the spiceproxy it works fine.

I think it may be a certificate issue but I cannot prove it. I have used the default certs and have installed my own self-singed certs and still the same issue.

I would like to help figure this out but I 'm not sure where to go from here. Any help would be appreciated.

root@pve123:/tmp# pveversion --verbose
proxmox-ve-2.6.32: 3.1-114 (running kernel: 2.6.32-26-pve)
pve-manager: 3.1-24 (running version: 3.1-24/060bd5a6)
pve-kernel-2.6.32-26-pve: 2.6.32-114
lvm2: 2.02.98-pve4
clvm: 2.02.98-pve4
corosync-pve: 1.4.5-1
openais-pve: 1.1.4-3
libqb0: 0.11.1-2
redhat-cluster-pve: 3.2.0-2
resource-agents-pve: 3.9.2-4
fence-agents-pve: 4.0.0-2
pve-cluster: 3.0-8
qemu-server: 3.1-8
pve-firmware: 1.0-23
libpve-common-perl: 3.0-9
libpve-access-control: 3.0-8
libpve-storage-perl: 3.0-18
pve-libspice-server1: 0.12.4-2
vncterm: 1.1-6
vzctl: 4.0-1pve4
vzprocps: 2.0.11-2
vzquota: 3.1-2
pve-qemu-kvm: 1.4-17
ksm-control-daemon: 1.1-1
glusterfs-client: 3.4.1-1

Z:\>"C:\Program Files\VirtViewer\bin\remote-viewer.exe" spiceproxy.vv --debug


Z:\>(remote-viewer.exe:3944): remote-viewer-DEBUG: Insert window 0 000000000090C
000
(remote-viewer.exe:3944): remote-viewer-DEBUG: fullscreen display 0: 0
(remote-viewer.exe:3944): remote-viewer-DEBUG: Opening display to spiceproxy.vv
(remote-viewer.exe:3944): remote-viewer-DEBUG: Guest spiceproxy.vv has a spice d
isplay
(remote-viewer.exe:3944): remote-viewer-DEBUG: After open connection callback fd
=-1
(remote-viewer.exe:3944): remote-viewer-DEBUG: Opening connection to display at
spiceproxy.vv
(remote-viewer.exe:3944): remote-viewer-DEBUG: New spice channel 000000000096946
0 SpiceMainChannel 0
(remote-viewer.exe:3944): remote-viewer-DEBUG: Checking full screen auto-conf
(remote-viewer.exe:3944): remote-viewer-DEBUG: auto-conf disabled
(remote-viewer.exe:3944): remote-viewer-DEBUG: notebook show status 000000000090
B150


(remote-viewer.exe:3944): GSpice-WARNING **: Socket I/O timed out
(remote-viewer.exe:3944): remote-viewer-DEBUG: main channel: failed to connect
(remote-viewer.exe:3944): remote-viewer-DEBUG: Disposing window 000000000090C000




root@pve123:/tmp# /usr/bin/spiceproxy --debug
23942: ACCEPT FH12 CONN1
23942: CONNECT 100, pve123, 61000
23942: CONNECTed to '127.0.0.1:61000'
close connection AnyEvent::Handle=HASH(0x48a6390)
23942: CLOSE FH12 CONN0




root@pve123:/tmp# tcpdump -i vmbr0 port 3128
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vmbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:34:20.143283 IP cot01.7lsi.local.63191 > pve123.7lsi.local.3128: Flags , seq 1198288517, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
11:34:20.143312 IP pve123.7lsi.local.3128 > cot01.7lsi.local.63191: Flags [S.], seq 1460722967, ack 1198288518, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
11:34:20.143564 IP cot01.7lsi.local.63191 > pve123.7lsi.local.3128: Flags [.], ack 1, win 256, length 0
11:34:20.145221 IP cot01.7lsi.local.63191 > pve123.7lsi.local.3128: Flags [P.], seq 1:245, ack 1, win 256, length 244
11:34:20.145248 IP pve123.7lsi.local.3128 > cot01.7lsi.local.63191: Flags [.], ack 245, win 123, length 0
11:34:20.155573 IP pve123.7lsi.local.3128 > cot01.7lsi.local.63191: Flags [P.], seq 1:18, ack 245, win 123, length 17
11:34:20.354378 IP cot01.7lsi.local.63191 > pve123.7lsi.local.3128: Flags [.], ack 18, win 256, length 0
11:34:30.151409 IP cot01.7lsi.local.63191 > pve123.7lsi.local.3128: Flags [F.], seq 245, ack 18, win 256, length 0
11:34:30.151718 IP pve123.7lsi.local.3128 > cot01.7lsi.local.63191: Flags [F.], seq 18, ack 246, win 123, length 0
11:34:30.151966 IP cot01.7lsi.local.63191 > pve123.7lsi.local.3128: Flags [R.], seq 246, ack 18, win 0, length 0


root@pve123:~# tcpdump -i lo port 61000
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
11:34:20.154885 IP localhost.localdomain.32969 > localhost.localdomain.61000: Flags , seq 803793044, win 32792, options [mss 16396,sackOK,TS val 10472851 ecr 0,nop,wscale 7], length 0
11:34:20.154915 IP localhost.localdomain.61000 > localhost.localdomain.32969: Flags [S.], seq 2900110795, ack 803793045, win 32768, options [mss 16396,sackOK,TS val 10472851 ecr 10472851,nop,wscale 7], length 0
11:34:20.154929 IP localhost.localdomain.32969 > localhost.localdomain.61000: Flags [.], ack 1, win 257, options [nop,nop,TS val 10472851 ecr 10472851], length 0
11:34:30.151647 IP localhost.localdomain.32969 > localhost.localdomain.61000: Flags [F.], seq 1, ack 1, win 257, options [nop,nop,TS val 10482848 ecr 10472851], length 0
11:34:30.151950 IP localhost.localdomain.61000 > localhost.localdomain.32969: Flags [F.], seq 1, ack 2, win 256, options [nop,nop,TS val 10482848 ecr 10482848], length 0
11:34:30.151983 IP localhost.localdomain.32969 > localhost.localdomain.61000: Flags [.], ack 2, win 257, options [nop,nop,TS val 10482848 ecr 10482848], length 0

 

[woodgee]

hello,
same problem here on a win7 vm with spice-guest-tools-0.74.exe, any news ??

(remote-viewer.exe:3944): GSpice-WARNING **: Socket I/O timed out
(remote-viewer.exe:3944): remote-viewer-DEBUG: main channel: failed to connect
(remote-viewer.exe:3944): remote-viewer-DEBUG: Disposing window 000000000090C000


root@pve123:/tmp# /usr/bin/spiceproxy --debug
23942: ACCEPT FH12 CONN1
23942: CONNECT 100, pve123, 61000
23942: CONNECTed to '127.0.0.1:61000'
close connection AnyEvent::Handle=HASH(0x48a6390)
23942: CLOSE FH12 CONN0

pveversion -v
proxmox-ve-2.6.32: 3.2-121 (running kernel: 2.6.32-27-pve)
pve-manager: 3.2-1 (running version: 3.2-1/1933730b)
pve-kernel-2.6.32-27-pve: 2.6.32-121
pve-kernel-2.6.32-24-pve: 2.6.32-111
pve-kernel-2.6.32-25-pve: 2.6.32-113
pve-kernel-2.6.32-26-pve: 2.6.32-114
pve-kernel-2.6.32-23-pve: 2.6.32-109
lvm2: 2.02.98-pve4
clvm: 2.02.98-pve4
corosync-pve: 1.4.5-1
openais-pve: 1.1.4-3
libqb0: 0.11.1-2
redhat-cluster-pve: 3.2.0-2
resource-agents-pve: 3.9.2-4
fence-agents-pve: 4.0.5-1
pve-cluster: 3.0-12
qemu-server: 3.1-15
pve-firmware: 1.1-2
libpve-common-perl: 3.0-14
libpve-access-control: 3.0-11
libpve-storage-perl: 3.0-19
pve-libspice-server1: 0.12.4-3
vncterm: 1.1-6
vzctl: 4.0-1pve4
vzprocps: 2.0.11-2
vzquota: 3.1-2
pve-qemu-kvm: 1.7-4
ksm-control-daemon: 1.1-1
glusterfs-client: 3.4.2-1


thanks
woodgee