[SOLVED] Unable to securely connect to host after fresh install

[king-pig]

Hi all,

I've just setup a new Proxmox host for personal use at home and am unable to SSH to the assigned static IP or access the web GUI. I am able to ping the Proxmox host however.

When I run curl -Lkvv https://192.168.1.192:8006 on the host it downloads the login page successfully, when running it on a second PC, I get the following;

curl -Lkvv https://192.168.1.192:8006
* Rebuilt URL to: https://192.168.1.192:8006/
*   Trying 192.168.1.192...
* TCP_NODELAY set
* Connected to 192.168.1.192 (192.168.1.192) port 8006 (#0)
* schannel: SSL/TLS connection with 192.168.1.192 port 8006 (step 1/3)
* schannel: disabled server certificate revocation checks
* schannel: verifyhost setting prevents Schannel from comparing the supplied target name with the subject names in server certificates.
* schannel: using IP address, SNI is not supported by OS.
* schannel: sending initial handshake data: sending 153 bytes...
* schannel: sent initial handshake data: sent 153 bytes
* schannel: SSL/TLS connection with 192.168.1.192 port 8006 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with 192.168.1.192 port 8006 (step 2/3)
* schannel: failed to receive handshake, SSL/TLS connection failed
* Closing connection 0
* schannel: shutting down SSL/TLS connection with 192.168.1.192 port 8006
* Send failure: Connection was reset
* schannel: failed to send close msg: Failed sending data to the peer (bytes written: -1)
* schannel: clear security context handle
curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed

Attempting to access SSH gives the below

ssh root@192.168.1.192
ssh_exchange_identification: read: Connection timed out

Pinging the host works fine.

ping 192.168.1.192

Pinging 192.168.1.192 with 32 bytes of data:
Reply from 192.168.1.192: bytes=32 time=2ms TTL=63
Reply from 192.168.1.192: bytes=32 time=1ms TTL=63
Reply from 192.168.1.192: bytes=32 time=1ms TTL=63

When accessing the web GUI through Firefox, I get "Secure Connection Failed - An error occurred during a connection to 192.168.1.192:8006. PR_CONNECT_RESET_ERROR" while Chrome gives "ERR_CONNECTION_RESET"

I've run "pvecm updatecerts -f" and followed the steps here with no change. I've also tried a reinstall, multiple browsers and a second device to no avail.

Let me know if you need any further detail to help.

Thanks!

 

[apoc]

Have you checked your system is in time sync?

 

[king-pig]

Have you checked your system is in time sync?

yeah, good call, thanks! I did actually, just neglected to mention it in the OP

running date gave me the correct time & timezone, so I think the host was able to get the correct time using NTP. I was also able to run curl https://www.google.com from the host without any issue, so seems I can at least establish an outbound SSL connection.

 

[apoc]

Strange. I guess you already tried rebooting the machine a few times?
Have you multiple NICs in a bond?
Have you tried only one NIC connected?
Also try resetting your switch.
My HP 1800-48 hangs himself after a few months of uptime. Symptoms are the same you describe...

 

[apoc]

Oh and a misconfigured LACP trunk also can have nasty side effects

 

[king-pig]

Ended up getting it working, although not sure how things went wrong in the first place...

When I installed Proxmox, the I set the IP/CIDR to 192.168.1.192/26 and this was then set as the address in /etc/network/interfaces. Removing the '/26' and rebooting got it working.

So not sure, why the installer prompted for an IP range and stuck that in the interfaces file if it was going to cause issues? May be relevant, but I did run the first install with no network connection (easier access to a monitor) so that may have played into this.

Thanks for responding!