Bug 437108 - vnc session to xen closes immediately after upgrade host from f7 to f8
vnc session to xen closes immediately after upgrade host from f7 to f8
Product: Fedora
Classification: Fedora
Component: xen (Show other bugs)
i686 Linux
low Severity medium
: ---
: ---
Assigned To: Xen Maintainance List
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-03-12 10:09 EDT by Christian Exner
Modified: 2009-01-09 01:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-01-09 01:10:16 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Christian Exner 2008-03-12 10:09:21 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv: Gecko/20070309 Firefox/

Description of problem:
After upgrade my xen host from f7 to f8, i will no longer be able to connect to vm-consoles via vnc. It seems, that this functionality in f8 is delivered bei qemu-dm instead of <missing binary name> in f7 used.

Maybe my problem is caused by some missing vnc/ vnc-security/ vnc-crypto configuration parameters in /etc/xen/xend-config.sxp but i am not able to resolve this due to missing documentation. Non-encrypted connections are ok for me.

All guests are f8 in different patch levels running in pv mode.

- UltraVnc Viewer on Win-Client will pop up and disappear immediately. No chance to read any message.

- TightVnc Viewer will immediately pop up "Connection closed". In another window viewer tells me "Status: Security type requested".

- virt-viewer does not appear. x-server running under win only gives me a short beep. Only message on console is: "libvir: Remote Fehler : Datei oder Verzeichnis nicht gefunden<cr> libvir: Warnung : Netzwerk wurde nicht gefunden: Is the daemon runnning ?". This message also appears on some virsh commands but never was a problem i think.

Version-Release number of selected component (if applicable):
kernel-xen-; xen-libs-3.1.2-2.fc8; xen-3.1.2-2.fc8; libvirt-python-0.4.0-4.fc8; virt-viewer-0.0.2-2.fc8; libvirt-0.4.0-4.fc8; python-virtinst-0.300.2-3.fc8; virt-manager-0.5.3-1.fc8

How reproducible:

Steps to Reproduce:
1. Start vnc viewer
2. connect to (,, Problem exists on all Display's (1..7)

Actual Results:
vnc viewer pops up and disappears immediately (tight vnc viewer shows above described message)

Expected Results:
vnc viewer pops up, stay and shows the console of a pv guest machine.

Additional info:
Xend-Configuration in /etc/xen/xend-config.sxp:

# Xend configuration file.

# This example configuration is appropriate for an installation that
# utilizes a bridged network configuration. Access to xend via http
# is disabled.

# Commented out entries show the default for that entry, unless otherwise
# specified.

#(logfile /var/log/xen/xend.log)
#(loglevel DEBUG)

# The Xen-API server configuration.  (Please note that this server is
# available as an UNSUPPORTED PREVIEW in Xen 3.0.4, and should not be relied
# upon).
# This value configures the ports, interfaces, and access controls for the
# Xen-API server.  Each entry in the list starts with either unix, a port
# number, or an address:port pair.  If this is "unix", then a UDP socket is
# opened, and this entry applies to that.  If it is a port, then Xend will
# listen on all interfaces on that TCP port, and if it is an address:port
# pair, then Xend will listen on the specified port, using the interface with
# the specified address.
# The subsequent string configures the user-based access control for the
# listener in question.  This can be one of "none" or "pam", indicating either
# that users should be allowed access unconditionally, or that the local
# Pluggable Authentication Modules configuration should be used.  If this
# string is missing or empty, then "pam" is used.
# The final string gives the host-based access control for that listener. If
# this is missing or empty, then all connections are accepted.  Otherwise,
# this should be a space-separated sequence of regular expressions; any host
# with a fully-qualified domain name or an IP address that matches one of
# these regular expressions will be accepted.
# Example: listen on TCP port 9363 on all interfaces, accepting connections
# only from machines in example.com or localhost, and allow access through
# the unix domain socket unconditionally:
#   (xen-api-server ((9363 pam '^localhost$ example\\.com$')
#                    (unix none)))
# Optionally, the TCP Xen-API server can use SSL by specifying the private
# key and certificate location:
#                    (9367 pam '' /etc/xen/xen-api.key /etc/xen/xen-api.crt)
# Default:
#   (xen-api-server ((unix)))

#(xend-http-server yes)
(xend-unix-server yes)
#(xend-tcp-xmlrpc-server no)
#(xend-unix-xmlrpc-server yes)
#(xend-relocation-server no)
# The relocation server should be kept desactivated unless using a trusted
# network, the domain virtual memory will be exchanged in raw form without
# encryption of the communication. See also xend-relocation-hosts-allow option

(xend-unix-path /var/lib/xend/xend-socket)

# Address and port xend should use for the legacy TCP XMLRPC interface,
# if xen-tcp-xmlrpc-server is set.
#(xen-tcp-xmlrpc-server-address 'localhost')
#(xen-tcp-xmlrpc-server-port 8006)

# SSL key and certificate to use for the legacy TCP XMLRPC interface.
# Setting these will mean that this port serves only SSL connections as
# opposed to plaintext ones.
#(xend-tcp-xmlrpc-server-ssl-key-file  /etc/xen/xmlrpc.key)
#(xend-tcp-xmlrpc-server-ssl-cert-file /etc/xen/xmlrpc.crt)

# Port xend should use for the HTTP interface, if xend-http-server is set.
#(xend-port            8000)

# Port xend should use for the relocation interface, if xend-relocation-server
# is set.
#(xend-relocation-port 8002)

# Address xend should listen on for HTTP connections, if xend-http-server is
# set.
# Specifying 'localhost' prevents remote connections.
# Specifying the empty string '' (the default) allows all connections.
(xend-address '')
#(xend-address localhost)

# Address xend should listen on for relocation-socket connections, if
# xend-relocation-server is set.
# Meaning and default as for xend-address above.
#(xend-relocation-address '')

# The hosts allowed to talk to the relocation port.  If this is empty (the
# default), then all connections are allowed (assuming that the connection
# arrives on a port and interface on which we are listening; see
# xend-relocation-port and xend-relocation-address above).  Otherwise, this
# should be a space-separated sequence of regular expressions.  Any host with
# a fully-qualified domain name or an IP address that matches one of these
# regular expressions will be accepted.
# For example:
#  (xend-relocation-hosts-allow '^localhost$ ^.*\\.example\\.org$')
#(xend-relocation-hosts-allow '')
(xend-relocation-hosts-allow '^localhost$ ^localhost\\.localdomain$')

# The limit (in kilobytes) on the size of the console buffer
#(console-limit 1024)

# To bridge network traffic, like this:
# dom0: ----------------- bridge -> real eth0 -> the network
#                            |
# domU: fake eth0 -> vifN.0 -+
# use
# (network-script network-bridge)
# Your default ethernet device is used as the outgoing interface, by default.
# To use a different one (e.g. eth1) use
# (network-script 'network-bridge netdev=eth1')
# The bridge is named xenbr0, by default.  To rename the bridge, use
# (network-script 'network-bridge bridge=<name>')
# It is possible to use the network-bridge script in more complicated
# scenarios, such as having two outgoing interfaces, with two bridges, and
# two fake interfaces per guest domain.  To do things like this, write
# yourself a wrapper script, and call network-bridge from it, as appropriate.
#(network-script network-bridge)
(network-script /bin/true)

#### LAPTOP USERS ! #####
# For laptops, or machines where network interfaces come/go on-the-fly,
# or are otherwise managed by NetworkManager, comment out the above line.
# Then, uncomment the line below, and use libvirt's virtual networking
# capability which sets up a isolated bridge + NAT forwarding
#(network-script /bin/true)
#### LAPTOP USERS ! #####

# The script used to control virtual interfaces.  This can be overridden on a
# per-vif basis when creating a domain or a configuring a new vif.  The
# vif-bridge script is designed for use with the network-bridge script, or
# similar configurations.
# If you have overridden the bridge name using
# (network-script 'network-bridge bridge=<name>') then you may wish to do the
# same here.  The bridge name can also be set when creating a domain or
# configuring a new vif, but a value specified here would act as a default.
# If you are using only one bridge, the vif-bridge script will discover that,
# so there is no need to specify it explicitly.
(vif-script vif-bridge)

## Use the following if network traffic is routed, as an alternative to the
# settings for bridged networking given above.
# NB: Obsolete. See note above for LAPTOP USERS
#(network-script network-route)
#(vif-script     vif-route)

## Use the following if network traffic is routed with NAT, as an alternative
# to the settings for bridged networking given above.
# NB: Obsolete. See note above for LAPTOP USERS
#(network-script network-nat)
#(vif-script     vif-nat)

# Dom0 will balloon out when needed to free memory for domU.
# dom0-min-mem is the lowest memory level (in MB) dom0 will get down to.
# If dom0-min-mem=0, dom0 will never balloon out.
(dom0-min-mem 256)

# In SMP system, dom0 will use dom0-cpus # of CPUS
# If dom0-cpus = 0, dom0 will take all cpus available
(dom0-cpus 0)

# Whether to enable core-dumps when domains crash.
#(enable-dump no)

# The tool used for initiating virtual TPM migration
#(external-migration-tool '')

# The interface for VNC servers to listen on. Defaults
# to  To restore old 'listen everywhere' behaviour
# set this to
(vnc-listen '')

# The default password for VNC console on HVM domain.
# Empty string is no authentication.
(vncpasswd 'blah')

# The default keymap to use for the VM's virtual keyboard
# when not specififed in VM's configuration
(keymap 'en-us')
#(keymap 'de-DE')

# The VNC server can be told to negotiate a TLS session
# to encryption all traffic, and provide x509 cert to
# clients enalbing them to verify server identity. The
# GTK-VNC widget, virt-viewer, virt-manager and VeNCrypt
# all support the VNC extension for TLS used in QEMU. The
# TightVNC/RealVNC/UltraVNC clients do not.
# To enable this create x509 certificates / keys in the
# directory /etc/xen/vnc
#  ca-cert.pem       - The CA certificate
#  server-cert.pem   - The Server certificate signed by the CA
#  server-key.pem    - The server private key
# and then uncomment this next line
#(vnc-tls 0)
#(vnc-tls 1)
# The certificate dir can be pointed elsewhere..
# (vnc-x509-cert-dir /etc/xen/vnc)
# The server can be told to request & validate an x509
# certificate from the client. Only clients with a cert
# signed by the trusted CA will be able to connect. This
# is more secure the password auth alone. Passwd auth can
# used at the same time if desired. To enable client cert
# checking uncomment this:
# (vnc-x509-verify 1)

xml configuration file used with virsh:

<domain type='xen' id='27'>
    <interface type='bridge'>
      <source bridge='br2-dmz'/>
      <mac address='00:16:3e:2c:93:33'/>
      <script path='vif-bridge'/>
    <graphics type='vnc' port='5903'/>
    <disk type='block' device='disk'>
      <driver name='phy'/>
      <source dev='VolGroup01/lv_mail-01_xvda'/>
      <target dev='xvda'/>
    <disk type='block' device='disk'>
      <driver name='phy'/>
      <source dev='VolGroup01/lv_mail-01_xvdb'/>
      <target dev='xvdb'/>
    <disk type='block' device='disk'>
      <driver name='phy'/>
      <source dev='VolGroup01/lv_mail-01_swap'/>
      <target dev='xvdc'/>
    <console tty='/dev/pts/0'/>
Comment 1 Bug Zapper 2008-11-26 05:08:08 EST
This message is a reminder that Fedora 8 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 8.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '8'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 8's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 8 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
Comment 2 Bug Zapper 2009-01-09 01:10:16 EST
Fedora 8 changed to end-of-life (EOL) status on 2009-01-07. Fedora 8 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.