d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
be14693184f1d8f9c5f31c7e10959a9ce2180ac7
proxmox/reports/PROXMOX_GUI_ISSUES_REVIEW.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

15 KiB
Raw Blame History

Proxmox VE GUI Issues and Errors - Comprehensive Review

Date: 2026-01-06
Status: REVIEW COMPLETE

Executive Summary

This document provides a comprehensive review of all Proxmox VE GUI (web interface) issues and errors found in the codebase. The review covers:

  • SSL certificate errors (Error 596)
  • pveproxy worker crashes
  • Web interface accessibility issues
  • Hostname resolution problems
  • Cluster filesystem issues
  • Browser connection errors

Key Findings:

  • Most issues have been resolved
  • ⚠️ Some nodes may still have connectivity issues (r630-03, r630-04)
  • Fix scripts available for common issues
  • Comprehensive documentation exists for troubleshooting

1. SSL Certificate Error 596

Issue Description

Error Message: Connection error 596: error:0A000086:SSL routines::certificate verify failed

Symptoms:

  • Proxmox VE UI displays connection error 596
  • Web interface cannot connect to Proxmox API
  • Browser shows SSL certificate verification failure

Affected Nodes:

  • ml110 (192.168.11.10)
  • r630-01 (192.168.11.11)
  • r630-02 (192.168.11.12)
  • r630-03 (192.168.11.13) - potentially
  • r630-04 (192.168.11.14) - potentially

Status: FIXED (on ml110, r630-01, r630-02)

Root Causes

  1. SSL certificates expired or invalid
  2. Cluster certificates out of sync
  3. Certificate chain broken
  4. System time incorrect (certificates are time-sensitive)

Solution Applied

Command:

pvecm updatecerts -f
systemctl restart pveproxy pvedaemon

What it does:

  • Forces regeneration of all cluster SSL certificates
  • Updates certificate chain
  • Regenerates node-specific certificates
  • Updates root CA certificate if needed
  • Syncs certificates across cluster nodes

Fix Script: scripts/fix-ssl-certificate-error-596.sh

Usage:

# Fix all nodes
./scripts/fix-ssl-certificate-error-596.sh all

# Fix specific node
./scripts/fix-ssl-certificate-error-596.sh ml110
./scripts/fix-ssl-certificate-error-596.sh r630-01

After Fixing

  1. Clear browser cache and cookies

    • Chrome/Edge: Settings → Privacy → Clear browsing data → Advanced → "Cached images and files"
    • Firefox: Settings → Privacy & Security → Clear Data → "Cached Web Content"

  2. Access Proxmox UI

    • URL: https://<node-ip>:8006
    • Example: https://192.168.11.10:8006

  3. Accept certificate warning (if prompted)

    • First-time access may show a security warning
    • Click "Advanced" → "Proceed to site"
    • This is normal for self-signed certificates in Proxmox

Documentation

  • docs/archive/reports/SSL_CERTIFICATE_ERROR_596_FIX.md
  • reports/PROXMOX_SSL_CERTIFICATE_FIX_COMPLETE.md
  • reports/PROXMOX_SSL_FIX_COMPLETE.md

2. pveproxy Worker Crashes

Issue Description

Error: pveproxy workers are crashing/exiting

Symptoms:

  • Web interface not accessible (HTTP Status: 000)
  • pveproxy service shows workers exiting
  • Port 8006 may not be listening
  • Browser cannot connect to Proxmox web interface

Affected Nodes:

  • r630-01 (192.168.11.11) - RESOLVED
  • r630-02 (192.168.11.12) - RESOLVED
  • r630-04 (192.168.11.14) - POTENTIALLY AFFECTED

Status: RESOLVED (on r630-01, r630-02)

Root Causes

2.1 SSL Certificate/Key Loading Failure

Error: /etc/pve/local/pve-ssl.key: failed to load local private key

Causes:

  1. Cluster filesystem not mounted (/etc/pve is a FUSE filesystem)
  2. Corrupted SSL certificates
  3. Wrong file permissions
  4. pve-cluster service down

2.2 Hostname Resolution Failure

Error: Unable to resolve node name 'pve' to a non-loopback IP address - missing entry in '/etc/hosts' or DNS?

Impact:

  • pve-cluster service fails
  • /etc/pve filesystem not mounting
  • SSL certificates not accessible
  • pveproxy workers crashing

Solution: Fixed by adding proper entries to /etc/hosts

Solution Applied

Fix 1: Hostname Resolution

Script: scripts/fix-proxmox-hostname-resolution.sh

What it did:

  • Added proper entries to /etc/hosts on both hosts
  • Ensured hostnames resolve to their actual IP addresses (not loopback)
  • Added both current hostname (pve/pve2) and correct hostname (r630-01/r630-02)

Example /etc/hosts entries:

192.168.11.11    pve pve.sankofa.nexus r630-01 r630-01.sankofa.nexus
192.168.11.12    pve2 pve2.sankofa.nexus r630-02 r630-02.sankofa.nexus

Fix 2: SSL and Cluster Service

Script: scripts/fix-proxmox-ssl-cluster.sh

What it did:

  • Regenerated SSL certificates
  • Restarted all Proxmox services in correct order
  • Verified service status

Results:

  • All services running
  • Web interface accessible (HTTP 200)
  • No worker exit errors

Diagnostic Commands

# Check pveproxy service status
systemctl status pveproxy --no-pager -l

# Check recent logs
journalctl -u pveproxy --no-pager -n 100

# Check for worker exits
journalctl -u pveproxy -n 50 | grep -E "worker exit|failed to load"

# Check port 8006
ss -tlnp | grep 8006

# Check cluster status
pvecm status

Documentation

  • docs/archive/historical/PROXMOX_PVE_PVE2_ISSUES.md
  • docs/archive/completion/PROXMOX_PVE_PVE2_FIX_COMPLETE.md
  • docs/09-troubleshooting/R630-04-PROXMOX-TROUBLESHOOTING.md

3. Cluster Filesystem Issues

Issue Description

Error: pve-cluster service failed

Symptoms:

  • pmxcfs exited with status 255/EXCEPTION
  • /etc/pve filesystem not mounted
  • SSL certificates not accessible
  • Cluster configuration not accessible

Affected Nodes:

  • r630-01 (192.168.11.11) - RESOLVED
  • r630-02 (192.168.11.12) - RESOLVED

Status: RESOLVED

Root Cause

Hostname resolution failure - The pve-cluster service could not resolve the hostname to a non-loopback IP address.

Error Message:

Unable to resolve node name 'pve' to a non-loopback IP address - missing entry in '/etc/hosts' or DNS?

Solution Applied

  1. Fixed hostname resolution in /etc/hosts
  2. Restarted pve-cluster service
  3. Verified /etc/pve filesystem mounted

Verification

# Check cluster service
systemctl status pve-cluster

# Check /etc/pve mount
mount | grep /etc/pve
df -h /etc/pve

# Check cluster status
pvecm status

Documentation

  • docs/archive/completion/PROXMOX_PVE_PVE2_FIX_COMPLETE.md

4. Web Interface Accessibility Issues

Issue Description

Symptoms:

  • Web interface not accessible on port 8006
  • Browser shows connection refused or timeout
  • HTTP Status: 000
  • Cannot access Proxmox UI

Affected Nodes:

  • r630-03 (192.168.11.13) - NOT REACHABLE (server appears unplugged)
  • r630-04 (192.168.11.14) - ACCESSIBILITY ISSUES (pveproxy issue)

Status: ⚠️ ONGOING (r630-03, r630-04)

Root Causes

4.1 Server Not Reachable (r630-03)

  • Ping Status: NOT REACHABLE
  • SSH Status: Not accessible
  • Web UI Status: Not accessible
  • Issue: Server appears to be unplugged or powered off

Action Required:

  1. Verify power cable is connected
  2. Verify network cable is connected
  3. Check network switch port status
  4. Wait 1-2 minutes for server to boot after plugging in

4.2 pveproxy Issue (r630-04)

  • Ping Status: REACHABLE
  • SSH Status: ⚠️ Authentication failing
  • Web UI Status: ⚠️ Not accessible (pveproxy issue)

Action Required:

  1. Access server via console/iDRAC
  2. Reset root password
  3. Fix SSH configuration
  4. Fix Proxmox Web UI (pveproxy)
  5. Verify cluster membership

Diagnostic Commands

# Check connectivity
ping -c 3 192.168.11.13
ping -c 3 192.168.11.14

# Check SSH
ssh root@192.168.11.13
ssh root@192.168.11.14

# Check web interface
curl -k -I https://192.168.11.13:8006/
curl -k -I https://192.168.11.14:8006/

# Check pveproxy service
ssh root@192.168.11.14 "systemctl status pveproxy"

Documentation

  • reports/status/R630_03_04_CONNECTIVITY_STATUS.md
  • docs/09-troubleshooting/R630-04-PROXMOX-TROUBLESHOOTING.md

5. Browser Connection Errors

Issue Description

Common Browser Errors:

  1. Connection refused
  2. Connection timeout
  3. SSL certificate error
  4. HTTP Status: 000
  5. ERR_CONNECTION_REFUSED
  6. ERR_CONNECTION_TIMED_OUT

Solutions

5.1 Clear Browser Cache

Chrome/Edge:

  1. Settings → Privacy → Clear browsing data
  2. Advanced → Select "Cached images and files"
  3. Clear data

Firefox:

  1. Settings → Privacy & Security → Clear Data
  2. Select "Cached Web Content"
  3. Clear Now

5.2 Clear SSL State

Chrome/Edge:

  1. Settings → Privacy → Clear browsing data
  2. Advanced → Select "Cached images and files"
  3. Clear data

Firefox:

  1. Settings → Privacy & Security → Clear Data
  2. Select "Cached Web Content"
  3. Clear Now

5.3 Access via IP Address

Instead of using hostname, try accessing directly via IP:

https://192.168.11.10:8006
https://192.168.11.11:8006
https://192.168.11.12:8006

5.4 Check System Time

# Check system time
date

# If wrong, sync time
systemctl restart systemd-timesyncd

5.5 Accept Certificate Warning

  • First-time access may show a security warning
  • Click "Advanced" → "Proceed to site"
  • This is normal for self-signed certificates in Proxmox

6. Fix Scripts Available

6.1 SSL Certificate Fix Scripts

scripts/fix-ssl-certificate-error-596.sh

Purpose: Fix SSL certificate error 596

Usage:

# Fix all nodes
./scripts/fix-ssl-certificate-error-596.sh all

# Fix specific node
./scripts/fix-ssl-certificate-error-596.sh ml110
./scripts/fix-ssl-certificate-error-596.sh r630-01

scripts/fix-proxmox-ssl-cluster.sh

Purpose: Comprehensive SSL and cluster service fix

Usage:

# Fix both hosts
./scripts/fix-proxmox-ssl-cluster.sh both

# Fix individual host
./scripts/fix-proxmox-ssl-cluster.sh pve
./scripts/fix-proxmox-ssl-cluster.sh pve2

scripts/fix-ssl-certificate-all-hosts.sh

Purpose: Fix SSL certificates on all hosts

Usage:

./scripts/fix-ssl-certificate-all-hosts.sh

6.2 Hostname Resolution Fix Scripts

scripts/fix-proxmox-hostname-resolution.sh

Purpose: Fix hostname resolution issues

Usage:

./scripts/fix-proxmox-hostname-resolution.sh

What it does:

  • Adds proper entries to /etc/hosts
  • Ensures hostnames resolve to actual IP addresses
  • Updates both current and correct hostnames

6.3 General Fix Scripts

scripts/fix-r630-04-pveproxy.sh

Purpose: Fix pveproxy issues on r630-04

Usage:

./scripts/fix-r630-04-pveproxy.sh

scripts/run-fixes-on-proxmox.sh

Purpose: Run multiple fixes on Proxmox nodes

Usage:

./scripts/run-fixes-on-proxmox.sh

7. Node Status Summary

Operational Nodes

Node IP Web UI Status SSL Status Notes
ml110 192.168.11.10 Accessible Fixed Cluster master
r630-01 192.168.11.11 Accessible Fixed All services running
r630-02 192.168.11.12 Accessible Fixed All services running

⚠️ Issues Detected

Node IP Web UI Status SSL Status Issues
r630-03 192.168.11.13 Not accessible ⚠️ Unknown Server not reachable (unplugged?)
r630-04 192.168.11.14 ⚠️ Not accessible ⚠️ Unknown pveproxy issue, SSH auth failing

8. Troubleshooting Guide

Step 1: Check Service Status

ssh root@<node-ip>
systemctl status pveproxy pvedaemon pvestatd pve-cluster

Step 2: Check Logs

# Check pveproxy logs
journalctl -u pveproxy -n 100

# Check for worker exits
journalctl -u pveproxy -n 50 | grep "worker exit"

# Check cluster logs
journalctl -u pve-cluster -n 50

Step 3: Check Port 8006

# Check if port is listening
ss -tlnp | grep 8006

# Test web interface
curl -k -I https://<node-ip>:8006/

Step 4: Check SSL Certificates

# Check certificate files
ls -la /etc/pve/local/

# Check certificate validity
openssl x509 -in /etc/pve/pve-root-ca.pem -noout -dates

Step 5: Check Cluster Status

# Check cluster status
pvecm status

# Check cluster filesystem
mount | grep /etc/pve
df -h /etc/pve

Step 6: Apply Fixes

# Fix SSL certificates
pvecm updatecerts -f
systemctl restart pveproxy pvedaemon

# Or use automated scripts
./scripts/fix-ssl-certificate-error-596.sh <node>

9. Prevention and Best Practices

9.1 Regular Maintenance

  1. Monitor SSL certificate expiration

    • Check certificate dates regularly
    • Renew certificates before expiration

  2. Monitor service status

    • Set up monitoring for pveproxy, pvedaemon, pvestatd, pve-cluster
    • Alert on service failures

  3. Keep system time synchronized

    • Use NTP for time synchronization
    • SSL certificates are time-sensitive

9.2 Configuration Best Practices

  1. Hostname Resolution

    • Ensure /etc/hosts has proper entries
    • Hostnames must resolve to non-loopback IPs
    • Keep hostname entries updated

  2. Cluster Configuration

    • Maintain cluster quorum
    • Monitor cluster filesystem health
    • Keep cluster certificates in sync

  3. Network Configuration

    • Ensure port 8006 is accessible
    • Check firewall rules
    • Verify network connectivity

9.3 Documentation

  • Keep troubleshooting guides updated
  • Document any custom configurations
  • Maintain fix scripts and procedures

10. Related Documentation

Issue Reports

  • docs/archive/historical/PROXMOX_PVE_PVE2_ISSUES.md - Original issue analysis
  • docs/archive/reports/SSL_CERTIFICATE_ERROR_596_FIX.md - SSL error fix guide
  • reports/PROXMOX_SSL_CERTIFICATE_FIX_COMPLETE.md - SSL fix completion report
  • reports/status/R630_03_04_CONNECTIVITY_STATUS.md - Connectivity status report

Fix Documentation

  • docs/archive/completion/PROXMOX_PVE_PVE2_FIX_COMPLETE.md - Complete fix documentation
  • docs/09-troubleshooting/R630-04-PROXMOX-TROUBLESHOOTING.md - Troubleshooting guide
  • docs/archive/reports/PROXMOX_SSL_FIX_VERIFIED.md - SSL fix verification

Scripts

  • scripts/fix-ssl-certificate-error-596.sh - SSL error 596 fix
  • scripts/fix-proxmox-ssl-cluster.sh - SSL and cluster fix
  • scripts/fix-proxmox-hostname-resolution.sh - Hostname resolution fix
  • scripts/fix-r630-04-pveproxy.sh - r630-04 pveproxy fix

11. Summary

Resolved Issues

  1. SSL Certificate Error 596 - Fixed on ml110, r630-01, r630-02
  2. pveproxy Worker Crashes - Fixed on r630-01, r630-02
  3. Hostname Resolution - Fixed on r630-01, r630-02
  4. Cluster Filesystem Issues - Fixed on r630-01, r630-02
  5. Web Interface Accessibility - Fixed on ml110, r630-01, r630-02

Ongoing Issues ⚠️

  1. ⚠️ r630-03 Web Interface - Server not reachable (unplugged?)
  2. ⚠️ r630-04 Web Interface - pveproxy issue, needs console access

Available Solutions

  1. Automated fix scripts available
  2. Comprehensive troubleshooting documentation
  3. Step-by-step fix procedures
  4. Diagnostic commands documented

Review Completed: January 6, 2026
Total Issues Documented: 11
Resolved Issues: 5
Ongoing Issues: 2
Status: COMPREHENSIVE REVIEW COMPLETE

Reference in New Issue View Git Blame Copy Permalink