Hi,
I just installed Openfire 3.6.3 on Windows 2003 and it authenticates through AD on separate server. I have alos installed sparkweb on the same server on separate apache service. I have set the sparkweb to use HTTPS binding and set the Openfire server security setting to “Required”.
I have been tested all the features including FTP transfer and it worked fine until yesterday when more people (less than 10 people) tested the openfire. I had 3 people could not login and received “Not Authorize” messages and some people got kick out etc. At that time I was trying to login to admin console and I can not login either. So I restarted the openfire and after a while I was able to login and users alos got kicked out and were able to login again. But this didn’t last long. It happened again an hour later. So I manage to get the message from the log as below:
2009.04.30 03:54:02 [org.jivesoftware.util.log.util.CommonsLogFactory$1.error(CommonsLogFactory.java:88) ] Line=19 The content of element type "dwr" must match "(init?,allow?,signatures?)". 2009.04.30 08:23:11 [org.jivesoftware.openfire.ldap.LdapAuthProvider.authenticate(LdapAuthProvider.java:122) ] Error connecting to LDAP server javax.naming.CommunicationException: sample.com:389 [Root exception is java.net.UnknownHostException: sample.com] at com.sun.jndi.ldap.Connection.<init>(Unknown Source) at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source) at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(Unknown Source) at com.sun.jndi.ldap.pool.Connections.getOrCreateConnection(Unknown Source) at com.sun.jndi.ldap.pool.Connections.get(Unknown Source) at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Unknown Source) at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(Unknown Source) at com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source) at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source) at javax.naming.spi.NamingManager.getInitialContext(Unknown Source) at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) at javax.naming.InitialContext.init(Unknown Source) at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source) at org.jivesoftware.openfire.ldap.LdapManager.getContext(LdapManager.java:480) at org.jivesoftware.openfire.ldap.LdapManager.findUserDN(LdapManager.java:684) at org.jivesoftware.openfire.ldap.LdapManager.findUserDN(LdapManager.java:637) at org.jivesoftware.openfire.ldap.LdapAuthProvider.authenticate(LdapAuthProvider.java:112) at org.jivesoftware.openfire.auth.AuthFactory.authenticate(AuthFactory.java:158) at org.jivesoftware.openfire.net.XMPPCallbackHandler.handle(XMPPCallbackHandler.java:87) at org.jivesoftware.openfire.sasl.SaslServerPlainImpl.evaluateResponse(SaslServerPlainImpl.java:112) at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java:245) at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:161) at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandler.java:133) at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:570) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299) at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648) at org.apache.mina.common.IoFilterAdapter.messageReceived(IoFilterAdapter.java:80) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299) at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648) at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimpleProtocolDecoderOutput.java:58) at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:185) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299) at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648) at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:239) at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:283) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51) at java.lang.Thread.run(Unknown Source) Caused by: java.net.UnknownHostException: sample.com
at java.net.PlainSocketImpl.connect(Unknown Source) at java.net.SocksSocketImpl.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at java.net.Socket.<init>(Unknown Source) at java.net.Socket.<init>(Unknown Source) at com.sun.jndi.ldap.Connection.createSocket(Unknown Source) ... 47 more =====
Notes: In the above log I changed the real AD server to sample.com
The openfire was unstable for the whole day.
Our openfire runs on VMware environment and it has 512MB and 1 CPU assigned to it.
So I increased the Java Virtual Memory from 64 MB to 200MB. Last night I tried and it worked fine although only me and my test user login. This morning I got report that one user uses Pidgin 2.5.5 had a hard time to login. She keeps getting “Not Authorized” and in the Info Log Isaw a lot of this kind of message: “User Login Failde. PLAIN Authentication failed”. After a while she can login without my intervention such as restarted the Openfire.
My questions:
-
Does anybody knows whether this is coding issue, client issue or I need to get more Virtual Memory assigned to it?
-
If it is Virtual Memory being not enough, what is the best formula to get the correct size of the VM? Is it 80% of Available Memory? I might have about 200 users who will use this jabber service.
3.From some forum people mentioned that new client, espeacially Pidgin 2.5, has “Heartbeat check up” capability which uses a lot of Virtual Memory on the openfire. They suggested to "Enable parallel garbage collectors “-XX:+UseParallelGC” and set xmpp.client.idle= -1
"
4.I also noticed in the debug log there are a lot of VCard error which I believe might burden to the openfire process. Should I just modify the VCard setting through the admin console so it reflex what our user AD profile?
Thank you in advance for your help.
regards,
Charlie