powered by Jive Software

AD not syncing and no one can log in to the client

I’m sorry if this is the wrong category to post this in, but I have no idea where to put it. We had to recreate our Spark server a few months ago and we’re having several problems with it.

We’re running server version 4.3.2 and I know we’re running a mixture of Spark client v7.5.752 and v2.8.3. But this started long before we started upgrading the client version.

  1. Either something wasn’t set up correctly or something is missing, because it’s not syncing with the Active Directory.

  2. Nobody can sign in anymore. We were able to at first, but no one was showing in the directory. You would need to search for another user to be able to chat with them and they’d always show as offline.

  3. I can’t get into the admin website anymore, because it won’t take any of the three passwords I’ve had for Windows over the last five months.

  4. The server is now on is a VM running Debian GNU/Linux 9 with no GUI–only a command-line interface through the VM host.

Any help to at least get into the admin site to start with would be great. But if anyone can diagnose why it’s not syncing with the AD, would have my gratitude for a very long time.

its likely the user account used for ldap lookups has been disabled, locked out, password changed, password expired, etc…

What @speedy said. Check your logs/all.log for an indication of where things may be going wrong.

But i don’t know the login to use to access the server. I can’t log in via the website, the VM console, Putty, or WinSCP. If you’re referring to the logs folder on my computer, then there is no all.log file; this is what I do have when I try to log in through the client:

output.log
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
Principal is null
null credentials from Ticket Cache
[Krb5LoginModule] authentication failed
Unable to obtain Principal Name for authentication

error.log
*Jul 23, 2019 1:46:38 PM org.jivesoftware.spark.util.log.Log warning
WARNING: Exception in Login:
Connection failed. No response from server.:
at org.jivesoftware.smack.PacketReader.startup(PacketReader.java:117)
at org.jivesoftware.smack.XMPPConnection.initConnection(XMPPConnection.java:644)
at org.jivesoftware.smack.XMPPConnection.connectUsingConfiguration(XMPPConnection.java:604)
at org.jivesoftware.smack.XMPPConnection.connect(XMPPConnection.java:1022)
at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1084)
at org.jivesoftware.LoginDialog$LoginPanel.access$1400(LoginDialog.java:333)
at org.jivesoftware.LoginDialog$LoginPanel$4.construct(LoginDialog.java:867)
at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:141)
at java.lang.Thread.run(Unknown Source)

Jul 23, 2019 1:47:27 PM org.jivesoftware.spark.util.log.Log warning
WARNING: Exception in Login:
Connection failed. No response from server.:
at org.jivesoftware.smack.PacketReader.startup(PacketReader.java:117)
at org.jivesoftware.smack.XMPPConnection.initConnection(XMPPConnection.java:644)
at org.jivesoftware.smack.XMPPConnection.connectUsingConfiguration(XMPPConnection.java:604)
at org.jivesoftware.smack.XMPPConnection.connect(XMPPConnection.java:1022)
at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1084)
at org.jivesoftware.LoginDialog$LoginPanel.access$1400(LoginDialog.java:333)
at org.jivesoftware.LoginDialog$LoginPanel$4.construct(LoginDialog.java:867)
at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:141)
at java.lang.Thread.run(Unknown Source)

Jul 23, 2019 3:55:55 PM org.jivesoftware.spark.util.log.Log warning
WARNING: Exception in Login:
Connection failed. No response from server.:
at org.jivesoftware.smack.PacketReader.startup(PacketReader.java:117)
at org.jivesoftware.smack.XMPPConnection.initConnection(XMPPConnection.java:644)
at org.jivesoftware.smack.XMPPConnection.connectUsingConfiguration(XMPPConnection.java:604)
at org.jivesoftware.smack.XMPPConnection.connect(XMPPConnection.java:1022)
at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1084)
at org.jivesoftware.LoginDialog$LoginPanel.access$1400(LoginDialog.java:333)
at org.jivesoftware.LoginDialog$LoginPanel$4.construct(LoginDialog.java:867)
at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:141)
at java.lang.Thread.run(Unknown Source)

Jul 23, 2019 3:57:17 PM org.jivesoftware.spark.util.log.Log warning
WARNING: Exception in Login:
Connection failed. No response from server.:
at org.jivesoftware.smack.PacketReader.startup(PacketReader.java:117)
at org.jivesoftware.smack.XMPPConnection.initConnection(XMPPConnection.java:644)
at org.jivesoftware.smack.XMPPConnection.connectUsingConfiguration(XMPPConnection.java:604)
at org.jivesoftware.smack.XMPPConnection.connect(XMPPConnection.java:1022)
at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1084)
at org.jivesoftware.LoginDialog$LoginPanel.access$1400(LoginDialog.java:333)
at org.jivesoftware.LoginDialog$LoginPanel$4.construct(LoginDialog.java:867)
at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:141)
at java.lang.Thread.run(Unknown Source)*

Do you mean you don’t have access to the OS the server is running on (Debian)? This will make it complex to maintain and fix issues. Not just current one, but in the future. And certainly you won;t be able to update the server. If you do have access to OS, then find Openfire installation folder under /usr/share/openfire (if installed with the deb package) and there should be logs folder with all.log.

Correct. Only a couple of us had access to the admin and now nobody can get in. This is what we have on the VM:

I’ve tried the three passwords I have used since 5/21 and none of them work. Now since we really can’t use Spark because the AD isn’t syncing and no body can log in anymore, would it be best to just do a reinstall of the OS? If so, should we go with Windows or Linux? It’s probably a matter of preference, but which is better from a user standpoint?

no need to reinstall. simply stop the openfire service…then locate the openfire.xml file. in the file, locate the setup tag and change it from true to false.

restart openfire service. this will let you run through the setup wizard again, but will use your existing settings.

you’ll come to the ldap part and it will ask for an ldap admin account. this is the account used to read ldap, and really doesn’t need to be a high level “admin” account. in fact, should be a low level account. anyway, update this username/password to what you want to use.

But if I can’t get to the admin website or log in to the server, how can I stop the service?

I apologize if a lot of these questions are dumb or have obvious answers. I only have a passing familiarity with Linux. I’ve played with Ubuntu and Xubuntu, but I’ve never really done anything serious with them.

Sorry, I can’t help you much with gaining access to your system. You may be able to do a google search on resetting root or recovering access. if the machine is only running openfire, than it might be easier to just reinstalled on another machine and run through the setup. the setup is pretty easy and usually just takes about 5-10 minutes…

If you are more familiar with Windows, then go with that version. I have used Openfire on Linux for maybe 7 years and it was ok. Then switched to Windows for another 6 years and it was fine too. As a mainly Windows admin i personally lean more towards Windows. Just read the install guide and pay attention to a few nuances http://download.igniterealtime.org/openfire/docs/latest/documentation/install-guide.html

I found someone with the root login for the server, and managed to get in and run through the setup again. Huzzah! Now it’s down to figuring out why the AD won’t sync. I logged in to my client, but don’t see any users or groups except the few people I had chatted with previously.

Looking at the users and Groups in the admin console shows everyone that should be there.

Maybe sharing setting has reset. Check one of the groups and see if Sharing in contact list is enabled inside of it.

Groups are definitely shared, but there’s nobody in them. One of our main groups “Call Center Agents”, only has one member when it should have over 100.

When you redid the setup you probably picked something wrong in AD setup. But i can’t help with that. Never used AD integration. @speedy might help.

Okay, I think I’ve found it. I need to go into each of the groups that I want showing in Spark and check the “All Users” button. They’re all already defaulted to enable sharing, so I just need to make sure each of the groups can see each other.

I did it with that group, signed out, then back in and saw that a couple of the groups from the AD were showing, and the “Offline group” was fully populated. So now I have to go through the groups in the admin console and unshare a few of them.

Though I have no idea why user “cmiller” has his own group.

Should I stop the Openfire service on the server before enabling sharing for each of the groups I need? When I click the “Save Contact List Settings” button, the site just loads forever and I have to log out of then back into Spark and refresh the admin pate to see if the change took. And even then it takes a couple of tries sometimes.

No, you shouldn’t have to restart Openfire for this. But then again, I haven’t used it with AD integration, maybe there are some quirks with that.

Okay, so stopping the service is not what I should do. I can’t get to the admin console after. :stuck_out_tongue:

I thank you all for the help. You can go ahead an close this out now.

You can do this yourself :slight_smile: Just pick the message you like (can be your own even), press the … and then checkmark :wink: