Cannot add users from other servers

Hello,

i have the following problem and i hope that someone can help me with it.

I installed the actual Wildfire server on my root server and it works fine. I can connect and use it with miranda and/or pandion. But if i try to add a user from an other jabber server, just like one from jabber.org the messenger says that there is no active account. But the name is fefenately right!

To test it, i created a new account @ jabber.org called apax@jabber.org and connect to the jabber.org server with pandion. Now i tried to add my account "tarnatos@torrentbase.de" but pandion said again that there is no active account with that name.

Is this a server 2 server connection problem and how can i fix it?

The server runs on a windows 2k3 enterprise server under iis 5 with a mysql 4 database.

Thx for any help.

Hi Tarnatos,

do you have a firewall between your server and the internet which blocks access to port 5269 for jabber.org?

LG

No, there is no firewall installed. A telnet conncetion to port 5269 isn’'t possible, but to port 5223 works.

##EDIT

i tried a telnet connection to jabber.org at port 5269, it failed also. I think the jabber.org server only supports ssl on port 5223.

Message was edited by: Tarnatos

Hi,

http://status.jabber.org/ looks like jabber.org has disabled s-2-s completely, can you connect to another server using your jabber.org account?

LG

Hmm im not really sure if i understand what you mean.

I tried many combinations:

  1. I created a account at jabber.ccc.de and jabber.freenet.de -> not possible to add user from other servers

  2. test between jabber.ccc.de and torrenbase.de -> fail

  3. test between jabber.freenet.de and torrenbase.de -> fail

  4. test between torrentbase.de and torrenbase.de -> pass

Do you know a server how really supports s2s so i can use it for testing?

Hi,

do you see errors in the log files? Especially if a user @torrenbase.de wants to add a remote user you should see there something. At least in the debug.log, so you may want to enable it while you test it.

Are you still using the default SSL certificates?

LG

2006.10.03 17:16:14 OS - Trying to connect to jabber.ccc.de:5269(DNS lookup: jabberd.jabber.ccc.de:5266)

2006.10.03 17:16:14 OS - Plain connection to jabber.ccc.de:5269 successful

2006.10.03 17:16:14 OS - Going to try connecting using server dialback with: jabber.ccc.de

2006.10.03 17:16:14 OS - Trying to connect to jabber.ccc.de:5269(DNS lookup: jabberd.jabber.ccc.de:5264)

2006.10.03 17:16:14 OS - Connection to jabber.ccc.de:5269 successful

2006.10.03 17:16:14 OS - Sent dialback key to host: jabber.ccc.de id: 6dd1092a5d140f372d8b0326c71e693bd09b4691 from domain: torrentbase.de

2006.10.03 17:16:14 Connect Socket[addr=/217.10.9.40,port=52089,localport=5269]

2006.10.03 17:16:14 OS - Validation FAILED from: jabber.ccc.de id: 6dd1092a5d140f372d8b0326c71e693bd09b4691 for domain: torrentbase.de

2006.10.03 17:16:14 Finishing Outgoing Server Reader. No session to close.

java.net.SocketException: socket closed

at java.net.SocketInputStream.socketRead0(Native Method)

at java.net.SocketInputStream.read(Unknown Source)

at org.jivesoftware.wildfire.net.ServerTrafficCounter$InputStreamWrapper.read(Serv erTrafficCounter.java:183)

at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(Unknown Source)

at sun.nio.cs.StreamDecoder$CharsetSD.implRead(Unknown Source)

at sun.nio.cs.StreamDecoder.read(Unknown Source)

at java.io.InputStreamReader.read(Unknown Source)

at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:2992)

at org.xmlpull.mxp1.MXParser.more(MXParser.java:3046)

at org.jivesoftware.wildfire.net.MXParser.nextImpl(MXParser.java:75)

at org.xmlpull.mxp1.MXParser.nextToken(MXParser.java:1100)

at org.dom4j.io.XMPPPacketReader.parseDocument(XMPPPacketReader.java:303)

at org.jivesoftware.wildfire.server.OutgoingServerSocketReader$1.run(OutgoingServe rSocketReader.java:91)

2006.10.03 17:16:14 OS - Trying to connect to ccc.de:5269(DNS lookup: ccc.de:5269)

This is the debug.log. The lines 13, 20, 23 are red and i line 8 the sever shows a validation problem.

Yes i still use the standard certs. I have a cert from plesk for the hole domain. Or should i make a new one with https://www.cacert.org/index.php ?

##EDIT

Now i installed and imported a new CAcert.org server cert. Still the same validation problem.

Hi,

this allows you to accept CAcert.org certificates. But your Wildfire server may still be using the “John Doe” certificates and most other servers will not accept them.

LG

OK, i deleted the John … cert. But the webinterface still uses it and the problem is not fixed.

How can i solve the connction problem?

Hi,

deleting the certificates may be a bad idea as you need certificates. Did you read the SSL Guide or some forum threads? It may be hard to create proper certificates but not impossible.

LG

No i havn’'t.

Now the server will not work with ssl ;(

Is it possible to restore the deleted certs without a reinstall?

Hi,

http://www.jivesoftware.org/fisheye/viewrep/~raw,r=3229/svn-org/wildfire/trunk/s rc/security/keystore and

http://www.jivesoftware.org/fisheye/viewrep/~raw,r=3249/svn-org/wildfire/trunk/s rc/security/truststore

should be the right files.

LG

Thx!!!

Have you any ideas about the s2s problem?

Regards

-Tarnatos

i have the same problem Wildfire 3.1.0 at Linux

OK, i found the problem in my server. take a look in your jabber server settings and check the server name! change it to “exemple.com”, default was “test.exemple.com” i hope you have the same result

Hello,

my servername has allready changed to torrentbase.de. That is not the reason ;(

2006.10.03 17:16:14 OS - Validation FAILED from: jabber.ccc.de id: 6dd1092a5d140f372d8b0326c71e693bd09b4691 for domain: torrentbase.de

This error likely happens when the other host somehow fails to do dialback to your host. If you’‘ve confirmed that there isn’‘t any firewall, my guess is that the other host couldn’'t resolve your xmpp.domain when it tried to dialback.

A quick check on your server’‘s SRV record for s2s port shows that you don’'t have DNS SRV setup for your domain:

$ dig -t srv xmpp-server.tcp.torrentbase.de

; <<>> DiG 9.3.1 <<>> -t srv xmpp-server.tcp.torrentbase.de

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36536

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

;_xmpp-server._tcp.torrentbase.de. IN SRV

;; AUTHORITY SECTION:

torrentbase.de. 10800 IN SOA ns1.dnspartner.de. hostmaster.speedpartner.de. 2006092908 28800 7200 604800 86400

;; Query time: 365 msec

;; SERVER: 202.157.186.199#53(202.157.186.199)

;; WHEN: Mon Oct 16 15:01:35 2006

;; MSG SIZE rcvd: 125

If the other host stops the lookup there and doesn’‘t fall back to normal DNS query through e.g. A record, this is a sure failure; which might explain the “Validation FAILED” error above. It will also fail if normal DNS query also doesn’'t resolve to your host.