Cannot Login to Admin Web Console

Well it seems like every month or so I have some kind of issue with Openfire. It is getting annoying.

Server has actually been working really nice using Active Directory and about ready to role out to production, but guess what. I can’t login to the web console any more. Whats change…NOTHING! This is not the first time. Last time I did a complete reinstall and that fixed it. Now I have lots of changes and etc I have done and do not want to try to remember them all. It had been working for over a month I think with no changes, then all the sudden stopped.

So, where do I start to try to figure this puzzle out?

Start by providing some information. There is no universal answer to “I cant login to Admin Console”. Have you tried to restart Openfire? How do you connect to Admin Console? Do you use its hostname like http://servername:9090? Can you try IP:9090? also check /openfire/logs/error.log

Yes I have restarted OpenFire Server several times. I have tried using the hostname,localhost, and the UP for the URL and I always get

“Login failed: make sure your username and password are correct and that you’re an admin or moderator.”
error.log (216846 Bytes)

So. Openfire “thinks” that you are giving the wrong credentials. I’m not good at LDAP, but maybe something wrong (or has been changed) is on the AD side. As your log is filled with “group not found” errors, probably Openfire can’t find your admin account either, so it cant authenticate you. I would try to rerun the setup, though i’m not sure what will this change with the LDAP setup. Anyway - stop Openfire, open /openfire/conf/openfire.xml and change true to false at the bottom, start Openfire and launch Admin Console.

ah, html editor stripped down html tags… i meant setup tags, change true to false between them

That is what I have done the last 2-3 times. But is a pain, cause I have to remember all the dang settings to put back in. Also, I should not have to be doing this on a monthly bassis really.

Well, write them down then :slight_smile: As i said, i dont know much about LDAP. I think some settings are saved in openfire.xml, so maybe you can backup it before reruning the setup. I cant suggest anything else. Maybe Todd Getz will come around and help you.

Yeah, I really would like to find the right thing. Reinstalling everyone so often is not really a option. Seems like I had Todd’s email some where, if I can just find it.

try sending him a private message, he should get a notification http://www.igniterealtime.org/community/people/sixthring

Are you certain there is not something going on with the adminDN account you used from AD to bind Openfire to AD LDAP? This sounds like a password change issue or some other such thing. I would think it is on the AD side though. I always create a unique user for Openfire adminDN. The user is created in the AD default Users container. The password is set to never expire.

Renforcing your point, I had similar issue when the password for the ldap.adminDN was changed in AD due to system policy. No LDAP query possible, so no one could log in Admin or user.

I fixed by changing PW back, but plan B was to edit ofProperty table, ldap.adminPassword value.

I had the password issue a while back, ,and I fixed it then. When it was a password issue my users could not log in either. This time, my users can login and chat all day with no issues. Even I can login with no issues. Neither I or my admin account can login to administer the server. Both where set to be OF Admins.

ok, it is fixed now…but I need to know why…

I ran setup again, left all settings default as it remember what was set before…and it works perfect!

Has your admin account been moved or otherwise changed in AD. If it has moved outside the BaseDN you will not login. Have you verified that your are listed in the database as an admin. If you are using an external SQl database check this table: ofproperty and this row: admin.authorizedJIDs. Verify your admin IDs are still valid. If this keeps happening I would question the integrity of the DB.

Nothing moved at all, all I did was reinstall and it worked.

Using MS SQL, all appears fine there. I did check and all the admins are listed…

Next time this happens (hope it doesn’t) Check the database first. If there are no errors there we are back to an issue with the openfire install itself. I would at that point backup your openfire directory, uninstall, delete the remaining openfire folder, then reinstall. Before turning on openfire you can copy the openfire.xml back to the conf directory which will link it up with the database.

I have same problem, fixed it by reverting to version 3.5.1. Will someone fix this please?

Okay, I am having a similar situation, but my install is slightly different. I have an embedded DB, so how would I check theadmin account settigns in the table? I know that my problem is also with a password change in AD (for all of our Admins, due to system policy), and I don’t have an account that doesn’t change (or that I am willing to use, like the enterprise admin).

Where did you get 3.5.1 version and how to uninstall 3.6x, and then install 3.5.1

Same thing is happening to me,

mgm

If you use the embedded database (and you really should not in a production environment), then just re-run the config by editing the openfire.xml setup tag to read false. Then restart the openfire server. You now can reenter the binding settings while re-entering the config data. You need to have a non-admin LDAP user with directory read rights and a password that does not expire. In AD this is a simple domain user. There is no security risk in this, and if the account is set right it can be restricted from accessing anything other than reading LDAP. You need to put pressure on your AD admins to get this done for you.