powered by Jive Software

Cannot S2S connect to Google and others

Openfire 4.1.16 installed from tarball.
Java 1.8.0_151
Linux 4.13.10/amd64 (Slackware)

Until the weekend everything worked fine, since sunday or so (cannot really tell when) no contacts on other servers are reachable. I upgraded then and fixed a couple of minor things (new truststore, made clientstore accessible, relaxed TLS settings…).
Previous version was 4.0.4

Still the only connection which works is to jabber.ccc.de. Others, namely google are not possible. 5 hours googling and testing did not help. Log is exception and error free. Any ideas?

# grep pool-23-thread-2 all.log 
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: 'evilazrael.net' to remote domain: 'googlemail.com'] - Start domain authentication ...
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: 'evilazrael.net' to remote domain: 'googlemail.com'] - Searching for pre-existing outgoing sessions to the remote domain (if one exists, it will be re-used) ...
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: 'evilazrael.net' to remote domain: 'googlemail.com'] - There are no pre-existing outgoing sessions to the remote domain itself. Searching for pre-existing outgoing sessions to super- or subdomains of the remote domain (if one exists, it might be re-usable) ...
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: 'evilazrael.net' to remote domain: 'googlemail.com'] - There are no pre-existing session to other domains hosted on the remote domain.
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: 'evilazrael.net' to remote domain: 'googlemail.com'] - Unable to re-use an existing session. Creating a new session ...
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: evilazrael.net to googlemail.com] - Creating new session...
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: evilazrael.net to googlemail.com] - Creating plain socket connection to a host that belongs to the remote XMPP domain.
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.net.SocketUtil - Creating a socket connection to XMPP domain 'googlemail.com' ...
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.net.SocketUtil - Use DNS to resolve remote hosts for the provided XMPP domain 'googlemail.com' (default port: 5269) ...
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.net.SocketUtil - Found 5 host(s) for XMPP domain 'googlemail.com'.
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.net.SocketUtil - Trying to create socket connection to XMPP domain 'googlemail.com' using remote host: xmpp-server.l.google.com:5269 (blocks up to 120000 ms) ...
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.net.SocketUtil - Successfully created socket connection to XMPP domain 'googlemail.com' using remote host: xmpp-server.l.google.com:5269!
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: evilazrael.net to googlemail.com] - Send the stream header and wait for response...
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: evilazrael.net to googlemail.com] - Got a response (stream ID: F5C98C8FDB7EADB9, version: null). Check if the remote server is XMPP 1.0 compliant...
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: evilazrael.net to googlemail.com] - The remote server is not XMPP 1.0 compliant.
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: evilazrael.net to googlemail.com] - Something went wrong so close the connection and try server dialback over a plain connection
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: evilazrael.net to googlemail.com] - Unable to create a new session. Going to try connecting using server dialback as a fallback.
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from: evilazrael.net to RS at: googlemail.com (port: 5269)] - Creating new outgoing session...
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.net.SocketUtil - Creating a socket connection to XMPP domain 'googlemail.com' ...
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.net.SocketUtil - Use DNS to resolve remote hosts for the provided XMPP domain 'googlemail.com' (default port: 5269) ...
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.net.SocketUtil - Found 5 host(s) for XMPP domain 'googlemail.com'.
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.net.SocketUtil - Trying to create socket connection to XMPP domain 'googlemail.com' using remote host: xmpp-server.l.google.com:5269 (blocks up to 120000 ms) ...
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.net.SocketUtil - Successfully created socket connection to XMPP domain 'googlemail.com' using remote host: xmpp-server.l.google.com:5269!
2017.11.22 01:23:11 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from: evilazrael.net to RS at: googlemail.com (port: 5269)] - Send the stream header and wait for response...
2017.11.22 01:23:12 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from: evilazrael.net to RS at: googlemail.com (port: 5269)] - Got a response. Check if the remote server supports dialback...
2017.11.22 01:23:12 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from: evilazrael.net to RS at: googlemail.com (port: 5269)] - Dialback seems to be supported by the remote server.
2017.11.22 01:23:12 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Authenticate domain: evilazrael.net with RS: googlemail.com (id: EC3F6CB913152C08)] - Authenticating domain ...
2017.11.22 01:23:12 DEBUG [pool-23-thread-2]: org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Authenticate domain: evilazrael.net with RS: googlemail.com (id: EC3F6CB913152C08)] - Sending dialback key and wait for the validation response...
2017.11.22 01:23:12 WARN  [pool-23-thread-2]: org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Authenticate domain: evilazrael.net with RS: googlemail.com (id: EC3F6CB913152C08)] - Ignoring unexpected answer while waiting for dialback validation: <stream:error xmlns:stream="http://etherx.jabber.org/streams"><not-authorized xmlns="urn:ietf:params:xml:ns:xmpp-streams"/></stream:error>

I put the full log of a short session (1000 lines) @ http://evilazrael.net/tmp/openfire.txt

Too late :frowning: please move to support subforum

Sadly, Google stopped supported XMPP on S2S: https://xmpp.org/2015/03/no-its-not-the-end-of-xmpp-for-google-talk/

A two years old post is no explanation why it stopped after 2 years on last Sunday/Monday. There were a lot of “end of service” messages and announcements in the last years and the reports of the service’s death have been greatly exaggerated.

Anyways. As the post talks about that google never implemented the required TLS, I thought I give it a last try and disable S2S. Interestingly it worked. It worked even after enabling STARTTLS again.
So maybe it was just a hiccup in their service.
At least I haven’t changed anything with my software and network connectivity.

Please close and forget.