DNS (SRV? SSL?) related errors

Andrew_Laurence · May 18, 2006, 12:23am

Hello all,

I’‘m getting a series of log errors. I’'d appreciate any insight as to what they mean and how to fix the issue.

warn.log[/b], appears when (some?) users dis/connect from the Jabber server:

2006.05.17 15:57:43 Closing session due to incorrect hostname in stream header. Host: chat.org.domain.edu. Connection: org.jivesoftware.wildfire.net.SocketConnection@fc9d2b socket: Socket[addr=/192.168.10.11,port=49971,localport=5269] session: null[/pre]

error.log[/b]

2006.05.17 15:57:43 org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:161) Connection closed before session established

Socket[addr=/192.168.10.11,port=49974,localport=5269]

2006.05.17 15:57:43 org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:161) Connection closed before session established

Socket[addr=/192.168.10.11,port=49975,localport=5269]

2006.05.17 15:57:43 org.jivesoftware.wildfire.server.OutgoingServerSession.createOutgoingSession(Out goingServerSession.java:258) Error trying to connect to remote server: org.domain.edu(DNS lookup: org.domain.edu:5269)

java.net.ConnectException: Connection refused

at java.net.PlainSocketImpl.socketConnect(Native Method)

at java.net.PlainSocketImpl.doConnect(Unknown Source)

at java.net.PlainSocketImpl.connectToAddress(Unknown Source)

at java.net.PlainSocketImpl.connect(Unknown Source)

at java.net.SocksSocketImpl.connect(Unknown Source)

at java.net.Socket.connect(Unknown Source)

at org.jivesoftware.wildfire.server.OutgoingServerSession.createOutgoingSession(Ou tgoingServerSession.java:253)

at org.jivesoftware.wildfire.server.OutgoingServerSession.authenticateDomain(Outgo ingServerSession.java:182)

at org.jivesoftware.wildfire.server.OutgoingSessionPromise.createSessionAndSendPac ket(OutgoingSessionPromise.java:126)

at org.jivesoftware.wildfire.server.OutgoingSessionPromise.access$300(OutgoingSess ionPromise.java:37)

at org.jivesoftware.wildfire.server.OutgoingSessionPromise$1$1.run(OutgoingSession Promise.java:91)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)[/pre]

My server is chat.org.domain.edu[/i], with SRV records pointing domain.edu[/i] -> chat.org.domain.edu[/i]. Wildfire is configured with domain.edu[/i] as the Server Name[/b] as well as the xmpp.domain[/b] property.

Thank you!

-Andrew

Gaston_Dombiak · May 18, 2006, 3:19am

Hey Andrew,

I’'m not sure I understand how you server is configured. So your server name is domain.edu[/i] and the local group chat service is chat.org.domain.edu[/i] instead of the default configuration that would be conference.domain.edu[/i]. Is this correct? The warning that you have in the warn.log indicates that there is no service registered as chat.org.domain.edu[/i] so my guess is that there is a configuration problem in the server.

Regards,

– Gato

Andrew_Laurence · May 18, 2006, 4:44am

Oh heck, I’'ll use the real names.

The server is chat.nacs.uci.edu[/i]. I want users to login as chat.nacs.uci.edu.

I don’‘t have a DNS record for conference[/i]. You’'re saying I should? Are there any other, er, unobvious DNS records which need to be established?

I have a feeling I need to tear down and rebuild.

Gaston_Dombiak · May 18, 2006, 6:39pm

Oh heck, I’'ll use the real names.

Ok.

The server is chat.nacs.uci.edu[/i]. I want users

to login as @uci.edu, so the SRV records point

from uci.edu->chat.nacs.uci.edu.

That’'s fine and that is correct.

I don’'t have a DNS record for conference[/i].

You’'re saying I should? Are there any other, er,

unobvious DNS records which need to be established?

Since the server name of Wildfire is uci.edu[/i] then the group chat service (or conference service or MUC service) will be by default conference.uci.edu[/i]. If you want to let users of remote servers to be able to connect to a group chat room in your server then you will have to add a DNS SRV record for conference.uci.edu[/i]. Other servers than Wildfire will need that DNS SRV record to exist. Wildfire will try a second DNS search looking for uci.edu[/i] if conference.uci.edu[/i] failed.

Anyway, since in your first post you reported that you were getting that warning I suspect that someone in your server added a user to his contact list using the wrong domain. For instance, if you have user1@uci.edu and user2@uci.edu then user1@uci.edu added user2@chat.nacs.uci.edu to his roster instead of adding user2@uci.edu. Since Wildfire’'s server name is uci.edu then chat.nacs.uci.edu is assumed to belong to a remote server thus Wildfire tried to establish a server-to-server communication to itself and that failed since chat.nacs.uci.edu is an unknown server name for Wildfire.

Hope that helps.

Regards,

– Gato

Andrew_Laurence · May 18, 2006, 8:42pm

Since the server name of Wildfire is uci.edu[/i]

then the group chat service (or conference service or

MUC service) will be by default

conference.uci.edu[/i]. If you want to let users

of remote servers to be able to connect to a group

chat room in your server then you will have to add a

DNS SRV record for conference.uci.edu[/i].

Ah ha!

Considering how we portion out our domains, it sounds like I need to re-do my naming schemes. Please tell me if this is correct…

Establish a new subdomain, chat.uci.edu[/i].

Wildfire server’'s FQDN is chat.nacs.uci.edu[/i].

Wildfire identifies itself as chat.uci.edu[/i].

SRV records pointing chat.uci.edu[/i] → chat.nacs.uci.edu[/i].

SRV records pointing conference.chat.uci.edu[/i] → chat.nacs.uci.edu[/i] (All three SRVs? _xmpp-client, _xmpp-server and _jabber)?

This brings up another issue… which of these names should my SSL certificate use?

Anyway, since in your first post you reported that

you were getting that warning I suspect that someone

in your server added a user to his contact list using

the wrong domain. For instance, if you have

user1@uci.edu and user2@uci.edu then user1@uci.edu

added user2@chat.nacs.uci.edu to his roster instead

of adding user2@uci.edu.

Peeking into the roster table, it looks like a number of users have various entries @uci.edu and also @chat.nacs.uci.edu. Once I get the rest of this naming stuff sorted out, I’'ll overhaul the database.

Thank you!!

Andrew_Laurence · May 19, 2006, 12:14am

DNS SRV record for conference.uci.edu[/i].

I just realized I totally skipped over the “SRV” part of that sentence. Whoops.

So I need SRV records that point .conference.uci.edu → chat.nacs.uci.edu, right?

-Andrew