powered by Jive Software

Error creating secured outgoing session to remote server

Hi,

I have recently gone through several changes at my site including a) changing IP address and b) upgrading to Wildfire 3.1. At this point, my server communicates with several other domains fine (including Google Talk and a domain running as a iChat Server) but is failing to connect to another domain (jabber.westgrid.ca). This domain is running Wildfire 3.0.

We cleared up some problems through troubleshooting, but still cannot connect. I have included the relevant log from the Error log below. I can’‘t figure out what this means. We checked SSL certificates and those are fine, they haven’‘t changed. jabber.westgrid.ca hasn’'t changed IP addresses or anything like that. Our respective firewalls are permitting xmpp-server traffic between the two sites.

What am I missing?

Thanks in advance.

2006.10.19 12:43:19 org.jivesoftware.wildfire.server.OutgoingServerSession.createOutgoingSession(Out goingServerSession.java:339) Error creating secured outgoing session to remote server: jabber.westgrid.ca(DNS lookup: jabber.westgrid.ca:5269)

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

at com.sun.net.ssl.internal.ssl.EngineInputRecord.bytesInCompletePacket(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(Unknown Source)

at javax.net.ssl.SSLEngine.unwrap(Unknown Source)

at org.jivesoftware.wildfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:304)

at org.jivesoftware.wildfire.net.TLSStreamHandler.start(TLSStreamHandler.java:250)

at org.jivesoftware.wildfire.net.SocketConnection.startTLS(SocketConnection.java:1 73)

at org.jivesoftware.wildfire.server.OutgoingServerSession.secureAndAuthenticate(Ou tgoingServerSession.java:367)

at org.jivesoftware.wildfire.server.OutgoingServerSession.createOutgoingSession(Ou tgoingServerSession.java:303)

at org.jivesoftware.wildfire.server.OutgoingServerSession.authenticateDomain(Outgo ingServerSession.java:140)

at org.jivesoftware.wildfire.server.OutgoingSessionPromise.createSessionAndSendPac ket(OutgoingSessionPromise.java:130)

at org.jivesoftware.wildfire.server.OutgoingSessionPromise.access$300(OutgoingSess ionPromise.java:40)

at org.jivesoftware.wildfire.server.OutgoingSessionPromise$1$1.run(OutgoingSession Promise.java:95)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

The following is from Debug. Is this in my side or the remote side this problem is stemming from? Why might there be an unexpected answer in the dialback between the Wildfire 3.0 and the 3.1 servers?

2006.10.19 13:47:39 OS - Trying to connect to jabber.westgrid.ca:5269(DNS lookup: jabber.westgrid.ca:5269)

2006.10.19 13:47:39 OS - Plain connection to jabber.westgrid.ca:5269 successful

2006.10.19 13:47:39 OS - Indicating we want TLS to jabber.westgrid.ca

2006.10.19 13:47:39 OS - Negotiating TLS with jabber.westgrid.ca

2006.10.19 13:47:40 OS - Going to try connecting using server dialback with: jabber.westgrid.ca

2006.10.19 13:47:40 OS - Trying to connect to jabber.westgrid.ca:5269(DNS lookup: jabber.westgrid.ca:5269)

2006.10.19 13:47:40 OS - Connection to jabber.westgrid.ca:5269 successful

2006.10.19 13:47:40 OS - Sent dialback key to host: jabber.westgrid.ca id: 4e605a80 from domain: dl.nibble.bz

2006.10.19 13:47:43 OS - Unexpected answer in validation from: jabber.westgrid.ca id: 4e605a80 for domain: dl.nibble.bz answer:<stream:error xmlns:stream=“http://etherx.jabber.org/streams”></stream:error>

Whereas Google Talk works fine:

2006.10.19 13:54:32 OS - Trying to connect to gmail.com:5269(DNS lookup: xmpp-server2.l.google.com:5269)

2006.10.19 13:54:33 OS - Plain connection to gmail.com:5269 successful

2006.10.19 13:54:33 OS - Going to try connecting using server dialback with: gmail.com

2006.10.19 13:54:33 OS - Trying to connect to gmail.com:5269(DNS lookup: xmpp-server1.l.google.com:5269)

2006.10.19 13:54:33 OS - Connection to gmail.com:5269 successful

2006.10.19 13:54:33 OS - Sent dialback key to host: gmail.com id: 08A7CE8DEA2BCA89 from domain: dl.nibble.bz

2006.10.19 13:54:33 Connect Socket[addr=/72.14.252.129,port=33442,localport=5269]

2006.10.19 13:54:33 RS - Received dialback key from host: gmail.com to: dl.nibble.bz

2006.10.19 13:54:33 RS - Trying to connect to Authoritative Server: gmail.com:5269(DNS lookup: xmpp-server.l.google.com:5269)

2006.10.19 13:54:33 RS - Connection to AS: gmail.com:5269 successful

2006.10.19 13:54:33 RS - Asking AS to verify dialback key for id58039c48

2006.10.19 13:54:33 RS - Key was VERIFIED by the Authoritative Server for: gmail.com

2006.10.19 13:54:33 RS - Closing connection to Authoritative Server: gmail.com

2006.10.19 13:54:33 RS - Sending key verification result to OS: gmail.com

2006.10.19 13:54:33 AS - Verifying key for host: gmail.com id: 08A7CE8DEA2BCA89

2006.10.19 13:54:33 AS - Key was: VALID for host: gmail.com id: 08A7CE8DEA2BCA89

2006.10.19 13:54:34 OS - Validation GRANTED from: gmail.com id: 08A7CE8DEA2BCA89 for domain: dl.nibble.bz

Here’'s what I got from the admin for jabber.westgrid.ca from his Debug:

2006.10.19 14:09:21 Connect Socket[addr=/24.80.166.141,port=33524,localport=5269]

2006.10.19 14:09:21 RS - Received dialback key from host: dl.nibble.bz to: jabber.westgrid.ca

2006.10.19 14:09:21 RS - Trying to connect to Authoritative Server: dl.nibble.bz:5269(DNS lookup: dl.nibble.bz:5269)

And likewise, the jabber.westgrid.ca server can connect to other sites successfully.

I know this thread is a little crufty, but I did want to give my final answer:

Check white-lists/black-lists.

When my server changed addresses, it was no longer white-listed. It took an unfortunately long time to diagnose this, but we should have known. I don’‘t suppose there’'s somewhere that blocked hosts (due to white/black list restrictions) get logged, is there? Can this be added?

Thanks!