External Access to OpenFire w/ Spark

I am in need of some help here. I have two huge holes in the wall where I have bashed my head against the wall. I have been trying to connect my spark client to my openfire server. I have an OpenFire Server running the newest release 3.10 and I have tried to configure both with MySQL and embedded. I have tried both LDAP and default. The problem is I can connect internally with the spark client with no problem everything works fine. I just can’t get it to connect externally. I am not using a vpn at all. I have opened all the ports that are required. I still can’t connect. I am getting the error “Invalid username or password” I know for a fact that this is correct because it is the same username and password that works internally. I have made sure that my FQDN is correct. I have set it to chat.domain.com and no success, also I have tried just domain.com and no success. I have an a record for chat.domain.com already setup and it is resolving correctly. I can connect to the admin console remotely by both the external ip address and by the DNS “chat.domain.com” no success. I have tried to use just the IP address in the Server area of the Spark Client and same error. I have tried going to “advanced” on the client and enter the IP address of the server and then in the server area I have put the server name. This is crazy please please someone help.

Ever find an answer on this? I’m running into the same challenge with some slight variations.

Server: server.domain.com on port 5222

Users and workstations on the domain work fine. I have a location in Canada I’m trying to get some people connected to. They are not on our domain but they DO have accounts in our domain as they use our exchange server. We tell them to log in as their AD account here in the US using the FQDN in the server name spot. Login fails with unreachable message.

Our locations are bridged by 2 firewalls running a site-to-site VPN tunnel so we don’t need any port forwarding, natting, etc. They have an inter-domain trust that resolves DNS names on our domain from their workstation.

I’m wondering if the solution to your situation would be mine as well. The issue seems to be any client workstation NOT part of the domain here in the US.