Warning…this video is pretty boring! This was my first attempt at creating a “how to” video. Hopefully someone will find it useful. The video only covers some basics. as Guus has stated in his video “…This video is intended as a demo that you can use to base your own process on. Don’t blindly follow these instructions, without giving thought to security, interoperability and performance.”
Use at your own risk!
feel free to use this as a reference as well
That looks too easy 
Anyway, it wasn’t boring. I have learned a few things. You should have probably mentioned you were using x64 version with JRE bundled, so one using x86 won’t be looking for Openfire in regular Program files, etc. Maybe i saw some other places to clarify, but nothing major. Good guide 
Btw, i see Xen being used for virtualization. That’s what Amazon uses?
Hey speedy,
i tried your HowTo.
The LDAP-Connection worked fine, now i tried to setting up SSO, but i dont work for me.
My configs:
krb5.ini in C:/Windows:
[libdefaults]
default_realm = XXX.NET
[realms]
XXX.NET = {
kdc = codc1.xxx.net
admin_server = codc1.xxx.net
default_domain = xxx.net
} [domain_realms]
xxx.net = XXX.NET
.xxx.net = XXX.NET
gss.conf in C:\Program Files\Openfire\conf
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule
required
storeKey=true
keyTab="C:/Program Files/Openfire/resources/xmpp.keytab"
doNotPrompt=true
useKeyTab=true
realm="XXX.NET"
principal="xmpp/xmpp.xxx.net";
debug=true;
};
Openfire Serversettings:
Spark-Settings:
When i try to LogIn, i got following answer:
Do you have any idea?
Thank you!!
Did you remember to make the registry edit on the workstation? Try running spark "as administrator"
If using the included openfire self-signed certification, make sure spark is set to accept all certificates.
Hello speedy,
thank u for ur reply.
Yes, the registry edit is done. Started Spark as administrator too.
Im using the included openfire certification, spark is set to accept all certificates in advanced options.
Today i will restart the openfireserver and workstation and try it again. I will contact you with the result.
Thanks, see u.
So, i tried it now after a restart again. I got the same result.
Here is my registry entry on the workstation.
Advanced options about certificates.
Any ideas?
Thanks 
EDIT:
warn.log.0 says:
Feb 06, 2018 2:38:42 PM org.jivesoftware.spark.util.log.Log warning
WARNUNG: Exception in Login:
org.jivesoftware.smack.SmackException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: codc1.xxx.net)]
at org.jivesoftware.smack.sasl.javax.SASLJavaXMechanism.getAuthenticationText(SASLJavaXMechanism.java:123)
at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:196)
at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:169)
at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:236)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.loginNonAnonymously(XMPPTCPConnection.java:373)
at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java:457)
at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1131)
at org.jivesoftware.LoginDialog$LoginPanel.access$900(LoginDialog.java:335)
at org.jivesoftware.LoginDialog$LoginPanel$3.construct(LoginDialog.java:894)
at org.jivesoftware.spark.util.SwingWorker.lambda$new$1(SwingWorker.java:138)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: codc1.xxx.net)]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)
at org.jivesoftware.smack.sasl.javax.SASLJavaXMechanism.getAuthenticationText(SASLJavaXMechanism.java:120)
... 10 more
Caused by: GSSException: No valid credentials provided (Mechanism level: codc1.xxx.net)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
... 12 more
Caused by: java.net.UnknownHostException: codc1.xxx.net
at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.security.krb5.internal.TCPClient.<init>(Unknown Source)
at sun.security.krb5.internal.NetClient.getInstance(Unknown Source)
at sun.security.krb5.KdcComm$KdcCommunication.run(Unknown Source)
at sun.security.krb5.KdcComm$KdcCommunication.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.krb5.KdcComm.send(Unknown Source)
at sun.security.krb5.KdcComm.sendIfPossible(Unknown Source)
at sun.security.krb5.KdcComm.send(Unknown Source)
at sun.security.krb5.KdcComm.send(Unknown Source)
at sun.security.krb5.KrbTgsReq.send(Unknown Source)
at sun.security.krb5.KrbTgsReq.sendAndGetCreds(Unknown Source)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(Unknown Source)
at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(Unknown Source)
at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
... 15 more
do you have a system property called xmpp.fqdn?
if not, please add it, with a value that matches your cname/dns record you used for your xmpp server.
for example:
xmpp.fqdn xmpp.XXX.net
yes, i have.
my dns record:
and the xmpp.fqdn on openfire-server:
update:
old-login-window:
new:
If you followed the video, than you likely have a cname xmpp.XXX.net that points to coof029.xxxxx.xxx. If so, use the cname for this value.
Ok, i did a mistake - i dont have a cname.
I created it now.
still get the same error message… but maybe i shoud check the video a one more time, after i realized that missing cname.
I followed the video, but I’m having issues as well. I know it DNS related, I get this error:
he following addresses failed: ‘_xmpp-client._tcp.dc02.xxx:5222’ failed because javax.naming.NameNotFoundException: DNS name not found [response code 3]; remaining name ‘_xmpp-client._tcp.dc02.xxx’, ‘dc02.xxx:5222’ failed because java.net.ConnectException: Connection timed out: connect
at org.jivesoftware.smack.SmackException$ConnectionException.from(SmackException.java:255)
My server properties are
XMPP Domain Name- dc02.xxx
Environment
Server Host Name: dc02.xxx
I have added the SRV records just as the video stated, but I didn’t use “externaldomain.com”, I used my local domain zone.
SRV Record:
Domain: xxx.xxx
Service: xmpp-client
Protocol: _tcp
Port Number 5222
Host offering service: xmpp.xxx
CNNAME:
Alisa: xmpp
FQDB: xmpp.xxx
FQDN Target: dc02.xxx
What am I doing wrong?
Abashi, i have replied on your other thread. Your xmpp domain and fqdn are wrong in Openfire. It shouldn’t be your server’s name.