We have installed JWChat using Wildfire. We have users that are coming into JWChat through SecurID (VPN) and are getting booted off about every 30 minutes or so. Any ideas why this may be happening? Is there some kind of heartbeat that is getting broken?
Any help would be appreciated…
Jason
The symptoms are identical to the problem in url=http://www.jivesoftware.org/community/thread.jspa?threadID=17033this thread[/url]. If your problem has the same cause, you’'ll find some workarounds in that thread as well.
This seems to be addressing and issue where the clients are idle. In my case, they are getting booted even if they are chatting with someone.
in addition, no other clients are experiencing this problem. we primarily use Miranda and Trillian, but our web users use JWChat.
thanks for your reply…
Message was edited by:
jase700
Sounds improbable, indeed. Well, there’‘s a quick way to be absolutely sure: change the xmpp.client.idle value (I’'m not sure if you need to restart your server before the changes take effect) and see if you still get disconnected after the time you specified.
Edit:
The problem described in that thread only occurs in certain clients (Trillian and Miranda notably not one of them, in contrast to Gaim).
we are still seeing the same problem as before. The user is also not able to see any graphics on her JWChat client either. Not sure if a specific setting has been enabled that would cause that in IE.
Update…
Here is some text from our error logs…
This is from the Debug logs… Notice the items in Bold[/b] If there is a better way to post code, please let me know…
2006.01.03 07:54:52 Connect Socket[addr=/163.252.29.48,port=4329,localport=5222]
2006.01.03 07:54:52 Logging off richardsong@link.sra.com/jwchat on org.jivesoftware.wildfire.net.SocketConnection@1c9e8e8 socket: Socket[addr=/163.252.29.48,port=4327,localport=5222] session: org.jivesoftware.wildfire.ClientSession@12961e6 status: -1 address: richardsong@link.sra.com/jwchat id: 5f0d06b6 presence:
2006.01.03 07:59:45 Trying to find a user’'s DN based on their username. sAMAccountName: Richardsong, Base DN: DC=gm,DC=sra,DC=com…
2006.01.03 07:59:45 Creating a DirContext in LdapManager.getContext()…
2006.01.03 07:59:45 Created hashtable with context values, attempting to create context…
2006.01.03 07:59:45 … context created successfully, returning.
2006.01.03 07:59:45 Starting LDAP search…
2006.01.03 07:59:45 … search finished
2006.01.03 07:59:45 In LdapManager.checkAuthentication(userDN, password), userDN is: CN=Richardson, Gary,OU=Galaxy,OU=SRA…
2006.01.03 07:59:45 Created context values, attempting to create context…
2006.01.03 07:59:45 … context created successfully, returning.
2006.01.03 08:01:57 Connect Socket[addr=/163.252.29.48,port=4353,localport=5222]
2006.01.03 08:01:58 Logging off richardsong@link.sra.com/jwchat on org.jivesoftware.wildfire.net.SocketConnection@40e46d socket: Socket[addr=/163.252.29.48,port=4338,localport=5222] session: org.jivesoftware.wildfire.ClientSession@171e404 status: -1 address: richardsong@link.sra.com/jwchat id: 128da157 presence:
[/b]
It appears to be logging him off, but he doesn’'t actually get logged out, he just gets set to unavailable. Once he changes his status back to Online, we can see him again…
Message was edited by:
jase700
we fixed it on my server i will get back to you on it
Hey Jason,
Wildfire will close idle client connections using a default of 30 minutes. However, when closing a connection you should have in the debug.log the following text “Closing connection that has been idle:” right before the text you have in bold. Since that text is not appearing my guess is that something else might be closing the connection. Could you check in the warn.log and error.log for any error next to the time of the bold entries in the debug.log?
Regards,
– Gato
That’'s part of the problem, there are no other errors we are getting. Sometimes a user is just getting a Service unavailable warning and is getting disconnected. We tried the idle time fix, but that has not helped. This seems to only affect users coming through using SecurID. I have been able to successfully connect from my home over a true VPN connection.
jase
Do you have any problem (without vpn ) before you have set xmpp.client.idle to -1 ? When jwchat got disconnected, how do things behave?
I haven’'t set xmpp.client.idle to -1 yet.
I have configured jwchat to go through tomcat ssl connection.
When jwchat got disconnected, it reflect in other client, psi, and in admin console session page, however jwchat, itself, doesn’'t know that it get disconnected. It is still showing as if it is connected.
I don’‘t mind jwchat got kicked out for 30 minutes idle session ( psi doesn’'t get kicked out for idle though). However I want jwchat to know that it got kicked out. I think that it is more of jwchat issue.
wmhtet
We never actually had consistent time outs, users would randomly get booted from JWChat. some users got booted and the client didn’'t know that they were logged off, some got totally disconnected. We were unable to put our finger on it, so we moved away from using JWChat and are now experimenting with Akeni.
jason
Jason and other interested parties
I would like to hack some code in it. I am not very good with the language though. I would appreciate any help.
Regards,
wmhtet
Hi wmhtet,
I looked once again for “Need a team to “bulletproof” JWChat for Wildfire”, that’'s a dead thread (no replies so far) from Jason. I think that only a few people are using JWChat and Wildfire because they think it it much to complicated to get it work.
I think that you also use tomcat and just deployed wildfire.war and jwchat.war and that was it.
Before changing anything I’'d like to check if this could be a recommended installation, so one can write installation manuals for win32 and linux to get a larger installation base and a build howto for JabberHTTPBind. Depending on the IE settings JWChat crashes IE sometimes, so also there a small document with a link to Firefox would be in my optinion nice. What do you think?
Do you want to change the Javascript code or the servlet (Java code)? I also have very limited time to work on the problems.
LG
Hi LG
Yeh, I have only put war file in the tomcat and that’‘s all. I would like to make Jwchat a reliable solution for web base client. (is there any other reliable alternative solution out there? ) Jwchat is very easy to deploy and to use. So I hope that it is not very hard to configured it to work perfectly well with wildfire. To be honest (you might have guessed), I am such a junior system administrator, I don’‘t know html, css or js. Well I have taken some programming classes, like C C++ and Java. I have tried some C# in M$ visual Studio .Net . That’'s all. If we are going to work on that, you will be the project leader . Let me know what you want me to do and your vision, I will try to do what I can.
The concept of secure web base client is very important because it will let the user to be able to access IM service on the road with minimum requirement of browser and internet connection.
After I have set xmpp.client.idle to -1 in the server, jwchat is not dropping connection for the whole night for jwchat default deploymonet without ssl and for jwchat with my customized configuration over tomcat ssl. I don’'t want to disable idle time out kick. I want to kicked out jwchat user after idle time out because it is important to kick out the jwchat user who is idle for 30 minutes or more for security reason. However, my problem right now is not that jwchat does not know when it got kicked out. Jwchat needs to know that it got kicked out and need to be able to handle that.
In the begining, I have been struggling with the jwchat deployment over tomcat ssl and making it easy for the user to access it. I haven’‘t noticed that it has issue with IE, even though I hate IE so much, somehow it is acting well with my IE for my initial testing but it is giving that annoysome message with firefox when I close the the Jwchat windows. So I even state that in my configuration to use internet explorer but I have found that (as what LG said “Depending on the IE settings JWChat crashes IE sometimes,”) it gives the same annoysome pop up with other IE (because of different setting.). I don’‘t mind making firefox, jwchat’'s prefer solution while making IE just another alternative. I have always wanted to discourage users from using IE which is the gate for troubles of the wicked internet.
wmhtet
At the moment, I am interested in how wildfire send the disconnect signal and how jwchat normally handle disconnect.
wmhtet
wmhtet: We also use JWChat (customized heavily), Tomcat JabberHTTPBind and Apache 2.
We had a case of users being logged out with a “service unavailable” error after about 5 minutes. We solved the issue with the following steps:
Add “xmpp.client.idle” to Wildfires system properties with a high value (for us, 8 hours in milliseconds)
Edit httpd.conf and edit the “Timeout” value (2000), “KeepAlive” (On) and “KeepAliveTimeout” (we now have it at 5, but maybe even two is enough - JWChats polling intervall is 2000 by default)
As I see, WChats reaction to a disconnect is to popup a message if it’'s a 503, and set the users online status to unavailable.
Is anyone here trying to connect users to JWChat through a VPN server. We use an Enterasys server and allow user to get to some apps through the web. Users that were using a standalone VPN client had no problem accessing the app. When users were forced to come in through our SecurID web access, that is when the problems started. Users would get kicked off from our various customer sites at random times and no real set interval.
thoughts?
Op3racional
I have installed jwchat with tomcat only. I would appreciate if you tell me the comparable configuration for tomcat. I think httpd.conf is for apache and web.xml is for tomcat right?
What should I put in the web.xml?
Regards,
wmhtet
I tried to add the following line in the server.xml ssl session.
connectionTimeout=“20000” KeepAlive= “On” KeepAliveTimeout=“5”
I
jase700: We are actually using an authentication/encryption server to access those webpages (extranet). The KeepAlive in our Webserver (Apache) was enough, but maybe SecurIDs solution has its own timeouts?
Our auth/ssl gateway also times users’’ sessions out after 4 hours, but that is the whole session, so they have to log in again to even access the website.