our Openfire server is on a VM (windows 2022 + sql server 2019) and the whole VM was lifted from one windows domain and dropped into a brand new Windows domain.
Windows was added to the new domain (so far, so good) except everything else was broken.
We managed to get SQL server going by re-entering the service account in Services in Control Panel and then, deleting and re-adding all domain accounts in SQL Server Studio but we can’t get a connection to the OpenFire console (127.0.0.1:9090). We get the following error:
Login Failed. The login is from an untrusted domain and cannot be used with Integrated Authentication.
so, am i crazy here? we need to change the account settings in the OpenFire console but the get the console running it needs to connect to SQL server first which is impossible since the account is wrong, is that Catch-22?
Hi! I’m not as proficient with SQL Server configuration as some others (paging @speedy), so I’m going to be of limited help.
Openfire’s database connectivity is configured in a flat file, called openfire.xml. The credentials that are used are typically encrypted in that file, but I think that you can override them with simple plain-text values (the encryption is there primarily to prevent people from reading back the configured values - after providing new values, I think Openfire will automatically update that file to encrypt them again). Your mileage may vary - and depending on the nature of the issue, this may not be a fix at all - but it’s worth a try!
EDIT: ignore everything I wrote below, turns out if I delete the property Encrypted then I can enter the username and password in plain text. Hopefully, this can help someone else
Now that the console is running, is there an Openfire built-in account that I can use to log on to the console since all domain accounts are from the old domain?
END EDIT
Thank you so much! This is a great suggestion and I tried it
in the username and password tags, where it says “Encrypted=true” I changed it false and entered my new username and password but now the error changed to
illegal base64 character 2d
which, by trial and error, I found out it’s because the username contains a dash and password contains another non-letter character.
what is the purpose of the tag “OneTimeAccessToken”? The description is:
One time token to gain temporary access to the admin console.
I just need to open the console so I can change the domain account that’s used for authentication
Good to hear that you’ve got things back up and running!
There is no built-in account, but you can configure temporary access to Openfire. This is described in the following guide: Openfire: Recovery of an Admin Password