Login to admin web UI

From this ordeal, it is clear that OF dev team misunderstands the way log levels are supposed to be used. This is how it is usually done:

Critical logs messages from errors that prevent the server serving its clients.
Error logs messages from all errors.
Warning logs additional messages considered minor.
Info logs additional messages considered even less important.
Debug, finally, dumps stack traces on top of Critical and Error messages.

Doing otherwise defeats the purpose of setting log levels because now, with Debug = false in the server settings and Info in log4j2.xml, I still am being flooded with stack traces that I do not want to see.

To recap:
Errors from closing connections still should be looked after.
SRV records warning still should be looked after. If nslookup can query them fine, then OF should as well.
Encryption cert/key warning should be looked after.
Seeing how OF complains about items clearly present, I can only think of one reason for those warnings: the actual queries in the code do not match the information shown on the front end.
If I did not paste enough logs here you should let me know and I’ll provide, but I have neither knowledge nor time to investigate all of that on my own. I am not able to go into every code base that I have to admin.

I notice this thread has been noisy, I will respond to it all in a single post to prevent it getting anymore noisy.

I am not able to babysit the server for extended intervals, but yes, hundreds of connections appear very soon after restart. I don’t know how soon but it is within a few hours meaning less than 2-3. This is a server that only 3 of my test IM clients hit, nobody else. So, only a handful of test IMs are being exchanged, no outside world.

Unfortunately this is a lot of what sysadmin is… you got to have the time to sit there and watch what is going on, and monitor the server, if you can’t do this then maybe you need to consider outsourcing the hosting to someone else who can monitor the server, servers aren’t just setup and leave, they must be maintained.

It is too late to reinstall. I’ve already beaten my head against the wall with 4.7.3 for long enough to run out of allotted time, having not known that it was a bugged release. I only came here, having exhausted every note left by the admin of the old 4.6 install about config items they had to put, so enough time had been wasted as it stands.

I haven’t got experience with the older versions, however is there any reason you couldn’t give 4.8.1 a shot? 4.8.x includes the netty rewrite which heavily modifies how Openfire handles network connections, and see as you are having issues with network connections, this might be a good idea. I understand it is time consuming, but there is not many alternatives.

Windows or not, my web, application, DB or SMTP/POP3 servers or whatnot only listen on the specified ports and make no rogue connections to themselves, needless to say not in the 100-s. Apparently, 4.6 had not done it, otherwise there would have been a note to that affect in our ITIL.

Wait, are these applications on the same server? Could you unplug the network to the server, and kill all services using the server and see if it is actually Openfire making these connections to themself, or some other program on the same server.

The ‘domain’ of this server is domain.com. Its host name is mail.
The certificate for domain.com is listed right under that message, in the Identity table.
So what is missing? Does the message actually mean that OF expects a certificate for mail.domain.com hostname?

This warning appears when there is one or more missing FQDNs within the certificate, for whatever reason Openfire requires all the FQDNs to be within a single certificate, therefore requiring the use of SAN certificates, or a wildcard certificate (if you don’t want to mess about, maybe just stick a wildcard certificate in, and call it a day).

What FQDNs you are missing is dependent on your configuration.

This IS a fresh install on a test lab to be prod soon.

Possible issue with your configuration? by “fresh” you mean the very base installation, no further configuration? all default values (apart from the domain name etc).

From this ordeal, it is clear that OF dev team misunderstands the way log levels are supposed to be used. This is how it is usually done:
Critical logs messages from errors that prevent the server serving its clients.
Error logs messages from all errors.
Warning logs additional messages considered minor.
Info logs additional messages considered even less important.
Debug, finally, dumps stack traces on top of Critical and Error messages.

Openfire is open source, if there is an issue you are free to patch it, the codebase is old and the logging decision was made decades ago, going through the codebase and changing what messages classify as what log level is a lengthy process, and none of the developers are paid to do so. The logging works, even if it is possibly too verbose, there is bigger fish to fry.

Secondly, nobody here is paid to support you, they have no obligation to help, continuing being aggressive and flinging mud will not yield a solution, and will likely result in your messages simply being ignored.

To recap:
Errors from closing connections still should be looked after.
SRV records warning still should be looked after. If nslookup can query them fine, then OF should as well.
Encryption cert/key warning should be looked after.
Seeing how OF complains about items clearly present, I can only think of one reason for those warnings: the actual queries in the code do not match the information shown on the front end.
If I did not paste enough logs here you should let me know and I’ll provide, but I have neither knowledge nor time to investigate all of that on my own. I am not able to go into every code base that I have to admin.

A recap is not required, people are more than able to scroll through the thread history and see what has been attempted, and what the results of said attempt were.

Also please stop making the logging your enemy, the logging isn’t what is causing your issues and you are making a huge deal out of a small problem.

Please consider some of the suggestions above.

They suggest things that are already covered in this long thread, so the recap is necessary.

It is one of them.

They’ve been considered prior to my posting here.
I’ve set up SRV records by copying and pasting the items required by OF admin UI, yet it is still not satisfied. I only do that it requires from me and report back that which it shows me, whereas suggestions above are for new, different items.

I never have. I only want to control it as it is offered by OF specifications, and me having worked with softwares that log, for 3 long decades, I know when one logs enough or more than enough. OF logs profusely and way more than reasonable, and that cannot be controlled. It is totally up to the dev team whether they accept this as valid feedback or push back and oppose that - I’ve done my part and raised this issue. Their call.

The firewall rule is not addressed/looked after. The solution was found elsewhere.
The certificate message is not addressed looked after.
The error closing connections is not addressed/looked after.
If no one is interested or willing to help then just say so, and I will stop wasting my and your time. We are all people, not robots, and I understand ‘yes’ and ‘no’.

Many have tried to help and are willing too. Yes the logs can be a little busy. We all agree on that. But thats not a blocker by any means.
Again, given that no one has been able to reproduce your issue, it suggest something unique to your setup.

This thread has gotten off topic, and is not currently productive. I’m going to close it. Please feel free to start a new one if you feel like its warranted.

1 Like