Migrating from Windows to Debian Almost Successful... Clients Disconnect

Bradford · August 3, 2016, 4:30pm

Hello,

 Recently attempted to migrate our openfire server from windows server (3.9.3/EmbeddedDB) to Debian (4.0.2/EmbeddedDB).

I stopped the service on the windows server, copied the openfire directory over and then moved all of the data that was previously

in “C:\Program Files (x86)\Openfire” into their new respective directories in /usr/share/openfire (following symlinks), then started

the openfire service on the new server.

 Much to my surprise the web interface came up and my credentials worked. Everything seemed good but I did need to correct

paths for logs and things like that from the old C:* directories to the new /usr/* ones.

 Only issue seems to be when I connect via a client (spark 2.6.3 and or 2.7.7) I am immediately kicked. This is true for all users

and clients, new spark installs and old spark installs, newly created users and users created prior to migration.

I have turned debug on from the server in an attempt to get an idea of what’s going on and this is what I’m seeing there…

From the Server’s Debug Logs:

Queue : [MESSAGE_SENT, , SESSION_CLOSED, ]

2016.08.03 09:12:51 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_CLOSED to session 137

at java.lang.Thread.run(Thread.java:745)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1132)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$800(AbstractPoll ingIoProcessor.java:67)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeSessions(Abstract PollingIoProcessor.java:560)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeNow(AbstractPolli ngIoProcessor.java:600)

at org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoSe rviceListenerSupport.java:244)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(Default IoFilterChain.java:375)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

at org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter. java:88)

at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed (DefaultIoFilterChain.java:750)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilte rChain.java:47)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

at org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:439)

at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:204)

at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1548)

at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1618)

at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1650)

at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)

javax.net.ssl.SSLException: Inbound closed before receiving peer’s close_notify: possible truncation attack?

2016.08.03 09:12:51 org.apache.mina.filter.ssl.SslHandler - Unexpected exception from SSLEngine.closeInbound().

2016.08.03 09:12:51 org.apache.mina.filter.ssl.SslFilter - Session Server[137]: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=69 cap=132: 15 03 03 00 40 6D B1 9B 7F 9A A7 0D 17 2D CB C2…]

From the Client’s Spark Error logs:

Aug 03, 2016 8:40:21 AM org.jivesoftware.spark.util.log.Log error

SEVERE:

Invalid connection.:

at org.jivesoftware.smackx.bookmark.BookmarkManager.(BookmarkManager.java:77 )

at org.jivesoftware.smackx.bookmark.BookmarkManager.getBookmarkManager(BookmarkMan ager.java:58)

at org.jivesoftware.spark.ui.conferences.ConferenceServices$3.run(ConferenceServic es.java:164)

at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)

at java.util.concurrent.FutureTask.run(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

These two things seem to be the only information that is repeating with the same frequency and my client automatically attempts to reconnect every… 3 seconds I think. On the server I see SSL issues, in the Openfire settings it is pointed at the correct keystore locations and with keytool I can list the stores with the default password so I’m not sure what else to look at. Is there a way I can determine if it’s an SSL issue causing the disconnect? It does kinda seem that way but then again I don’t know much java so there might be something more obvious here.

Let me know if you need any other information and thanks for the help!

-Bradford

Bradford · August 3, 2016, 6:20pm

Also may be important as I’ve read some people using Java 8 are experiencing the same symptoms that I have…

Debian 8.5 (amd64)

$ dpkg --get-selections | grep java

ca-certificates-java

java-common

tzdata-java

$ dpkg --get-selections | grep jre

openjdk-7-jre-headless:amd64

$ dpkg -s openjdk-7-jre-headless:amd64 | grep Version

Version: 7u101-2.6.6-2~deb8u1

$ dpkg -s java-common | grep Version

Version: 0.52

As far as I can tell I am using Java 7u101 or 1.7, however you want to call it.

UPDATE: Err, from PSA “The recently released Openfire 4.0.2 appears to run into problems when it is ran by Java 7. To work around issues, please use Java 8 or revert back to Openfire 4.0.1. To download older versions substitute version numbers in the download link.”

I am using 4.0.2 and Java 7… So I’ve uninstalled 4.0.2, downloading 4.0.1 and will install that and report back. Also I’ve reverted Spark back to 2.6.3 since the newer versions bundle Java8 vs Java7 and causes some other issues. Also from a PSA facepalm.

UPDATE: That was exactly what it was. Uninstalled Openfire 4.0.2 and Installed Openfire 4.0.1. Assuming I could have also Uninstalled JRE 7 and replaced it with JRE 8, and the newest Spark would also work with it but that’s all for another day.

I will be marking this as solved or whatever. Thanks for reading!

wroot · August 3, 2016, 7:39pm

Bradford wrote:

Also I’ve reverted Spark back to 2.6.3 since the newer versions bundle Java8 vs Java7 and causes some other issues. Also from a PSA facepalm.

You will run into problems when using Spark 2.6.3 with Openfire 3.10+. The issue in the announcement only happens to a few users and is not related to Java 7. It could be that 2.7.7 will work fine for you.

Bradford · August 3, 2016, 7:43pm

Is the problem that incoming messages are not displayed until closing the chat window and re-opening it? Because that seems to be an issue that I’m having now that I can stay connected.

Thanks wroot.

wroot · August 3, 2016, 7:51pm

The issue in the announcement is about not being able to connect to a server after updating to 2.7.6 version. As i’ve said only a small number of users (only two reports so far) is affected. The issue you describe sounds like one, which was in 2.6.3 and older versions.

Bradford · August 3, 2016, 10:19pm

I’ve installed spark 2.7.7 and now it seems I have no problems whatsoever. Thanks for the replies wroot!