Hello,
Recently attempted to migrate our openfire server from windows server (3.9.3/EmbeddedDB) to Debian (4.0.2/EmbeddedDB).
I stopped the service on the windows server, copied the openfire directory over and then moved all of the data that was previously
in “C:\Program Files (x86)\Openfire” into their new respective directories in /usr/share/openfire (following symlinks), then started
the openfire service on the new server.
Much to my surprise the web interface came up and my credentials worked. Everything seemed good but I did need to correct
paths for logs and things like that from the old C:* directories to the new /usr/* ones.
Only issue seems to be when I connect via a client (spark 2.6.3 and or 2.7.7) I am immediately kicked. This is true for all users
and clients, new spark installs and old spark installs, newly created users and users created prior to migration.
I have turned debug on from the server in an attempt to get an idea of what’s going on and this is what I’m seeing there…
From the Server’s Debug Logs:
Queue : [MESSAGE_SENT, , SESSION_CLOSED, ]
2016.08.03 09:12:51 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_CLOSED to session 137
at java.lang.Thread.run(Thread.java:745)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1132)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$800(AbstractPoll ingIoProcessor.java:67)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeSessions(Abstract PollingIoProcessor.java:560)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeNow(AbstractPolli ngIoProcessor.java:600)
at org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoSe rviceListenerSupport.java:244)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(Default IoFilterChain.java:375)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)
at org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter. java:88)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed (DefaultIoFilterChain.java:750)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilte rChain.java:47)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)
at org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:439)
at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:204)
at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1548)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1618)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1650)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
javax.net.ssl.SSLException: Inbound closed before receiving peer’s close_notify: possible truncation attack?
2016.08.03 09:12:51 org.apache.mina.filter.ssl.SslHandler - Unexpected exception from SSLEngine.closeInbound().
2016.08.03 09:12:51 org.apache.mina.filter.ssl.SslFilter - Session Server[137]: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=69 cap=132: 15 03 03 00 40 6D B1 9B 7F 9A A7 0D 17 2D CB C2…]
From the Client’s Spark Error logs:
Aug 03, 2016 8:40:21 AM org.jivesoftware.spark.util.log.Log error
SEVERE:
Invalid connection.:
at org.jivesoftware.smackx.bookmark.BookmarkManager.(BookmarkManager.java:77 )
at org.jivesoftware.smackx.bookmark.BookmarkManager.getBookmarkManager(BookmarkMan ager.java:58)
at org.jivesoftware.spark.ui.conferences.ConferenceServices$3.run(ConferenceServic es.java:164)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
These two things seem to be the only information that is repeating with the same frequency and my client automatically attempts to reconnect every… 3 seconds I think. On the server I see SSL issues, in the Openfire settings it is pointed at the correct keystore locations and with keytool I can list the stores with the default password so I’m not sure what else to look at. Is there a way I can determine if it’s an SSL issue causing the disconnect? It does kinda seem that way but then again I don’t know much java so there might be something more obvious here.
Let me know if you need any other information and thanks for the help!
-Bradford