New install of openfire / spark, Spark wont connect

hi
i installed the latest version of openfire, on a windows 2008 R2 server.
its authenticated to the AD correctly, and i can logon via the web page to edit the config.etc

but when attempting to connect via spark, i get
"Cant connect to server: invalid name or server not reachable"

changing settings to use IP address of server gets "unable to verify certificate"
changing it to “allow all certificates” = “Certificate hostname verification failed”

any suggestions?

You will be able to login if you also check Disable certificate hostname verification. But that is very bad and you can just disable SSL all together. Using IP address is not recommended. When you first tried to login what have you provided as your domain in Spark? This name should be in your DNS for Spark to know how to find the server. It should also be the same as XMPP Domain value which is shown in Admin Console. You can also work around this by putting IP address into host field on Advanced settings in Spark and still put XMPP Domain name into Domain field in Spark on the login page.

Watch this How To: Video on setting up SSO/AD with Openfire
Or read this http://www.wroot.lt/wp/technology/very-basic-openfire-spark-guide-en/
on how to do things correctly.

Hi
thanks for your reply. unfortunately i haven’t advance any further.
(im trying to set up openfire + spark to work with Active directory for the company(

Heres whats set up.
Openfire is installed, i can see the users and groups pulled infrom AD.
i havent made any other changes.

from spark, i can log on with the administrator account, but not with any other accoount.

every other account gives me “unable to verify certificate” - when trying to logon via IP

other wise i get “Cant connect to server. Invalid name or server not reacable”

im probably missing some config on the openfire server, but i cant find any info in the documentation.
any help is appreciated.

Have you watched that video guide or read my guide? It talks about DNS, which you have to setup for it to work correctly. Of course, using IP is the lazy way, which could work at first and later create problems. As i’ve said, you can check “Disable certificate hostname verification” in Spark’s advanced settings and then you will probably be able to login with IP. But it is not recommended. You can also put IP into host field on Advanced settings and on Login screen in Spark put your xmpp domain into Domain field. XMPP Domain is shown on the first page of Admin Console of Openfire. This is the “name” of your Openfire that you have specified during installation. But i suspect your xmpp domain is probably also an IP address. In which case i suggest reinstalling everything from scratch and give it some name during setup. If you have access and know how to work with DNS in your network, you can even create records for that name, so Spark won’t give you not reachable errors when trying to login with that name.

hi
ive gone through the video, and numerous PDFS from jonathan munch, but am getting nowhere fast.

really frustrating, loads of different info out there…

going to see if i can set it up with out AD. before i look at other options :frowning:

Don’t know who’s that jonathan munch and how can i be more specific. DNS stuff is trivial for network administrators.

What step is unclear in the guide i have linked? http://www.wroot.lt/wp/technology/very-basic-openfire-spark-guide-en/ have you done everything how described? Reinstalled, setup a proper name and then setup a DNS record for that name? If this is hard, then i guess you can look into other options.

I have twice provided you advice on how you can overcome the “Certificate hostname verification failed” error. Let’s try again:

  • On Spark login screen put IP of your Openfire server
  • Press Advanced
  • Check the “Disable certificate hostname verification (not recommended)” option
  • Press OK
  • Press login

It should login then. It is not recommended as you will not check SSL certificate in this case and one can present forged certificate to your client and it won’t warn a user. But at least you can check if you can login this way. Or you can download Spark 2.7.7 version and use it, as it wasn’t checking certificates at all. https://github.com/igniterealtime/Spark/releases/tag/v2.7.7