Openfire has stopped accepting logins

We have openfire installed on a Server 2008 R2 standard server. It ran fine until last week when I installed 2008 R2 Service Pack 1. Since then users have not been able to login with Spark. Login simply fails.

I have tried to login from the web console - http://gimli:9090/login.jsp. Login fails there also corresponding to the entries in warn.log below. The message on the console is:

Login failed: make sure your username and password are correct and that you’re an admin or moderator.

The first thing I tried to fix it was to upgrade Openfire. The version installed is now 3.7.1

How do I troubleshoot this problem?

warn.log

2012.06.18 11:17:35 org.jivesoftware.admin.LoginLimitManager - Failed admin console login attempt by rocketd from 192.168.30.1

2012.06.18 11:17:43 org.jivesoftware.admin.LoginLimitManager - Failed admin console login attempt by rocketd from 192.168.30.1

2012.06.18 11:17:49 org.jivesoftware.admin.LoginLimitManager - Failed admin console login attempt by jallen from 192.168.30.1

2012.06.18 11:39:54 org.jivesoftware.admin.LoginLimitManager - Failed admin console login attempt by jallen from 192.168.30.1

2012.06.18 11:40:03 org.jivesoftware.admin.LoginLimitManager - Failed admin console login attempt by jallen from 192.168.30.1

2012.06.18 12:03:22 org.jivesoftware.admin.LoginLimitManager - Failed admin console login attempt by jallen from 192.168.10.6

info.log

console listening at:

http://gimli:9090

https://gimli:9091

2012.06.18 11:16:39 org.jivesoftware.openfire.spi.ConnectionManagerImpl - Started server (unencrypted) socket on port: 5269

2012.06.18 11:16:39 org.jivesoftware.openfire.spi.ConnectionManagerImpl - Started plain (unencrypted) socket on port: 5222

2012.06.18 11:16:39 org.jivesoftware.openfire.spi.ConnectionManagerImpl - Started SSL (encrypted) socket on port: 5223

2012.06.18 11:39:40 org.jivesoftware.openfire.pubsub.PubSubModule - Publish-Subscribe domain: pubsub.gimli

2012.06.18 11:39:40 org.jivesoftware.openfire.muc.spi.MultiUserChatServiceImpl - Multi User Chat domain: conference.gimli

2012.06.18 11:39:40 org.jivesoftware.openfire.XMPPServer - Openfire 3.7.1 [Jun 18, 2012 11:39:40 AM]

2012.06.18 11:39:41 org.jivesoftware.openfire.container.AdminConsolePlugin - Admin console listening at:

http://gimli:9090

https://gimli:9091

2012.06.18 11:39:41 org.jivesoftware.openfire.spi.ConnectionManagerImpl - Started server (unencrypted) socket on port: 5269

2012.06.18 11:39:41 org.jivesoftware.openfire.spi.ConnectionManagerImpl - Started plain (unencrypted) socket on port: 5222

2012.06.18 11:39:41 org.jivesoftware.openfire.spi.ConnectionManagerImpl - Started SSL (encrypted) socket on port: 5223

Thanks for help.

Jon

Could it be a firewall issue?

Thanks for the firewall idea. The firewall is turned off for the domain profile.

It was working on this server since the server was deployed 1 year ago.

Are there known problems with Windows 2008 R2 SP1? I did look at this link - http://community.igniterealtime.org/docs/DOC-2200 - and applied the Kerboris related hotfix from http://support.microsoft.com/kb/2526946. But it made no difference to the problem.

Openfire login is integrated with AD. How can we test that Openfire is able to query AD?

Thanks - Jon

My bad, this can’t be a firewall issue as you get bad credentials error. Something has changed on the AD side i think, but i don’t know much about this. Have you changed the user’s you are administrating Openfire password recently? I would try to rerun the web setup process. To do this you should stop the Openfire, edit /conf/openfire.xml and change tag to false, then launch the server and go through a setup again putting the same settings.

Thanks! Rerunning setup fixed the problem. We had changed the password on the domain admin account.

Openfire stores the password in plaintext, you dont want this account to be a domain admin. You should only need a domain user account to run these ldap queries. No special privs required to read AD. (Assuming a relatively default AD configuration)