S2s (mostly Google Talk) problems

Hello everyone,

this is my first post here, and I’ve really tried to find the answer by myself before bothering you. Also please be tolerant in case of any language mistakes - English is not my native language and even if I try, some bad vocabulary/grammar may happer

So, let’s go with the problems.

1. Google Talk:

As it was some time ago with 3.5.0 version of Openfire, my gmail contacts are no longer visible. I can’t add, authorize and - of course - talk with them. After adding a contact on Openfire or the Gmail side, I can see packet traffic on my network interface (here: http://wklej.org/id/152101/ is some output from tcpdump), but nothing happens on the client sides (I’ve tried Adium under Mac OS X and Pidgin for Linux/Windows on my side; Gtalk built-in web interface and Pidgin on Linux machine on Google side). The only information that I have is something from warn.log (why not error.log, by the way?):

2009.09.19 04:20:38 Error returning error to sender. Original packet:

org.jivesoftware.openfire.PacketException: Cannot route packet of type IQ or Presence to bare JID:

at org.jivesoftware.openfire.spi.RoutingTableImpl.routePacket(RoutingTableImpl.jav a:217)

at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.return ErrorToSender(OutgoingSessionPromise.java:285)

at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(Ou tgoingSessionPromise.java:219)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java: 885)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)

After releasing 3.5.2 problem disappeared, but now (I can’t tell, for how long) it’s happening again.

The second thing is, my Openfire sometimes acts like it have lost the ability to resolve DNS. Here’s an example: I’m trying to add contant from other jabberd (Openfire too, if anyone concerned) and my error.log is then filled with this:

2009.09.19 04:21:28 [org.jivesoftware.openfire.server.ServerDialback.createOutgoingSession(ServerDi alback.java:257)] Error creating outgoing session to remote server: jabber.idg.pl(DNS lookup: jabber.idg.pl)

org.xmlpull.v1.XmlPullParserException: expected start tag name and not / (position: START_DOCUMENT seen </… @1:2)

at org.xmlpull.mxp1.MXParser.parseProlog(MXParser.java:1475)

at org.jivesoftware.openfire.net.MXParser.nextImpl(MXParser.java:332)

at org.xmlpull.mxp1.MXParser.next(MXParser.java:1093)

at org.jivesoftware.openfire.server.ServerDialback.createOutgoingSession(ServerDia lback.java:218)

at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSess ion(LocalOutgoingServerSession.java:371)

at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain (LocalOutgoingServerSession.java:144)

at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPa cket(OutgoingSessionPromise.java:239)

at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(Ou tgoingSessionPromise.java:216)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java: 885)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)

at java.lang.Thread.run(Thread.java:619)

Of course my machine is able to resolve that name and connect to jabberd on it:

insomniac /var/log/openfire # host jabber.idg.pl

jabber.idg.pl has address 194.69.207.130

insomniac /var/log/openfire # telnet jabber.idg.pl 5269

Trying 194.69.207.130…

Connected to jabber.idg.pl.

Escape character is ‘^]’.

^]

telnet> Connection closed.

insomniac /var/log/openfire #

So for me it looks like Java have some troubles with resolving DNS names. I’ve tried running Openfire (or, maybe, java) as root to be sure that’s not problem with accessing resolv.conf or sth, but still no results. It’s kinda weird, as long as it don’t want to work with some hosts and works pretty with others (so I assume it can’t be any ‘global’ or ‘server-wide’ issue, right?).

If it will help in any way, here is some additional information:

• Openfire 3.6.4;

• FreeBSD 7.2-RELEASE amd64;

• diablo-jdk1.6.0

• no limits for memory/processor tasks for user ‘openfire’.

I’m looking forward for hearing any news from you. If I need to add additional informations, please just give me a sign.

Thanks in advance,

• Bartek

Hi Bartek,

There is an issue OF-44 with Openfire and Google talk.

This should be fixed in the next release for a workaround add the Openfire system property "dnsutil.dnsOverride" with the value "{gmail.com,xmpp-server.l.google.com:5269}".

But your second problem shouldn’t be related to this issue and no DNS issue. It looks like jabber.idg.pl produces some XML stream error, but I haven’t verified this.

Hi Guenther,

thanks for interesting on my problem.

I’ve added the value into my system properities (http://skitch.com/ftpd/b9hm3/gmail) but it still doesn’t work. I’ve tried restaring Openfire too - still no effects and the same message in warn.log.

Hmm, your screenshot looks good. It works for me, I’ve set dnsutil.dnsOverride to {gmail.com,xmpp-server.l.google.com:5269},{googlemail.com,xmpp-server.l.google.com:5269} (see attached screenshot). Is your server able to connect to jabber.org via S2S? My Openfire 3.6.4 server can only get an unsecured S2S connection to gmail, do you setup the Server Connection Security to optional? I think a server restart should not be neccesary.

dns-override.png1185×320 21.5 KB

successful-connection.png1214×328 35.3 KB

Yes, I’m able to connet s2s to jabber.org and many other servers (see screenshot). My security settings are also correct, server was restarted (just to be sure), everything looks good. But… still no connection to gmail

I’m just wondering the other thing: do I need to add SRV records on my DNS? I think not, as far my jabber-id (@insomniac.pl) has the same hostname as FQDN of my server. Is that true?

connected-servers.jpg703×554 68.1 KB

I’m just wondering the other thing: do I need to add SRV records on my DNS? I think not, as far my jabber-id (@insomniac.pl) has the same hostname as FQDN of my server. Is that true?

According to the RFC the normal IPv4/IPv6 address record resolution is a fallback. I think this should be implemented in all XMPP servers but can’t verify this and I don’t know any google internals . I think you should try to provide SRV records (this should also increase the s2s performance a little), but if you can’t it should work with the FQDN.

Can you enable the debug log and provide more infos about the connection to gtalk and the other S2S connection failure?

Here’s entry in debug.log while trying to add gmail contact:

2009.09.23 18:51:36 LocalOutgoingServerSession: OS - Trying to connect to gmail.com:5269(DNS lookup: xmpp-server1.l.google.com:5269)
2009.09.23 18:51:37 LocalOutgoingServerSession: OS - Plain connection to gmail.com:5269 successful
2009.09.23 18:51:37 LocalOutgoingServerSession: OS - Going to try connecting using server dialback with: gmail.com
2009.09.23 18:51:37 ServerDialback: OS - Trying to connect to gmail.com:5269(DNS lookup: xmpp-server.l.google.com:5269)
2009.09.23 18:51:37 ServerDialback: OS - Connection to gmail.com:5269 successful
2009.09.23 18:51:37 ServerDialback: OS - Sent dialback key to host: gmail.com id: 355B32BAA0023BFB from domain: insomniac.pl
2009.09.23 18:51:37 ServerDialback: OS - Unexpected answer in validation from: gmail.com id: 355B32BAA0023BFB for domain: insomniac.pl answer:<stream:error xmlns:stream=“http://etherx.jabber.org/streams”><str:text xmlns:str=“urn:ietf:params:xml:ns:xmpp-streams”>insomniac.pl is a Google Apps Domain with Talk service enabled.</str:text></stream:error>
2009.09.23 18:51:37 OutgoingSessionPromise: Error sending packet to remote server:

java.lang.Exception: Failed to create connection to remote server
at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPa cket(OutgoingSessionPromise.java:252)
at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(Ou tgoingSessionPromise.java:216)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java: 885)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
at java.lang.Thread.run(Thread.java:619)

And here something that show while I’m trying to add myself from gmail:

2009.09.23 18:54:15 JettyLog: EXCEPTION
javax.net.ssl.SSLException: Inbound closed before receiving peer’s close_notify: possible truncation attack?
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1366)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1334)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1273 )
at org.mortbay.jetty.security.SslHttpChannelEndPoint.fill(SslHttpChannelEndPoint.j ava:448)
at org.mortbay.jetty.security.SslHttpChannelEndPoint.fill(SslHttpChannelEndPoint.j ava:200)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:282)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:205)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:488)
2009.09.23 18:54:15 JettyLog: EOF

<stream:error xmlns:stream=“http://etherx.jabber.org/streams”>

<str:text xmlns:str=“urn:ietf:params:xml:ns:xmpp-streams”>

insomniac.pl is a Google Apps Domain with Talk service enabled.

</str:text>

</stream:error>

Hmm, where did you setup the string “insomniac.pl is a Google Apps Domain with Talk service enabled.”? Which modifications or plugins do you have?

Hmm, I don’t know what goes wrong, the DNS part is successfull, maybe problems with incorrect XML or XMPP stanzas, server certificates or compression…

Maybe you could use a network sniffer to log and post the TCP packets to analyse what goes wrong?

Hah, it was just the right hit

Since some time I’ve used mail for my domain, insomniac.pl hosted on Google Apps service. Little did I don’t know, is a fact that when one is registering his own domain on Google Apps, Google is so “kind” to add chat, calendar and all this stuff automatically. Nice ‘bonus’, Google, really

Now, after disabling chat on Google Apps, everything is working. Many thanks for your help, Guenther, and as the result pointing out that info from log I’ve missed.