Yep, both running 4.0.1
machine #2 who receivices messages but can’t send shows the following in debug.log
2016.01.28 17:43:35 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: machine#1 for OS: machine #2 (id ai8bh3jcx3)] - Successfully negotiated TLS with AS…
2016.01.28 17:43:35 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: machine#1 for OS: machine #2 (id ai8bh3jcx3)] - Send the Authoritative Server a stream header and wait for answer.
2016.01.28 17:43:35 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: machine#1 for OS: machine #2 (id ai8bh3jcx3)] - Got a response.
2016.01.28 17:43:35 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS:machine#1 for OS: machine #2 (id ai8bh3jcx3)] - The remote server is XMPP 1.0 compliant (or at least reports to be).
2016.01.28 17:43:35 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: machine#1 for OS: machine #2 (id ai8bh3jcx3)] - Request for verification of the key and wait for response
2016.01.28 17:43:35 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: machine#1 for OS: machine #2 (id ai8bh3jcx3)] - Key was VERIFIED by the Authoritative Server.
2016.01.28 17:43:35 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: machine#1 for OS: machine #2 (id ai8bh3jcx3)] - Successfully verified key!
2016.01.28 17:43:35 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Validate domain:machine #2 (id ai8bh3jcx3) for OS: machine#1] - Dialback key isvalid. Sending verification result to remote domain.
2016.01.28 17:43:35 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Validate domain:machine #2(id ai8bh3jcx3) for OS: machine#1] - Successfully validated domain!
Furhter more machine #2 shows:
2016.01.28 17:49:49 org.jivesoftware.openfire.net.SocketUtil - Found 1 host(s) for XMPP domain ‘machine #1’.
2016.01.28 17:49:49 org.jivesoftware.openfire.net.SocketUtil - Trying to create socket connection to XMPP domain ‘machine #1’ using remote host: machine #1:5269 (blocks up to 120000 ms) …
2016.01.28 17:49:49 org.jivesoftware.openfire.net.SocketUtil - Successfully created socket connection to XMPP domain ‘machine #1’ using remote host: machine #1:5269!
2016.01.28 17:49:49 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: machine #2 to machine #1] - Send the stream header and wait for response…
2016.01.28 17:49:49 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: machine #2 to machine #1] - Got a response (stream ID: 6wuxepktd8, version: 1.0). Check if the remote server is XMPP 1.0 compliant…
2016.01.28 17:49:49 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: machine #2 to machine #1] - The remote server is XMPP 1.0 compliant (or at least reports to be).
2016.01.28 17:49:49 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: machine #2 to machine #1] - Processing stream features of the remote domain…
2016.01.28 17:49:49 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: machine #2 to machine #1] - Check if both us as well as the remote server have enabled STARTTLS and/or dialback …
2016.01.28 17:49:49 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: machine #2 to machine #1] - Both us and the remote server support the STARTTLS feature. Secure and authenticate the connection with TLS & SASL…
2016.01.28 17:49:49 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure/Authenticate connection for: machine #2 to: machine #1] - Securing and authenticating connection …
2016.01.28 17:49:49 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure/Authenticate connection for: machine #2 to:machine #1] - Indicating we want TLS and wait for response.
2016.01.28 17:49:49 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure/Authenticate connection for: machine #2 to: machine #1] - Received ‘proceed’ from remote server. Negotiating TLS…
2016.01.28 17:49:49 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 163, accepts self-signed: true, checks validity: true
2016.01.28 17:49:50 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Attempting to verify a chain of 1 certificates.
2016.01.28 17:49:50 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Attempting to accept the self-signed certificate of this chain of length one, as instructed by configuration.
2016.01.28 17:49:50 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Chain of one appears to be self-signed. Adding it to the set of trusted issuers.
2016.01.28 17:49:50 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Validating chain with 1 certificates, using 158 trust anchors.
2016.01.28 17:49:50 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure/Authenticate connection for: machine #2 to:machine #1] - TLS negotiation was successful. Connection secured. Proceeding with authentication…
2016.01.28 17:49:50 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: machine #2 to machine #1] - Unable to secure and authenticate the connection with TLS & SASL.
2016.01.28 17:49:50 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: machine #2 to machine centos7.1] - Something went wrong so close the connection and try server dialback over a plain connection
2016.01.28 17:49:50 org.apache.mina.filter.ssl.SslFilter - Session Server3: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=263 cap=4096: 3C 6D 65 73 73 61 67 65 20 69 64 3D 22 77 43 46…]
2016.01.28 17:49:50 org.jivesoftware.openfire.server.OutgoingSessionPromise - OutgoingSessionPromise: Error sending packet to remote server: 50QQ45 java.lang.Exception: Failed to create connection to remote server at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPa cket(OutgoingSessionPromise.java:279) at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(Ou tgoingSessionPromise.java:243)
And** machine #1** who can send and receivie messages shows this:
2016.01.28 17:44:04 org.jivesoftware.openfire.net.SocketConnection - Peer certificates have not been verified - there are no certificates to return for: null
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source) at org.jivesoftware.openfire.net.SocketConnection.getPeerCertificates(SocketConnec tion.java:452) at org.jivesoftware.openfire.net.SASLAuthentication.getSASLMechanismsElement(SASLA uthentication.java:200) at org.jivesoftware.openfire.net.SASLAuthentication.getSASLMechanisms(SASLAuthenti cation.java:183) at org.jivesoftware.openfire.net.SocketReadingMode.tlsNegotiated(SocketReadingMode .java:117) at org.jivesoftware.openfire.net.BlockingReadingMode.tlsNegotiated(BlockingReading Mode.java:183) at org.jivesoftware.openfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:139) at org.jivesoftware.openfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 76) at org.jivesoftware.openfire.net.SocketReader.run(SocketReader.java:145) at java.lang.Thread.run(Unknown Source)
2016.01.28 17:44:04 org.jivesoftware.openfire.server.ServerDialback[Acting as Authoritative Server: Verify key sent by RS: machine #2 (id ai8bh3jcx3)] - Verifying key…
2016.01.28 17:44:04 org.jivesoftware.openfire.server.ServerDialback[Acting as Authoritative Server: Verify key sent by RS: machine #2 (id ai8bh3jcx3)] - Verification successful! Key was: VALID
I think machine #2 is the bad boy?