Hi,
I am trying to implement an openfire on 2 distant server in order to use S2S connection.
I am using 4.6.7 on openfire with the JRE embedded.
Currently my DNS is good, well i think it is. I use only sel signed certificates and my firewall is open for 5269 port.
I have 2 servers with only Plainconnection activated on 5269.
I tried a lot of combination between my 2 servers but no one working actually.
I also have a INMARSAT connexion between my Servers, i don’t know if its relevant.
Here is my logs
> Sending server to server ping request to openfire.xxxxx.fr
>
> Start domain authentication ...
>
> Searching for pre-existing outgoing sessions to the remote domain (if one exists, it will be re-used) ...
>
> There are no pre-existing outgoing sessions to the remote domain itself. Searching for pre-existing outgoing sessions to super- or subdomains of the remote domain (if one exists, it might be re-usable) ...
>
> There are no pre-existing session to other domains hosted on the remote domain.
>
> Unable to re-use an existing session. Creating a new session ...
>
> Creating new session...
>
> Creating plain socket connection to a host that belongs to the remote XMPP domain.
>
> Creating a socket connection to XMPP domain 'openfire.xxxxx.fr' ...
>
> Use DNS to resolve remote hosts for the provided XMPP domain 'openfire.xxxxxx.fr' (default port: 5269) ...
>
> No SRV record found for '_xmpps-server._tcp.openfire.xxxxx.fr.'
>
> javax.naming.NameNotFoundException: DNS name not found [response code 3]
>
> at com.sun.jndi.dns.DnsClient.checkResponseCode(DnsClient.java:660) ~[?:1.8.0_271]
>
> at com.sun.jndi.dns.DnsClient.isMatchResponse(DnsClient.java:578) ~[?:1.8.0_271]
>
> at com.sun.jndi.dns.DnsClient.doUdpQuery(DnsClient.java:426) ~[?:1.8.0_271]
>
> at com.sun.jndi.dns.DnsClient.query(DnsClient.java:211) ~[?:1.8.0_271]
>
> at com.sun.jndi.dns.Resolver.query(Resolver.java:81) ~[?:1.8.0_271]
>
> at com.sun.jndi.dns.DnsContext.c_getAttributes(DnsContext.java:434) ~[?:1.8.0_271]
>
> at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:235) ~[?:1.8.0_271]
>
> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:141) ~[?:1.8.0_271]
>
> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:129) ~[?:1.8.0_271]
>
> at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142) ~[?:1.8.0_271]
>
> at org.jivesoftware.openfire.net.DNSUtil.srvLookup(DNSUtil.java:224) [xmppserver-4.6.7.jar:4.6.7]
>
> at org.jivesoftware.openfire.net.DNSUtil.resolveXMPPDomain(DNSUtil.java:121) [xmppserver-4.6.7.jar:4.6.7]
>
> at org.jivesoftware.openfire.net.SocketUtil.createSocketToXmppDomain(SocketUtil.java:45) [xmppserver-4.6.7.jar:4.6.7]
>
> at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSession(LocalOutgoingServerSession.java:250) [xmppserver-4.6.7.jar:4.6.7]
>
> at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain(LocalOutgoingServerSession.java:209) [xmppserver-4.6.7.jar:4.6.7]
>
> at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPacket(OutgoingSessionPromise.java:264) [xmppserver-4.6.7.jar:4.6.7]
>
> at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(OutgoingSessionPromise.java:242) [xmppserver-4.6.7.jar:4.6.7]
>
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_271]
>
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_271]
>
> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_271]
>
> Found 1 host(s) for XMPP domain 'openfire.xxxxxx.fr'.
>
> - srvc2.xxxxxx.fr:5269 (no direct TLS)
>
> Trying to create socket connection to XMPP domain 'openfire.xxxxxxx.fr' using remote host: srvc2.xxxxxxxx.fr:5269 (blocks up to 120000 ms) ...
>
> Successfully created socket connection to XMPP domain 'openfire.xxxxxx.fr' using remote host: srvc2.xxxxxxx.fr:5269!
>
> Opening a new connection to srvc2.xxxxxxx.fr/xxxxxx:5269 that is initially not encrypted.
>
> Send the stream header and wait for response...
>
> Got a response (stream ID: xihi0qvll, version: 1.0). Check if the remote server is XMPP 1.0 compliant...
>
> The remote server is XMPP 1.0 compliant (or at least reports to be).
>
> Processing stream features of the remote domain...
>
> Check if both us as well as the remote server have enabled STARTTLS and/or dialback ...
>
> Both us and the remote server support the STARTTLS feature. Secure and authenticate the connection with TLS & SASL...
>
> Securing and authenticating connection ...
>
> Indicating we want TLS and wait for response.
>
> Received 'proceed' from remote server. Negotiating TLS...
>
> Configured TrustManager class: org.jivesoftware.openfire.keystore.OpenfireX509TrustManager
>
> Attempting to instantiate 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager' using the three-argument constructor that is properietary to Openfire.
>
> Constructed trust manager. Number of trusted issuers: 148, accepts self-signed: true, checks validity: true
>
> Successfully instantiated 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager'.
>
> Attempting to verify a chain of 1 certificates.
>
> Attempting to accept the self-signed certificate of this chain of length one, as instructed by configuration.
>
> Chain of one appears to be self-signed. Adding it to the set of trusted issuers.
>
> Validating chain with 1 certificates, using 131 trust anchors.
>
> TLS negotiation was successful. Connection secured. Proceeding with authentication...
>
> SASL authentication failed. Will continue with dialback.
>
> TLS negotiation was successful so initiate a new stream.
>
> An exception occurred while creating an encrypted session. Closing connection.
>
> java.io.EOFException: input contained no data
>
> at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:3003) ~[xpp3-1.1.4c.jar:?]
>
> at org.xmlpull.mxp1.MXParser.more(MXParser.java:3046) ~[xpp3-1.1.4c.jar:?]
>
> at org.jivesoftware.openfire.net.MXParser.more(MXParser.java:372) ~[xmppserver-4.6.7.jar:4.6.7]
>
> at org.xmlpull.mxp1.MXParser.parseProlog(MXParser.java:1410) ~[xpp3-1.1.4c.jar:?]
>
> at org.jivesoftware.openfire.net.MXParser.nextImpl(MXParser.java:337) ~[xmppserver-4.6.7.jar:4.6.7]
>
> at org.xmlpull.mxp1.MXParser.next(MXParser.java:1093) ~[xpp3-1.1.4c.jar:?]
>
> at org.jivesoftware.openfire.session.LocalOutgoingServerSession.secureAndAuthenticate(LocalOutgoingServerSession.java:481) ~[xmppserver-4.6.7.jar:4.6.7]
>
> at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSession(LocalOutgoingServerSession.java:348) [xmppserver-4.6.7.jar:4.6.7]
>
> at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain(LocalOutgoingServerSession.java:209) [xmppserver-4.6.7.jar:4.6.7]
>
> at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPacket(OutgoingSessionPromise.java:264) [xmppserver-4.6.7.jar:4.6.7]
>
> at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(OutgoingSessionPromise.java:242) [xmppserver-4.6.7.jar:4.6.7]
>
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_271]
>
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_271]
>
> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_271]
>
> Unable to create a new session. Going to try connecting using server dialback as a fallback.
>
> Creating new outgoing session...
>
> Creating a socket connection to XMPP domain 'openfire.xxxxxxx.fr' ...
>
> Use DNS to resolve remote hosts for the provided XMPP domain 'openfire.xxxxxxx.fr' (default port: 5269) ...
>
> No SRV record found for '_xmpps-server._tcp.xxxxxx.isr.fr.' (cached result)
>
> Found 1 host(s) for XMPP domain 'openfire.xxxxxxx.fr'.
>
> - srvc2.xxxxxxx.fr:5269 (no direct TLS)
>
> Trying to create socket connection to XMPP domain 'openfire.xxxxxxx.fr' using remote host: srvc2.xxxxxxxx.fr:5269 (blocks up to 120000 ms) ...
>
> Successfully created socket connection to XMPP domain 'openfire.xxxxxxx.fr' using remote host: srvc2.xxxxxxx.fr:5269!
>
> Send the stream header and wait for response...
>
> Got a response. Check if the remote server supports dialback...
>
> Dialback seems to be supported by the remote server.
>
> Authenticating domain ...
>
> Sending dialback key and wait for the validation response...
>
> Connect Socket[addr=/xxxxxxx,port=40532,localport=5269]
>
> Configured TrustManager class: org.jivesoftware.openfire.keystore.OpenfireX509TrustManager
>
> Attempting to instantiate 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager' using the three-argument constructor that is properietary to Openfire.
>
> Constructed trust manager. Number of trusted issuers: 148, accepts self-signed: true, checks validity: true
>
> Successfully instantiated 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager'.
>
> Attempting to verify a chain of 1 certificates.
>
> Attempting to accept the self-signed certificate of this chain of length one, as instructed by configuration.
>
> Chain of one appears to be self-signed. Adding it to the set of trusted issuers.
>
> Validating chain with 1 certificates, using 131 trust anchors.
>
> Logging off openfire.ccp2.isr.fr/2ujrlxe2s7 on org.jivesoftware.openfire.net.SocketConnection@12af010b socket: Socket[addr=/xxxxxxx,port=40532,localport=5269] session: LocalIncomingServerSession{address=openfire.xxxxxx.fr/2ujrlxe2s7, streamID=2ujrlxe2s7, status=1 (connected), isSecure=true, isDetached=false, isUsingServerDialback=true, localDomain=openfire.ccp2.isr.fr, defaultIdentity=openfire.avion1.isr.fr, validatedDomains={}}
>
> Closing session: LocalIncomingServerSession{address=openfire.xxxxxx.fr/2ujrlxe2s7, streamID=2ujrlxe2s7, status=1 (connected), isSecure=true, isDetached=false, isUsingServerDialback=true, localDomain=openfire.ccp2.isr.fr, defaultIdentity=openfire.xxxxxxx.fr, validatedDomains={}}
>
> Failed to deliver stream close tag: Socket closed
>
> Failed to authenticate domain: the validation response was received, but did not grant authentication.
>
> Failed to authenticate the connection with dialback.
>
> Unable to create a new outgoing session
>
> Unable to create a new session: Dialback (as a fallback) failed.
>
> Unable to authenticate: Fail to create new session.
>
> Successful server to server response received.
>
> Failed to establish server to server session.
If i read correctly the logs, i think my servers communicate perfectly but when SASL Authentication begin, for an unknown reason, the authentication fail and that close my connection…
Thanks for the help
Matt