Server to Server Connection failed

Openfire Openfire Support
1

Good night!

We have a problem with two openfire servers. They won’t connect to each other, but they connect to other servers without problems.
A short description of our environment:
Server A: openfire 4.5.6, java 11.0.15, location A, working to servers c and d, not working to server b
Server B: openfire 4.5.6, java 11.0.15, location B, working to servers c and d, not working to server a
Server C: openfire 4.6.5, java 8_202 (i already told them to update this…), location C, working to all servers
Server D: openfire 4.5.6, java 8_322, location B, working to all servers

Here is the debug log from a connection attempt from server A to B. (The log is exactly the same in the opposite direction):

2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: '' to remote domain: ''] - Start domain authentication ...
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: '' to remote domain: ''] - Searching for pre-existing outgoing sessions to the remote domain (if one exists, it will be re-used) ...
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: '' to remote domain: ''] - There are no pre-existing outgoing sessions to the remote domain itself. Searching for pre-existing outgoing sessions to super- or subdomains of the remote domain (if one exists, it might be re-usable) ...
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: '' to remote domain: ''] - There are no pre-existing session to other domains hosted on the remote domain.
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: '' to remote domain: ''] - Unable to re-use an existing session. Creating a new session ...
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for:  to ] - Creating new session...
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for:  to ] - Creating plain socket connection to a host that belongs to the remote XMPP domain.
2022.06.30 00:26:56 org.jivesoftware.openfire.net.SocketUtil - Creating a socket connection to XMPP domain '' ...
2022.06.30 00:26:56 org.jivesoftware.openfire.net.SocketUtil - Use DNS to resolve remote hosts for the provided XMPP domain '' (default port: 5269) ...
2022.06.30 00:26:56 org.jivesoftware.openfire.net.DNSUtil - No SRV record found for: _xmpps-server._tcp..
javax.naming.NameNotFoundException: DNS name not found [response code 3]
	at com.sun.jndi.dns.DnsClient.checkResponseCode(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsClient.isMatchResponse(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsClient.doUdpQuery(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsClient.query(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.Resolver.query(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsContext.c_getAttributes(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(Unknown Source) ~[?:?]
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source) ~[?:?]
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source) ~[?:?]
	at javax.naming.directory.InitialDirContext.getAttributes(Unknown Source) ~[?:?]
	at org.jivesoftware.openfire.net.DNSUtil.srvLookup(DNSUtil.java:222) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.DNSUtil.resolveXMPPDomain(DNSUtil.java:111) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.SocketUtil.createSocketToXmppDomain(SocketUtil.java:45) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSession(LocalOutgoingServerSession.java:250) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain(LocalOutgoingServerSession.java:209) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPacket(OutgoingSessionPromise.java:261) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(OutgoingSessionPromise.java:239) [xmppserver-4.5.6.jar:4.5.6]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?]
	at java.lang.Thread.run(Unknown Source) [?:?]
2022.06.30 00:26:56 org.jivesoftware.openfire.net.SocketUtil - Found 1 host(s) for XMPP domain ''.
2022.06.30 00:26:56 org.jivesoftware.openfire.net.SocketUtil - - :5269 (no direct TLS)
2022.06.30 00:26:56 org.jivesoftware.openfire.net.SocketUtil - Trying to create socket connection to XMPP domain '' using remote host: :5269 (blocks up to 120000 ms) ...
2022.06.30 00:26:56 org.jivesoftware.openfire.net.SocketUtil - Successfully created socket connection to XMPP domain '' using remote host: :5269!
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for:  to ] - Opening a new connection to /XXX.XXX.XXX.XXX:5269 that is initially not encrypted.
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for:  to ] - Send the stream header and wait for response...
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for:  to ] - Got a response (stream ID: cig2x48b7, version: 1.0). Check if the remote server is XMPP 1.0 compliant...
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for:  to ] - The remote server is XMPP 1.0 compliant (or at least reports to be).
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for:  to ] - Processing stream features of the remote domain...
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for:  to ] - Check if both us as well as the remote server have enabled STARTTLS and/or dialback ...
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for:  to ] - Both us and the remote server support the STARTTLS feature. Secure and authenticate the connection with TLS & SASL...
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure connection for:  to: ] - Securing and authenticating connection ...
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure connection for:  to: ] - Indicating we want TLS and wait for response.
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure connection for:  to: ] - Received 'proceed' from remote server. Negotiating TLS...
2022.06.30 00:26:56 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Configured TrustManager class: org.jivesoftware.openfire.keystore.OpenfireX509TrustManager
2022.06.30 00:26:56 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Attempting to instantiate 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager' using the three-argument constructor that is properietary to Openfire.
2022.06.30 00:26:56 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 151, accepts self-signed: true, checks validity: true
2022.06.30 00:26:56 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Successfully instantiated 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager'.
2022.06.30 00:26:56 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Attempting to verify a chain of 1 certificates.
2022.06.30 00:26:56 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Attempting to accept the self-signed certificate of this chain of length one, as instructed by configuration.
2022.06.30 00:26:56 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Chain of one appears to be self-signed. Adding it to the set of trusted issuers.
2022.06.30 00:26:56 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Validating chain with 1 certificates, using 132 trust anchors.
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure connection for:  to: ] - TLS negotiation was successful. Connection secured. Proceeding with authentication...
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure connection for:  to: ] - SASL authentication failed. Will continue with dialback.
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure connection for:  to: ] - TLS negotiation was successful so initiate a new stream.
2022.06.30 00:26:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for:  to ] - Unable to create a new session. Going to try connecting using server dialback as a fallback.
2022.06.30 00:26:56 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from:  to RS at:  (port: 5269)] - Creating new outgoing session...
2022.06.30 00:26:56 org.jivesoftware.openfire.net.SocketUtil - Creating a socket connection to XMPP domain '' ...
2022.06.30 00:26:56 org.jivesoftware.openfire.net.SocketUtil - Use DNS to resolve remote hosts for the provided XMPP domain '' (default port: 5269) ...
2022.06.30 00:26:56 org.jivesoftware.openfire.net.DNSUtil - No SRV record found for: _xmpps-server._tcp..
javax.naming.NameNotFoundException: DNS name not found [response code 3]
	at com.sun.jndi.dns.DnsClient.checkResponseCode(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsClient.isMatchResponse(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsClient.doUdpQuery(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsClient.query(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.Resolver.query(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsContext.c_getAttributes(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(Unknown Source) ~[?:?]
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source) ~[?:?]
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source) ~[?:?]
	at javax.naming.directory.InitialDirContext.getAttributes(Unknown Source) ~[?:?]
	at org.jivesoftware.openfire.net.DNSUtil.srvLookup(DNSUtil.java:222) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.DNSUtil.resolveXMPPDomain(DNSUtil.java:111) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.SocketUtil.createSocketToXmppDomain(SocketUtil.java:45) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.server.ServerDialback.createOutgoingSession(ServerDialback.java:209) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSession(LocalOutgoingServerSession.java:425) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain(LocalOutgoingServerSession.java:209) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPacket(OutgoingSessionPromise.java:261) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(OutgoingSessionPromise.java:239) [xmppserver-4.5.6.jar:4.5.6]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?]
	at java.lang.Thread.run(Unknown Source) [?:?]
2022.06.30 00:26:56 org.jivesoftware.openfire.net.SocketUtil - Found 1 host(s) for XMPP domain ''.
2022.06.30 00:26:56 org.jivesoftware.openfire.net.SocketUtil - - :5269 (no direct TLS)
2022.06.30 00:26:56 org.jivesoftware.openfire.net.SocketUtil - Trying to create socket connection to XMPP domain '' using remote host: :5269 (blocks up to 120000 ms) ...
2022.06.30 00:26:57 org.jivesoftware.openfire.net.SocketUtil - Successfully created socket connection to XMPP domain '' using remote host: :5269!
2022.06.30 00:26:57 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from:  to RS at:  (port: 5269)] - Send the stream header and wait for response...
2022.06.30 00:26:57 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from:  to RS at:  (port: 5269)] - Got a response. Check if the remote server supports dialback...
2022.06.30 00:26:57 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from:  to RS at:  (port: 5269)] - Dialback seems to be supported by the remote server.
2022.06.30 00:26:57 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Authenticate domain:  with RS:  (id: 44ge56gama)] - Authenticating domain ...
2022.06.30 00:26:57 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Authenticate domain:  with RS:  (id: 44ge56gama)] - Sending dialback key and wait for the validation response...
2022.06.30 00:26:57 org.jivesoftware.openfire.net.BlockingAcceptingMode - Connect Socket[addr=/XXX.XXX.XXX.XXX,port=50747,localport=5269]
2022.06.30 00:26:57 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Configured TrustManager class: org.jivesoftware.openfire.keystore.OpenfireX509TrustManager
2022.06.30 00:26:57 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Attempting to instantiate 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager' using the three-argument constructor that is properietary to Openfire.
2022.06.30 00:26:57 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 151, accepts self-signed: true, checks validity: true
2022.06.30 00:26:57 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Successfully instantiated 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager'.
2022.06.30 00:26:57 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Attempting to verify a chain of 3 certificates.
2022.06.30 00:26:57 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Validating chain with 3 certificates, using 131 trust anchors.
2022.06.30 00:26:57 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Authenticate domain:  with RS:  (id: 44ge56gama)] - Failed to authenticate domain: the validation response was received, but did not grant authentication.
2022.06.30 00:26:57 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from:  to RS at:  (port: 5269)] - Failed to authenticate the connection with dialback.
2022.06.30 00:26:57 org.jivesoftware.openfire.spi.RoutingTableImpl - Failed to route packet to JID:  packet: <iq type="error" id="727-4" to="" from=""><ping xmlns="urn:xmpp:ping"/><error code="404" type="cancel"><remote-server-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/></error></iq>
2022.06.30 00:26:57 org.jivesoftware.openfire.IQRouter - IQ sent to unreachable address: <iq type="error" id="727-4" to="" from=""><ping xmlns="urn:xmpp:ping"/><error code="404" type="cancel"><remote-server-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/></error></iq>
2022.06.30 00:26:57 org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor - Error sending packet to domain '':

Maybe someone has an idea. We tried many combinations of versions of openfire (4.7.1, 4.6.5) or java (8_321,8_333,11.0.15).

Greetings, Max

2

are all the instancing running as a separate xmpp domain?
Is DNS setup correcting on the two having issues?

3

Hi Max,

I assume that you modified the logs to remove all domain names, because they show as empty strings. I understand the need for anonymity, but maybe you can instead replace them with fake domain names, such as ‘example.org’. If you carefully replace each original name with a distinct fake name, this helps us validate the communication flow.

The two servers attempt to use Dialback to authenticate. Although the Dialback communication is established (the two servers are talking to each-other), the remote server is explicitly denying this server from being authenticated. Sadly, this log does not show why. Maybe the logs on the other server will. The interesting bit of the log files should be around lines that start with “Acting as Receiving Server”.

The flow (as defined in XEP-0220: Server Dialback) basically describes this flow:

  1. The server that wants to set up communication (the Originating/Initiating Server) sends a key to the target server (the ‘Receiving Server’).
  2. The Receiving Server looks up (through DNS) a server in the network of the Originating Server that can authorize the OS. This server is called the Authoritative Server. When you’re using Openfire in a non-clustered setup, the OS and AS is the same server that fulfills both roles.
  3. The Receiving Server asks the Authoritative Server if the OS is authorized to act on behalf of their domain.
  4. The Receiving Server lets the Originating Server know if this process completed successfully.

In your logs, we see that the server is acting as an OS, and it performs step 1:

Sending dialback key and wait for the validation response…

We then see step 4 being logged, as a failure:

Failed to authenticate domain: the validation response was received, but did not grant authentication.

One thing is curious: as I wrote above, the other server, in its role as Receiving Server should attempt to connect to the Authoritative Server. I already mentioned that in this scenario, the OS and AS are the same server. We should have seen log entries in this log file that show that this server is acting as an AS (something along the lines of “Acting as Authoritative Server”), but we do not.

I suspect that the other server (in the role of RS) is somehow unable to connect back to this server in the role as AS. Hopefully, the logs of that server contain the reason for that.

4

Hi!
Thanks for your quick answers!
@speedy : Yes, all instances are running as a seperate domain and all necessary dns records are set.

@guus :
Thank you for explaining the dialback procedure. I will attach the log files now from Server A and Server B.

I replaced the original names in the log as follows:
Domain at location A: locA.domain.org (there are only the SRV Records in the DNS Server, no A Record)
Domain at location B: locB.domain.org (there are only the SRV Records in the DNS Server, no A Record)
Server A: serverA.domain.org
Server B: serverB.domain.org

Maybe I spotted an abnormal behave in the log file of server b at line 45 starting. Is the domain of AS and OS correct, because you said they must be equal in a non clustered setup.

Log of Server A:

2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: 'locA.domain.org' to remote domain: 'locB.domain.org'] - Start domain authentication ...
2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: 'locA.domain.org' to remote domain: 'locB.domain.org'] - Searching for pre-existing outgoing sessions to the remote domain (if one exists, it will be re-used) ...
2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: 'locA.domain.org' to remote domain: 'locB.domain.org'] - There are no pre-existing outgoing sessions to the remote domain itself. Searching for pre-existing outgoing sessions to super- or subdomains of the remote domain (if one exists, it might be re-usable) ...
2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: 'locA.domain.org' to remote domain: 'locB.domain.org'] - There are no pre-existing session to other domains hosted on the remote domain.
2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: 'locA.domain.org' to remote domain: 'locB.domain.org'] - Unable to re-use an existing session. Creating a new session ...
2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: locA.domain.org to locB.domain.org] - Creating new session...
2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: locA.domain.org to locB.domain.org] - Creating plain socket connection to a host that belongs to the remote XMPP domain.
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - Creating a socket connection to XMPP domain 'locB.domain.org' ...
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - Use DNS to resolve remote hosts for the provided XMPP domain 'locB.domain.org' (default port: 5269) ...
2022.06.30 15:03:01 org.jivesoftware.openfire.net.DNSUtil - No SRV record found for: _xmpps-server._tcp.locB.domain.org.
javax.naming.NameNotFoundException: DNS name not found [response code 3]
	at com.sun.jndi.dns.DnsClient.checkResponseCode(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsClient.isMatchResponse(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsClient.doUdpQuery(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsClient.query(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.Resolver.query(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsContext.c_getAttributes(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(Unknown Source) ~[?:?]
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source) ~[?:?]
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source) ~[?:?]
	at javax.naming.directory.InitialDirContext.getAttributes(Unknown Source) ~[?:?]
	at org.jivesoftware.openfire.net.DNSUtil.srvLookup(DNSUtil.java:222) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.DNSUtil.resolveXMPPDomain(DNSUtil.java:111) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.SocketUtil.createSocketToXmppDomain(SocketUtil.java:45) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSession(LocalOutgoingServerSession.java:250) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain(LocalOutgoingServerSession.java:209) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPacket(OutgoingSessionPromise.java:261) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(OutgoingSessionPromise.java:239) [xmppserver-4.5.6.jar:4.5.6]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?]
	at java.lang.Thread.run(Unknown Source) [?:?]
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - Found 1 host(s) for XMPP domain 'locB.domain.org'.
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - - serverA.domain.org:5269 (no direct TLS)
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - Trying to create socket connection to XMPP domain 'locB.domain.org' using remote host: serverA.domain.org:5269 (blocks up to 120000 ms) ...
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - Successfully created socket connection to XMPP domain 'locB.domain.org' using remote host: serverA.domain.org:5269!
2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: locA.domain.org to locB.domain.org] - Opening a new connection to serverA.domain.org/XXX.XXX.XXX.XXX:5269 that is initially not encrypted.
2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: locA.domain.org to locB.domain.org] - Send the stream header and wait for response...
2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: locA.domain.org to locB.domain.org] - Got a response (stream ID: 4eisk8df7e, version: 1.0). Check if the remote server is XMPP 1.0 compliant...
2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: locA.domain.org to locB.domain.org] - The remote server is XMPP 1.0 compliant (or at least reports to be).
2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: locA.domain.org to locB.domain.org] - Processing stream features of the remote domain...
2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: locA.domain.org to locB.domain.org] - Check if both us as well as the remote server have enabled STARTTLS and/or dialback ...
2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: locA.domain.org to locB.domain.org] - Both us and the remote server support the STARTTLS feature. Secure and authenticate the connection with TLS & SASL...
2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure connection for: locA.domain.org to: locB.domain.org] - Securing and authenticating connection ...
2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure connection for: locA.domain.org to: locB.domain.org] - Indicating we want TLS and wait for response.
2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure connection for: locA.domain.org to: locB.domain.org] - Received 'proceed' from remote server. Negotiating TLS...
2022.06.30 15:03:01 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Configured TrustManager class: org.jivesoftware.openfire.keystore.OpenfireX509TrustManager
2022.06.30 15:03:01 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Attempting to instantiate 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager' using the three-argument constructor that is properietary to Openfire.
2022.06.30 15:03:01 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 151, accepts self-signed: true, checks validity: false
2022.06.30 15:03:01 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Successfully instantiated 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager'.
2022.06.30 15:03:01 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Attempting to verify a chain of 3 certificates.
2022.06.30 15:03:01 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Attempting to ignore any validity (expiry) issues, as instructed by configuration.
2022.06.30 15:03:01 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Validating chain with 3 certificates, using 151 trust anchors.
2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure connection for: locA.domain.org to: locB.domain.org] - TLS negotiation was successful. Connection secured. Proceeding with authentication...
2022.06.30 15:03:01 org.jivesoftware.util.CertificateManager - CertificateManager: Subject Alternative Name Mapping returned [chat.locB.domain.org, locB.domain.org, conference.locB.domain.org]
2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Secure connection for: locA.domain.org to: locB.domain.org] - TLS negotiation was successful so initiate a new stream.
2022.06.30 15:03:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: locA.domain.org to locB.domain.org] - Unable to create a new session. Going to try connecting using server dialback as a fallback.
2022.06.30 15:03:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from: locA.domain.org to RS at: locB.domain.org (port: 5269)] - Creating new outgoing session...
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - Creating a socket connection to XMPP domain 'locB.domain.org' ...
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - Use DNS to resolve remote hosts for the provided XMPP domain 'locB.domain.org' (default port: 5269) ...
2022.06.30 15:03:01 org.jivesoftware.openfire.net.DNSUtil - No SRV record found for: _xmpps-server._tcp.locB.domain.org.
javax.naming.NameNotFoundException: DNS name not found [response code 3]
	at com.sun.jndi.dns.DnsClient.checkResponseCode(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsClient.isMatchResponse(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsClient.doUdpQuery(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsClient.query(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.Resolver.query(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsContext.c_getAttributes(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(Unknown Source) ~[?:?]
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source) ~[?:?]
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source) ~[?:?]
	at javax.naming.directory.InitialDirContext.getAttributes(Unknown Source) ~[?:?]
	at org.jivesoftware.openfire.net.DNSUtil.srvLookup(DNSUtil.java:222) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.DNSUtil.resolveXMPPDomain(DNSUtil.java:111) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.SocketUtil.createSocketToXmppDomain(SocketUtil.java:45) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.server.ServerDialback.createOutgoingSession(ServerDialback.java:209) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSession(LocalOutgoingServerSession.java:425) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain(LocalOutgoingServerSession.java:209) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPacket(OutgoingSessionPromise.java:261) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(OutgoingSessionPromise.java:239) [xmppserver-4.5.6.jar:4.5.6]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?]
	at java.lang.Thread.run(Unknown Source) [?:?]
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - Found 1 host(s) for XMPP domain 'locB.domain.org'.
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - - serverB.domain.org:5269 (no direct TLS)
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - Trying to create socket connection to XMPP domain 'locB.domain.org' using remote host: serverB.domain.org:5269 (blocks up to 120000 ms) ...
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - Successfully created socket connection to XMPP domain 'locB.domain.org' using remote host: serverA.domain.org:5269!
2022.06.30 15:03:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from: locA.domain.org to RS at: locB.domain.org (port: 5269)] - Send the stream header and wait for response...
2022.06.30 15:03:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from: locA.domain.org to RS at: locB.domain.org (port: 5269)] - Got a response. Check if the remote server supports dialback...
2022.06.30 15:03:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from: locA.domain.org to RS at: locB.domain.org (port: 5269)] - Dialback seems to be supported by the remote server.
2022.06.30 15:03:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Authenticate domain: locA.domain.org with RS: locB.domain.org (id: 7uz1g4ao0m)] - Authenticating domain ...
2022.06.30 15:03:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Authenticate domain: locA.domain.org with RS: locB.domain.org (id: 7uz1g4ao0m)] - Sending dialback key and wait for the validation response...
2022.06.30 15:03:01 org.jivesoftware.openfire.net.BlockingAcceptingMode - Connect Socket[addr=/XXX.XXX.XXX.XXX,port=51295,localport=5269]
2022.06.30 15:03:01 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Configured TrustManager class: org.jivesoftware.openfire.keystore.OpenfireX509TrustManager
2022.06.30 15:03:01 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Attempting to instantiate 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager' using the three-argument constructor that is properietary to Openfire.
2022.06.30 15:03:01 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 151, accepts self-signed: true, checks validity: false
2022.06.30 15:03:01 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Successfully instantiated 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager'.
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketConnection - Peer certificates have not been verified - there are no certificates to return for: null
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
	at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source) ~[?:?]
	at org.jivesoftware.openfire.net.SocketConnection.getPeerCertificates(SocketConnection.java:461) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.SASLAuthentication.getSASLMechanismsElement(SASLAuthentication.java:253) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.SASLAuthentication.getSASLMechanisms(SASLAuthentication.java:204) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.SocketReadingMode.tlsNegotiated(SocketReadingMode.java:113) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.BlockingReadingMode.tlsNegotiated(BlockingReadingMode.java:187) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.BlockingReadingMode.readStream(BlockingReadingMode.java:143) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.BlockingReadingMode.run(BlockingReadingMode.java:79) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.SocketReader.run(SocketReader.java:150) [xmppserver-4.5.6.jar:4.5.6]
	at java.lang.Thread.run(Unknown Source) [?:?]
2022.06.30 15:03:01 org.jivesoftware.openfire.net.BlockingReadingMode - Logging off locA.domain.org/64jr71vy6t on org.jivesoftware.openfire.net.SocketConnection@4b3f0062 socket: Socket[addr=/XXX.XXX.XXX.XXX,port=51295,localport=5269] session: LocalIncomingServerSession{address=locA.domain.org/64jr71vy6t, streamID=64jr71vy6t, status=1 (connected), isSecure=true, isDetached=false, isUsingServerDialback=true, localDomain=locA.domain.org, de

Log of Server B:

2022.06.30 15:03:01 org.jivesoftware.openfire.net.BlockingAcceptingMode - Connect Socket[addr=/XXX.XXX.XXX.XXX,port=53520,localport=5269]
2022.06.30 15:03:01 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Configured TrustManager class: org.jivesoftware.openfire.keystore.OpenfireX509TrustManager
2022.06.30 15:03:01 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Attempting to instantiate 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager' using the three-argument constructor that is properietary to Openfire.
2022.06.30 15:03:01 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 151, accepts self-signed: true, checks validity: true
2022.06.30 15:03:01 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Successfully instantiated 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager'.
2022.06.30 15:03:01 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Attempting to verify a chain of 3 certificates.
2022.06.30 15:03:01 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Validating chain with 3 certificates, using 131 trust anchors.
2022.06.30 15:03:01 org.jivesoftware.util.CertificateManager - CertificateManager: Subject Alternative Name Mapping returned [chat.locA.domain.org, locA.domain.org, conference.locA.domain.org]
2022.06.30 15:03:01 org.jivesoftware.openfire.net.BlockingReadingMode - Logging off locB.domain.org/4eisk8df7e on org.jivesoftware.openfire.net.SocketConnection@286f89f0 socket: Socket[addr=/XXX.XXX.XXX.XXX,port=53520,localport=5269] session: LocalIncomingServerSession{address=locB.domain.org/4eisk8df7e, streamID=4eisk8df7e, status=1 (connected), isSecure=true, isDetached=false, isUsingServerDialback=true, localDomain=locB.domain.org, defaultIdentity=locA.domain.org, validatedDomains={}}
2022.06.30 15:03:01 org.jivesoftware.openfire.net.BlockingReadingMode - Closing session: LocalIncomingServerSession{address=locB.domain.org/4eisk8df7e, streamID=4eisk8df7e, status=1 (connected), isSecure=true, isDetached=false, isUsingServerDialback=true, localDomain=locB.domain.org, defaultIdentity=locA.domain.org, validatedDomains={}}
2022.06.30 15:03:01 org.jivesoftware.openfire.net.BlockingAcceptingMode - Connect Socket[addr=/XXX.XXX.XXX.XXX,port=53521,localport=5269]
2022.06.30 15:03:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Validate domain:locB.domain.org(id 7uz1g4ao0m) for OS: locA.domain.org] - Validating domain...
2022.06.30 15:03:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Validate domain:locB.domain.org(id 7uz1g4ao0m) for OS: locA.domain.org] - Check if the remote domain already has a connection to the target domain/subdomain
2022.06.30 15:03:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Validate domain:locB.domain.org(id 7uz1g4ao0m) for OS: locA.domain.org] - Checking to see if the remote server provides stronger authentication based on SASL. If that's the case, dialback-based authentication can be skipped.
2022.06.30 15:03:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Validate domain:locB.domain.org(id 7uz1g4ao0m) for OS: locA.domain.org] - Unable to authenticate host based on stronger SASL. Proceeding with dialback...
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - Creating a socket connection to XMPP domain 'locA.domain.org' ...
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - Use DNS to resolve remote hosts for the provided XMPP domain 'locA.domain.org' (default port: 5269) ...
2022.06.30 15:03:01 org.jivesoftware.openfire.net.DNSUtil - No SRV record found for: _xmpps-server._tcp.locA.domain.org.
javax.naming.NameNotFoundException: DNS name not found [response code 3]
	at com.sun.jndi.dns.DnsClient.checkResponseCode(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsClient.isMatchResponse(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsClient.doUdpQuery(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsClient.query(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.Resolver.query(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.dns.DnsContext.c_getAttributes(Unknown Source) ~[jdk.naming.dns:?]
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(Unknown Source) ~[?:?]
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source) ~[?:?]
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source) ~[?:?]
	at javax.naming.directory.InitialDirContext.getAttributes(Unknown Source) ~[?:?]
	at org.jivesoftware.openfire.net.DNSUtil.srvLookup(DNSUtil.java:222) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.DNSUtil.resolveXMPPDomain(DNSUtil.java:111) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.SocketUtil.createSocketToXmppDomain(SocketUtil.java:45) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.server.ServerDialback.validateRemoteDomain(ServerDialback.java:544) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.session.LocalIncomingServerSession.validateSubsequentDomain(LocalIncomingServerSession.java:248) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.ServerSocketReader.processUnknowPacket(ServerSocketReader.java:137) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.SocketReader.process(SocketReader.java:247) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.BlockingReadingMode.readStream(BlockingReadingMode.java:172) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.BlockingReadingMode.run(BlockingReadingMode.java:79) [xmppserver-4.5.6.jar:4.5.6]
	at org.jivesoftware.openfire.net.SocketReader.run(SocketReader.java:150) [xmppserver-4.5.6.jar:4.5.6]
	at java.lang.Thread.run(Unknown Source) [?:?]
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - Found 1 host(s) for XMPP domain 'locA.domain.org'.
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - - serverA.domain.org:5269 (no direct TLS)
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - Trying to create socket connection to XMPP domain 'locA.domain.org' using remote host: serverA.domain.org:5269 (blocks up to 120000 ms) ...
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - Successfully created socket connection to XMPP domain 'locA.domain.org' using remote host: serverA.domain.org:5269!
2022.06.30 15:03:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Validate domain:locB.domain.org(id 7uz1g4ao0m) for OS: locA.domain.org] - Verifying dialback key...
2022.06.30 15:03:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Validate domain:locB.domain.org(id 7uz1g4ao0m) for OS: locA.domain.org] - Opening a new connection to serverA.domain.org/XXX.XXX.XXX.XXX:5269 that is initially not encrypted.
2022.06.30 15:03:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: locA.domain.org for OS: locB.domain.org (id 7uz1g4ao0m)] - Verifying key ...
2022.06.30 15:03:01 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Configured TrustManager class: org.jivesoftware.openfire.keystore.OpenfireX509TrustManager
2022.06.30 15:03:01 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Attempting to instantiate 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager' using the three-argument constructor that is properietary to Openfire.
2022.06.30 15:03:01 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 151, accepts self-signed: true, checks validity: true
2022.06.30 15:03:01 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Successfully instantiated 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager'.
2022.06.30 15:03:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: locA.domain.org for OS: locB.domain.org (id 7uz1g4ao0m)] - Send the Authoritative Server a stream header and wait for answer.
2022.06.30 15:03:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: locA.domain.org for OS: locB.domain.org (id 7uz1g4ao0m)] - Got a response.
2022.06.30 15:03:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: locA.domain.org for OS: locB.domain.org (id 7uz1g4ao0m)] - The remote server is XMPP 1.0 compliant (or at least reports to be).
2022.06.30 15:03:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: locA.domain.org for OS: locB.domain.org (id 7uz1g4ao0m)] - Negotiating StartTLS with AS... 
2022.06.30 15:03:01 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Attempting to verify a chain of 1 certificates.
2022.06.30 15:03:01 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Attempting to accept the self-signed certificate of this chain of length one, as instructed by configuration.
2022.06.30 15:03:01 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Chain of one appears to be self-signed. Adding it to the set of trusted issuers.
2022.06.30 15:03:01 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Validating chain with 1 certificates, using 132 trust anchors.
2022.06.30 15:03:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: locA.domain.org for OS: locB.domain.org (id 7uz1g4ao0m)] - Successfully negotiated StartTLS with AS... 
2022.06.30 15:03:01 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Configured TrustManager class: org.jivesoftware.openfire.keystore.OpenfireX509TrustManager
2022.06.30 15:03:01 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Attempting to instantiate 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager' using the three-argument constructor that is properietary to Openfire.
2022.06.30 15:03:01 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 151, accepts self-signed: true, checks validity: true
2022.06.30 15:03:01 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Successfully instantiated 'class org.jivesoftware.openfire.keystore.OpenfireX509TrustManager'.
2022.06.30 15:03:01 org.jivesoftware.openfire.server.ServerDialback[Acting as Receiving Server: Verify key with AS: locA.domain.org for OS: locB.domain.org (id 7uz1g4ao0m)] - Send the Authoritative Server a stream header and wait for answer.
2022.06.30 15:03:01 org.jivesoftware.openfire.net.BlockingReadingMode - Logging off locB.domain.org/7uz1g4ao0m on org.jivesoftware.openfire.net.SocketConnection@73d73e18 socket: Socket[addr=/XXX.XXX.XXX.XXX,port=53521,localport=5269] session: LocalIncomingServerSession{address=locB.domain.org/7uz1g4ao0m, streamID=7uz1g4ao0m, status=1 (connected), isSecure=false, isDetached=false, isUsingServerDialback=true, localDomain=locB.domain.org, defaultIdentity=locA.domain.org, validatedDomains={}}
2022.06.30 15:03:01 org.jivesoftware.openfire.net.BlockingReadingMode - Closing session: LocalIncomingServerSession{address=locB.domain.org/7uz1g4ao0m, streamID=7uz1g4ao0m, status=1 (connected), isSecure=false, isDetached=false, isUsingServerDialback=true, localDomain=locB.domain.org, defaultIdentity=locA.domain.org, validatedDomains={}}

Greetings, Max

5

you need A records for your SRV records. for example, if your SRV records reference server1.domain.org, then you need a corresponding A record (or CNAME) for server1.domain.org
alot like how email works and the relationship between MX records and A records.

6

@speedy

Sry maybe that was a little misunderstanding; of course I have A records for the serverA.domain.org

Only for the XMPP-Domain I don’t have an A record.

7

No SRV record found for: _xmpps-server._tcp.locA.domain.org.
do you have a SRV like this
_xmpp-server._tcp.locA.domain.org. that points to serverA.domain.org

8

Yes, that is correct. The _xmpp-server._tcp.locA.domain.org points at serverA.domain.org at Port 5269. That ist mentioned in the log after that exception.

9

i see that now… guess I should have read through and not stopping at the exception!

10 
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - Found 1 host(s) for XMPP domain 'locB.domain.org'.
2022.06.30 15:03:01 org.jivesoftware.openfire.net.SocketUtil - - serverA.domain.org:5269 (no direct TLS)

This is Openfire doing a (DNS SRV) lookup for domain locB.domain.org, finding host serverA.domain.org. Shouldn’t it find host serverB.domain.org instead?

11

@guus
That was a mistake on my part. I looked again in the orginal logfile and there the correct server was found.

12

After searching the forum some more, I came across a few posts that are very similar to the problem.

The domains we are running are subdomains under the same root domain.

Here is a link to a post where the problem occurs and to which there seems to be no solution yet:

13

Can you please make sure that the log files that you pasted here are updated to have the correct domain names and host names? It’s rather time-intensive to analyze issues like this. If we can’t be sure that what is in the log files is fully correct, there is little point in investing time that is likely to be wasted anyway.

14

I’m on vacation now and a way from home. If i have some downtime, I’ll try to reproduce this issue in my little lab.