The past week I’'ve been working with the latest Wildfire and Spark builds and have deployed them in a domain. Everything worked at first and it is very impressive. I initially ran Wildfire from clicking the program listing in Windows but wanted it to be ran as a service. However if Wildfire is running as a service no Spark clients can connect to it other than a Spark client located on that same machine. If I stop the service and fire up Wildfire from the programs list all works well again.
I’‘ve tried changing the security context that the Wildfire service runs under from Local System to a domain admin account (mine) to see if that would make any difference. It didn’'t.
Wildfire is installed on WinXP Pro (guest operating system) as a virtual machine from Windows Virtual Server 2005 R2. The host operating system and domain controller is SBS 2003 Premium (there is ISA 2004 running in this network). Additionally I installed IIS on the XP machine thinking that would be necessary for the admin site to work (though I now understand that wasn’'t necessary) and it is still there though disabled.
BTW the logs on Wildfire don’‘t show anything relevant that I could see; however the log file from the Spark client machines seems to have more information which I’'ll copy below:
XMPPError connecting to virtualpc1:5222.: (502)
– caused by: java.net.ConnectException: Connection timed out: connect
at org.jivesoftware.smack.XMPPConnection.connectUsingConfiguration(XMPPConnection. java:301)
at java.lang.Thread.run(Unknown Source)
is the web admin console running fine when you start it as a service?
Does “netstat -an” show that Wildfire has opened ports 5222, 5223 (and probably also 5269 and 7777) if you are running it as a service?
Here’'s the output. It looks like everying but 7777 is in there but none of the remote Spark clients are going to reach a 0.0.0.0 address; those 0.0.0.0 listings seem odd. Yes, the admin console is resolving to http:/ /wildfireservername:9090.
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5222 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5223 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5269 0.0.0.0:0 LISTENING
TCP 0.0.0.0:9090 0.0.0.0:0 LISTENING
TCP 0.0.0.0:9091 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1079 0.0.0.0:0 LISTENING
TCP 192.168.0.113:139 0.0.0.0:0 LISTENING
TCP 192.168.0.113:1136 192.168.0.10:445 ESTABLISHED
TCP 192.168.0.113:1156 192.168.0.10:8080 ESTABLISHED
TCP 192.168.0.113:1161 192.168.0.113:5222 ESTABLISHED
TCP 192.168.0.113:3389 192.168.0.10:2355 ESTABLISHED
TCP 192.168.0.113:5222 192.168.0.113:1161 ESTABLISHED
UDP 0.0.0.0:445 :
UDP 0.0.0.0:500 :
UDP 0.0.0.0:1033 :
UDP 0.0.0.0:1034 :
UDP 0.0.0.0:1035 :
UDP 0.0.0.0:1157 :
UDP 0.0.0.0:2967 :
UDP 0.0.0.0:4500 :
UDP 127.0.0.1:123 :
UDP 127.0.0.1:1026 :
UDP 127.0.0.1:1028 :
UDP 127.0.0.1:1030 :
UDP 127.0.0.1:1032 :
UDP 127.0.0.1:1036 :
UDP 127.0.0.1:1044 :
UDP 127.0.0.1:1053 :
UDP 127.0.0.1:1058 :
UDP 127.0.0.1:1063 :
UDP 127.0.0.1:1070 :
UDP 127.0.0.1:1071 :
UDP 127.0.0.1:1077 :
UDP 127.0.0.1:1116 :
UDP 127.0.0.1:1150 :
UDP 127.0.0.1:1152 :
UDP 127.0.0.1:1154 :
UDP 127.0.0.1:1160 :
UDP 127.0.0.1:1163 :
UDP 127.0.0.1:1900 :
UDP 192.168.0.113:123 :
UDP 192.168.0.113:137 :
UDP 192.168.0.113:138 :
UDP 192.168.0.113:1900 :
so the ports are open and bound to all interfaces.
“TCP 0.0.0.0:5222 0.0.0.0:0 LISTENING” means that it is using every interface.
Is there a local Windows firewall enabled?
The XP firewall is on; however, there is an exception for Wildfire Server and Spark listed and checked in the exceptions.
…and why would the firwall only be having an adverse effect when running Wildfire as a service vs. the click-to-run program? …unless the Wildfire Server listing isn’‘t for the correct executable and the service executable needs added …hmm I’'ll test this too
- though it doesn’‘t make sense to me at this time I’‘ll go ahead and create a GPO that disables the XP firewall and move that computer into an OU that I’‘ll apply this special GPO. I’'ll test and post back.
OK that was it!
Just needed to add the wildfire-service.exe program to the exceptions list.
Thanks for helping to get me past my mental block.