Spark won't login after standby

Spark Spark Support
1

Hi,

The envrionment:

300 users connect to one 2008R2 server server

Most of client versions is spark 2.7.5 (same behaviour with spark 2.8.3) to openfire server 4.1.1

We connect using GSSAPI (SSO)

After our laptop has been in standby, some clients cannot connect to openfire server. it doens’t make any difference if we use SSO or just plain authentication with username/pass.

If using SSO, the identity can’t be confirmed.

To solve this we have to reboot the PC.

I’ve tried looking with procmon/wireshark, but can’t find anything interesting.

How do I start to debug this ?

2

When not using SSO you are using AD credentials to logon? What OS on the clients? What error is shown in Spark (2.8.3)? Check logs at appdata/roaming/spark/logs.

3

Warning log:

feb 01, 2017 10:10:38 AM org.jivesoftware.spark.util.log.Log warning

WARNING: Exception in Login:

SASL authentication failed:

– caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))]

at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:196)

at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:152)

at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 324)

at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:243)

at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1105)

at org.jivesoftware.LoginDialog$LoginPanel.access$1400(LoginDialog.java:333)

at org.jivesoftware.LoginDialog$LoginPanel$4.construct(LoginDialog.java:867)

at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:141)

at java.lang.Thread.run(Unknown Source)

Nested Exception:

javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))]

at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)

at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:192)

at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:152)

at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 324)

at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:243)

at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1105)

at org.jivesoftware.LoginDialog$LoginPanel.access$1400(LoginDialog.java:333)

at org.jivesoftware.LoginDialog$LoginPanel$4.construct(LoginDialog.java:867)

at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:141)

at java.lang.Thread.run(Unknown Source)

Caused by: GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))

at sun.security.jgss.krb5.Krb5InitCredential.getTgt(Unknown Source)

at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Unknown Source)

at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Unknown Source)

at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Unknown Source)

at sun.security.jgss.GSSManagerImpl.getMechanismContext(Unknown Source)

at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

… 10 more

Caused by: javax.security.auth.login.LoginException: Unable to obtain Principal Name for authentication

at com.sun.security.auth.module.Krb5LoginModule.promptForName(Unknown Source)

at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)

at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at javax.security.auth.login.LoginContext.invoke(Unknown Source)

at javax.security.auth.login.LoginContext.access$000(Unknown Source)

at javax.security.auth.login.LoginContext$4.run(Unknown Source)

at javax.security.auth.login.LoginContext$4.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)

at javax.security.auth.login.LoginContext.login(Unknown Source)

at sun.security.jgss.GSSUtil.login(Unknown Source)

at sun.security.jgss.krb5.Krb5Util.getTicket(Unknown Source)

at sun.security.jgss.krb5.Krb5InitCredential$1.run(Unknown Source)

at sun.security.jgss.krb5.Krb5InitCredential$1.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

… 17 more

feb 01, 2017 10:10:55 AM org.jivesoftware.spark.util.log.Log warning

WARNING: Exception in Login:

No response from the server.:

at org.jivesoftware.smack.NonSASLAuthentication.authenticate(NonSASLAuthentication .java:73)

at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 367)

at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:243)

at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1105)

at org.jivesoftware.LoginDialog$LoginPanel.access$1400(LoginDialog.java:333)

at org.jivesoftware.LoginDialog$LoginPanel$4.construct(LoginDialog.java:867)

at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:141)

at java.lang.Thread.run(Unknown Source)

feb 01, 2017 10:11:13 AM org.jivesoftware.spark.util.log.Log warning

WARNING: Exception in Login:

No response from the server.:

at org.jivesoftware.smack.NonSASLAuthentication.authenticate(NonSASLAuthentication .java:73)

at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 367)

at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:243)

at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1105)

at org.jivesoftware.LoginDialog$LoginPanel.access$1400(LoginDialog.java:333)

at org.jivesoftware.LoginDialog$LoginPanel$4.construct(LoginDialog.java:867)

at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:141)

at java.lang.Thread.run(Unknown Source)

Error Log:

jan 26, 2017 1:01:59 PM org.jivesoftware.spark.util.log.Log error

SEVERE:

No response from the server.:

at org.jivesoftware.smackx.PrivateDataManager.getPrivateData(PrivateDataManager.ja va:209)

at org.jivesoftware.sparkimpl.plugin.scratchpad.Tasks.getTaskList(Tasks.java:205)

at org.jivesoftware.sparkimpl.plugin.scratchpad.TaskNotification$2.run(TaskNotific ation.java:73)

at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)

at java.util.concurrent.FutureTask.run(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

jan 30, 2017 9:31:18 AM org.jivesoftware.spark.util.log.Log error

SEVERE: Dictionary not found

jan 30, 2017 2:17:27 PM org.jivesoftware.spark.util.log.Log error

SEVERE:

No response from the server.:

at org.jivesoftware.smackx.PrivateDataManager.getPrivateData(PrivateDataManager.ja va:209)

at org.jivesoftware.sparkimpl.plugin.scratchpad.Tasks.getTaskList(Tasks.java:205)

at org.jivesoftware.sparkimpl.plugin.scratchpad.TaskNotification$2.run(TaskNotific ation.java:73)

at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)

at java.util.concurrent.FutureTask.run(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

jan 30, 2017 2:43:36 PM org.jivesoftware.spark.util.log.Log error

SEVERE: Dictionary not found

jan 31, 2017 8:46:22 AM org.jivesoftware.spark.util.log.Log error

SEVERE: Dictionary not found

jan 31, 2017 11:53:56 AM org.jivesoftware.spark.util.log.Log error

SEVERE: Dictionary not found

feb 01, 2017 8:36:12 AM org.jivesoftware.spark.util.log.Log error

SEVERE: Dictionary not found

feb 01, 2017 9:13:33 AM org.jivesoftware.spark.util.log.Log error

SEVERE: Dictionary not found

feb 01, 2017 9:18:16 AM org.jivesoftware.spark.util.log.Log error

SEVERE: Dictionary not found

4

Os Client is Windows 10

We are using AD credentials to logon.

5

Well, this seems to be related to AD/GSSAPI and i don’t have experience with that. Maybe @speedy will have a chance to look at this.

6

it looks like the tgt session key may no longer be available. if you close spark <lock the desktop, and unlock the desktop>, this should force a new key. Launch spark.

note. you also have to do this when connecting over vpn, since windows can’t get a kerberos ticket until after you’ve signed into the network and have authenticated!

no as far as spark hanging. I sometimes see this when coming out of sleep as well, and usually I just restart spark. I haven’t had time to do any testing to find the cause.

7

Hi,

"it looks like the tgt session key may no longer be available. if you close spark <lock the desktop, and unlock the desktop>, this should force a new key. Launch spark. "

already tried this, doesn’t fix it, also doesn’t explain why plain authentication also fails (with username /password)

8

is this only happening on windows 10 workstations?

9

Reports from servicedesk says it happens also on Windows 7 clients.

10

is this coming out of sleep or hibernate? is it happen only after long periods of sleep/hibernate? is it laptops or desktops?

11

Hi Speedy,

All Laptop, coming out of sleep.

i’ll ask to disable hybernation to be sure.

Time frame is 15min to 30min.

12

I’ve tried to reproduce this all day, and haven’t been able to. are you able to reproduce this on your end?

13

i’m not able to reporduce the problem on my laptop. i’m beginning to think this only happens on Windows 10. i’ll report back when i’ve got a machine with the problem.

14

could you test the latest nightly build? there have been a few changes on the reconnection stuff.

Ignite Realtime: Spark Nightly Builds

Thanks

15

Hi,

so after testing, I cannot reproduce the issue on a windows 7, but i can on a clean installed Windows 10 version 1511, build 10586.0.

When the Laptop goes in standby more than once, spark is hanging to reconnect.

I’ve installed 2.8.3.967 build, it then worked, but after a standby, is again broken. (unable to connect using Single Sign-On. Please Check your principal and server settings.)

when looking with procmon i can’t find any interesting;

Looking with wireshark, spark doesn’t even try to communicate with the openfire server.

edit: also note, when using plain authentication, it’s the same result, won’t even try to connect tothe server.

In the spark logs:

…failed because java.net.unkownhostexception: failed because java.net.unkownhostexception.

edit2: i can ping / resolve on ip and on hostname and can telnet to the port with putty.

16

Just found out, that:

Scenario on a Windows 10 laptop (behaviour is the same with online spark (jre folder delete, lastest java installed or spark with java):

Spark is running.

Close Laptop.

Wait for a minute or 2

Login

Spark can’t login using SSO

turn off SSO

turn on SSO

Spark can login using SSO

Hope this helps.

17

so what to do from here on? Do i need to log a ticket somewhere, or is this issue non existing with other users?

18

In essence you’ve already logged the “ticket” here. There is no other line of support really. If speedy can’t even reproduce it, then filing a ticket won’t change much as he is pretty much our only SSO expert in the community here. Not sure what to do next. I personally do not use SSO and have no experience with it. Maybe speedy will come up with something.

19

I deleted my windows 10 vm, and don’t have the space to rebuild it! I might have a laptop around here somewhere that I can install windows 10 on and give it a go. I just don’t know when that will be.