SparkWeb on Internet with ISA 2006

Openfire Openfire Support
1

I am running Openfire 3.4.1 and Openfire Enterprise 3.4.1 in my internal network over a Windows Server 2003 - SP2 with windows firewall disable.

When I connect to Spark web http://myinternaservername:9090/plugins/enterprise/sparkweb/index.jsp I have no problems and all is working fine.

I publish the SparkWeb on internet with ISA Server 2006, I have created a rule thar allow the access to SparkWeb whit a public address, for example:

http://publicname.company.com/plugins/enterprise/sparkweb/index.jsp the main page is displayed when I try to access I receive the following error:

"there was a security error of type: securityError

Error: Error #2048"

This error only occurre over the internet and with my ISA Server

Please help me…

2

SparkWeb is attempting to load a crossdomain.xml file by sending a request to xmlsocket://domain:5229

My guess would be that either your firewall is blocking it, or it’s getting confused about which domain to send the request to.

3

OK, but I don’t know where is located crossdomain.xml?? In my firewall I accept the tcp 5229 port

4

The file is generated dynamically by openfire enterprise, so I believe the issue is that it’s returning the wrong domain. You should be able to view the file simply by going to yourdomain:5229 in a browser and looking at the resulting file in a text editor.

5

Ups… I think that some think is wrong, I don’t see nothing with the browser, when I make a telnet to the 5229 port I receive the following…

<?xml version=“1.0”?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia

.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-a ccess-from d

omain="*" to-ports=“5222” /></cross-domain-policy>

What I can do?

6

When I try to connect over the Internet, in the Openfire Log Viewer are those errors:

2007.11.08 15:12:40 [org.jivesoftware.openfire.container.PluginManager$PluginMonitor.unzipPlugin(Pl uginManager.java:1045)
]

java.util.zip.ZipException: error in opening zip file

at java.util.zip.ZipFile.open(Native Method)

at java.util.zip.ZipFile.<init>(Unknown Source)

at java.util.jar.JarFile.<init>(Unknown Source)

at java.util.jar.JarFile.<init>(Unknown Source)

at org.jivesoftware.openfire.container.PluginManager$PluginMonitor.unzipPlugin(Plu ginManager.java:1008)

at org.jivesoftware.openfire.container.PluginManager$PluginMonitor.run(PluginManag er.java:899)

at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)

at java.util.concurrent.FutureTask$Sync.innerRunAndReset(Unknown Source)

at java.util.concurrent.FutureTask.runAndReset(Unknown Source)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101 (Unknown Source)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodi c(Unknown Source)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknow n Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

7

That’s correct. That’s what a crossdomain file looks like.

The question is why sparkweb isn’t seeing it.

8

I do not why, but remember my internat network have a diferent dns domain and network address. I don’t have a route from the Internet to my Internal Network.

9

The way it’s built right now, SparkWeb will query two places for the crossdomain file:

  1. the name that Openfire uses (shown as “Server Name” in the admin console)

  2. the name that you put into the server field of the login window

Port 5229 for both of those. So unless port 5229 on one of those domains is accessible, it will fail to find the crossdomain file. Does that clarify the situation at all? I’m not sure exactly how your network is set up, so it’s difficult for me to say exactly what’s going on.

10

David, I am not sure what are your request, and of curse you do not know all my network infrastructure, I will explain more it.

We have defined all users in the Active Directory, Openfire 3.4.1 is configured to use this users that are in a OU, we use Directory Server (LDAP) in the profile settings.

My Active Directory and servers are Windows Server 2003

The users we logon in spark (client) use the userID of the Active Directory, the password of the Active Directory domain and the server where Openfire is installed. (this works)

In the Internal network, with IE and Window XP my users use Sparkweb when travel and they input in user name the user ID of the active directory, in Server they see the name of the server in netbios format and finally input the password of the active directory domain (this works too)

In the case on Internet, I publish sparkweb in a ISA Server 2003, my internal IP address is different of the internet IP address, the ISA Server accept all request to the public address of sparkweb in the 80 TCP port (browser) and the ISA redirect to openfire server port 9090 on TCP, additional the ISA Server redirect all request that are send to TCP 5229 to openfire TCP 5229 port in the internal network. I am checking the log of the ISA Server Firewall and I don’t see any request to openfire-rule-5229, this because the name of the public domain is different that my internal domain. example, internal domain = intelnaldomain.loc internet domain = company.com

I am sure that this explanation can help you to understood my infrastructure

11

Good day Guillermo,

The only solution that i found in order to fix this problem was to change my Openfire (3.4.1) server domain name to my Internet Domain. This was the only way that i found in order to access my internal Openfire server from internet. May be with filters at the ISA or other firewall solution (changing your_openfire_internal_domain to your_internet_domain) can help. I will try this with my firewall and I will publish the results.

Good luck.