powered by Jive Software

Ssl clients authenticated but still offline

Hello everybody,

We, at our company, have openfire 3.7.1 installed for couple of years, but all of a sudden we faced the following: jabber clients who went offline, could not get back connected.

We tried to inspect server-side and client-side logs and didn’t find any evidence (probably because we don’t understand logged info deep enough).

Then, it has been noticed that problem affects only secure connections (ssl). It looks like this - on client side they receive “connection failed, check settings” message, and on sessions page (server-side) client connection appear with status authenticated, but stay always offline.

Then, however, we found 4 users who always connect fine, and seemingly nothing they have in common - different client software, different account creation time, different location etc. One of them is me :slight_smile: so I tried to create a test jabber account and successfully logged in, from my workstation with my client software. Then I installed another client software (most popular among our employees) and couldn’t get online witth both accounts - mine and recently created test user.

Then we tried to restore jabber database (we use openfire with mysql) from weekly backup, and wow - it fixed a problem! Couple days later everything repeated, and again restoring database somehow hepled… for a day. Then again. This time, on my workstation I’ve been able to get online with my account and common client software (qip), but only once. I changed account to test, was unable to log in, changed back to my account and didn’t get online since then. But with my client software (miranda) everything is still connecting ok - with my account and with test user.

Then we updated openfire to 3.8.2, and everything remained the same with ssl connections. Disabling ssl still helps, any client software connects fine in this case.

Any suggestions how to diagnose such a trouble? And maybe someone had the same things happened, how it has been solved then?

it has been noticed that everything starts working fine if we delete some old user accounts, so that total amount of users does not exceed 99

to verify this, we intentionally created a couple of new test users, and problem resumed

again, we drop users below 99 - and everything become ok with ssl-connections

does anybody know about some limitation like this?

or whatever…