"Unknown connection error. Please review the logs for more information" - XMPP, SSL, TLS-related issues with Openfire and Spark

Spark Spark Support
1

Thank you all for your time in helping me troubleshoot this very frustrating issue. I hope below I provide all necessary information to help get started.

My Configuration

I have Openfire installed and pointing to MySQL on a Windows Server 2012 machine. The Server 2012 machine runs ADDS with DNS. My organization uses Spark only on a private LAN. Everything was working well up until a few days ago when 1) the MySQL account/password Openfire uses to access and write to the database tables expired and 2) to troubleshoot this, we updated Openfire and Spark to the newest versions. So we are currently using Openfire 4.1.1 and Spark 2.8.2. The MySQL username/password issue has been resolved, and I’m now working with completely fresh installs of Openfire, Spark, and a brand new database in MySQL.

Despite the fresh installs and new database, I cannot get any Spark clients to authenticate to the Openfire server, and I believe this to be related to XMPP and Certificate problems. I’m prompted to this conclusion because of warnings shown to me in the Openfire admin concerning missing or misconfigured DNS entries for XMPP. So I’ve tried to resolve that as follows:

My XMPP & DNS SRV Configurations

My Openfire XMPP server and hostname (FQDN) are both the same: chat-server.mydomain.com (actual server names redacted for security)

I have SRV records in my DNS for this same server name, which look like this:

SRV
Variable
Domain:
mydomain.com
Service:
_xmpp-client
Protocol:
_tcp
Priority:
0
Weight:
0
Port number:
5222
Host offering this service:
chat-server.mydomain.com

I have an additional SRV entry for _xmpp-server on port 5269 for server-to-server connections (although my organization presently has only one openfire server). After these SRV records propagated, the warnings in the Openfire admin went away.

The Ongoing Problem

Spark clients will not authenticate to Openfire even with valid usernames and passwords pointing to the correct domain (chat-server.mydomain.com). Spark throws the following “login error”: Unknown connection error. Please review the logs for more information.

The Errors

“Accept all certificates …” and “Disable certificate hostname verification …” checked in Spark

Jan 06, 2017 3:47:28 PM org.jivesoftware.spark.util.log.Log warning

WARNING: Exception in Login:

org.jivesoftware.smack.SmackException$NoResponseException: No response received within reply timeout. Timeout was 10000ms (~10s). Used filter: No filter used or filter was ‘null’.

at org.jivesoftware.smack.SmackException$NoResponseException.newWith(SmackExceptio n.java:106)

at org.jivesoftware.smack.SmackException$NoResponseException.newWith(SmackExceptio n.java:85)

at org.jivesoftware.smack.SynchronizationPoint.checkForResponse(SynchronizationPoi nt.java:253)

at org.jivesoftware.smack.SynchronizationPoint.checkIfSuccessOrWait(Synchronizatio nPoint.java:146)

at org.jivesoftware.smack.SynchronizationPoint.checkIfSuccessOrWaitOrThrow(Synchro nizationPoint.java:125)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectInternal(XMPPTCPConnection. java:857)

at org.jivesoftware.smack.AbstractXMPPConnection.connect(AbstractXMPPConnection.ja va:364)

at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1090)

at org.jivesoftware.LoginDialog$LoginPanel.access$900(LoginDialog.java:343)

at org.jivesoftware.LoginDialog$LoginPanel$3.construct(LoginDialog.java:881)

at org.jivesoftware.spark.util.SwingWorker.lambda$new$1(SwingWorker.java:142)

at java.lang.Thread.run(Unknown Source)

Only “Accept all certificates” checked in Spark

Jan 06, 2017 3:48:11 PM org.jivesoftware.smack.util.DNSUtil resolveDomain

WARNING: Exception while resovling SRV records for chat-server.mydomain.com. Consider adding ‘_xmpp-(server|client)._tcp’ DNS SRV Records

javax.naming.NameNotFoundException: DNS name not found [response code 3]; remaining name ‘_xmpp-client._tcp.chat-server.mydomain.com’

at com.sun.jndi.dns.DnsClient.checkResponseCode(Unknown Source)

at com.sun.jndi.dns.DnsClient.isMatchResponse(Unknown Source)

at com.sun.jndi.dns.DnsClient.doUdpQuery(Unknown Source)

at com.sun.jndi.dns.DnsClient.query(Unknown Source)

at com.sun.jndi.dns.Resolver.query(Unknown Source)

at com.sun.jndi.dns.DnsContext.c_getAttributes(Unknown Source)

at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(Unknown Source)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source)

at javax.naming.directory.InitialDirContext.getAttributes(Unknown Source)

at org.jivesoftware.smack.util.dns.javax.JavaxResolver.lookupSRVRecords(JavaxResol ver.java:78)

at org.jivesoftware.smack.util.DNSUtil.resolveDomain(DNSUtil.java:171)

at org.jivesoftware.smack.util.DNSUtil.resolveXMPPDomain(DNSUtil.java:120)

at org.jivesoftware.smack.AbstractXMPPConnection.populateHostAddresses(AbstractXMP PConnection.java:574)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectUsingConfiguration(XMPPTCPC onnection.java:564)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectInternal(XMPPTCPConnection. java:850)

at org.jivesoftware.smack.AbstractXMPPConnection.connect(AbstractXMPPConnection.ja va:364)

at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1090)

at org.jivesoftware.LoginDialog$LoginPanel.access$900(LoginDialog.java:343)

at org.jivesoftware.LoginDialog$LoginPanel$3.construct(LoginDialog.java:881)

at org.jivesoftware.spark.util.SwingWorker.lambda$new$1(SwingWorker.java:142)

at java.lang.Thread.run(Unknown Source)

Thanks again in advance for your help!

Kind regards,

-Jeremiah