Hi

can any one help me on the following

i have 2 windows server with 2 different domain. 1. Windows Server 2008 R2 DC is  abc.com  and 2nd one windows Server 2012 DC is xyz.com

i have successfully installed open fire server 4.1.5  and AD users are able to login through Spark 2.8.3 spark client.

can any one guide me how abc.com domain users can chat with xyz.com domain?

step by step instruction will help me to do it..

Thanks

Dibakar

Hi  Blason

i have a same requirement right now to set up open fire in multiple domains..

i have already set up open fire in 2 domains and AD users are able to login through Spark.

now i would like to set up how abc.com users can chat with domain xyz.com

can you help me on it..

Thanks

Dibakar

I'm trying to connect stanza.io (websocket and bosh) with Openfire 4.1.3 . I'm using the last version of stanza.io and I have diferent problems depending of protocol:

• bosh: I receive no-authentication. These are the messages interchanged:
  • stanza.io->>>  <body xmlns="http://jabber.org/protocol/httpbind" xmlns:xmpp="urn:xmpp:xbosh" xmpp:version="1.0" to="openopen" xml:lang="en" wait="30" ver="1.6" hold="1" rid="9782020898"/>
  • Openfire<<<-  <body xmlns="http://jabber.org/protocol/httpbind" xmlns:stream="http://etherx.jabber.org/streams" from="openopen" authid="jon2s7wv0" sid="jon2s7wv0" secure="true" requests="2" inactivity="30" polling="5" wait="30" hold="1" ack="9782020898" maxpause="300" ver="1.6"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism >SCRAM-SHA-1</mechanism><mechanism>EXTERNAL</mechanism><mechanism>CRAM-MD5</mec h anism><mechanism>DIGEST-MD5</mechanism></mechanisms><register xmlns="http://jabber.org/features/iq-register"/><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/><session xmlns="urn:ietf:params:xml:ns:xmpp-session"><optional/></session></stream:featu res></body>
  • stanza.io->>>  <body xmlns="http://jabber.org/protocol/httpbind" xmlns:xmpp="urn:xmpp:xbosh" rid="9782020899" sid="jon2s7wv0"><auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="EXTERNAL"></auth></body>
  • stanza.io->>>  <body xmlns="http://jabber.org/protocol/httpbind" xmlns:xmpp="urn:xmpp:xbosh" rid="9782020900" sid="jon2s7wv0"/>
  • Openfire<<<-  <body xmlns='http://jabber.org/protocol/httpbind' ack='9782020899'><failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure></body>
• websocket: I don't receive anything (plugin is installed)

Do you have any idea about this problem?

Best Regards,

LeChuck

Hi community,

we are operating Openfire 4.1.3 on a Ubuntu 14.04 VM. Clients all using Spark to connect. All is based within an IPSEC Network. All Tunnels are working. From time to time clients are disconnecting and disappear from the roster. I already chose the option "do not diconnect clients that are idle". When I restart the openfire service manually, all disconnected users are available again. Sometimes Spark crashes while restarting the service but thats another problem.

Here are some logs, maybe it can help understanding the problem:

I have a conversations application on my phone. it perfectly works with Openfire 4.0,1 however when i use newer version of openfire I cannot connect anymore. here is what i get from connecting to Openfire 4.1.4

2017.06.26 21:15:47 INFO  [socket_c2s-thread-2]: org.jivesoftware.openfire.net.SASLAuthentication - Support added for the 'CRAM-MD5' SASL mechanism.

2017.06.26 21:15:47 INFO  [socket_c2s-thread-2]: org.jivesoftware.openfire.net.SASLAuthentication - Support added for the 'GSSAPI' SASL mechanism.

2017.06.26 21:15:47 INFO  [socket_c2s-thread-2]: org.jivesoftware.openfire.net.SASLAuthentication - Support added for the 'JIVE-SHAREDSECRET' SASL mechanism.

2017.06.26 21:15:47 WARN  [socket_c2s-thread-2]: org.jivesoftware.openfire.nio.ConnectionHandler - Closing connection due to exception in session: (0x00000002: nio socket, server, /192.168.1.104:44784 => /192.168.1.104:5222)

javax.net.ssl.SSLHandshakeException: SSL handshake failed.

    at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:487)

    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(D efaultIoFilterChain.java:417)

    at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilt erChain.java:47)

    at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceiv ed(DefaultIoFilterChain.java:765)

    at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapte r.java:109)

    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(D efaultIoFilterChain.java:417)

    at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(Defau ltIoFilterChain.java:410)

    at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoP rocessor.java:710)

    at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPolling IoProcessor.java:664)

    at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPolling IoProcessor.java:653)

    at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPoll ingIoProcessor.java:67)

    at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1124)

    at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

    at java.lang.Thread.run(Thread.java:745)

Caused by: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)

    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1646)

    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1614)

    at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1780)

    at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1075)

    at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:901)

    at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:775)

    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)

    at org.apache.mina.filter.ssl.SslHandler.unwrap(SslHandler.java:728)

    at org.apache.mina.filter.ssl.SslHandler.unwrapHandshake(SslHandler.java:666)

    at org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:552)

    at org.apache.mina.filter.ssl.SslHandler.messageReceived(SslHandler.java:351)

    at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:468)

    ... 15 more

any idea how to solve this?

I have a few groups that were shared in opefire via ldap, but it looks like they have been deleted from active directory - and now I get the following logs appearing.

How can I remove this shared group?

Our LDAP team upgraded the endpoint for connections removing insecure protocols and ciphers.

I was unable to login to the admin console (and likely users were unable to authenticate to chat) until pointing to another LDAP node (in the cluster) with an endpoint that had not yet been upgraded. This was done via an /etc/hosts mapping. The non-upgraded IP address was given for the updated LDAP server name.

I updated the JRE cipheres with:

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for JDK/JRE 8 Download

noticed these new ciphers (in addition to others):

and made them available via the admin console within Openfire (4.0.3).

I then removed the /etc/hosts mapping.

I was unable to login to the admin console until downgrading the DH keySize to < 1024

#jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 2048

jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024

within jdk1.8.0_72/jre/lib/security/java.security (the JRE our Openfire uses).

I am confused as to why this was necessary? The error I could see in the log until doing so was:

"DHPublicKey does not comply to algorithm constraints"

openssl s_connect to both new and old LDAP systems (both 636) show 2048 public keys, though with different ciphers, depending on the machine I run openssl s_connect from ... I guess due to differing openssl versions or cipher config differences ...

The DH keySize < 2048 setting had worked until the LDAP endpoint was upgraded, and continued to work when pointing to the non-upgraded LDAP endpoint. It seems unusual that apparently newer more secure protocols / ciphers would require this seeming downgrade to the security settings.

A java program that tests SSL gave the following info (from the Openfire machine, using same JRE Openfire uses):

Testing server - upgraded endpoint

Given this client's capabilities ([SSLv3, TLSv1, TLSv1.1, TLSv1.2]), the server prefers protocol=TLSv1.2, cipher=TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

Testing server - non-upgraded endpoint

Given this client's capabilities ([SSLv3, TLSv1, TLSv1.1, TLSv1.2]), the server prefers protocol=TLSv1.2, cipher=TLS_RSA_WITH_AES_128_CBC_SHA

I am also unsure if the error refers to the the LDAP SSL or the SSL on Openfire itself? Our instance XMPP and admin console require SSL.

Here are some of the stack traces showing the issue for the admin console access and LDAP connection:

2017.07.25 18:54:32 WARN  [Jetty-QTP-AdminConsole-98]: org.jivesoftware.admin.LoginLimitManager - Failed admin console login attempt by <myuserid> from <myIP>

2017.07.25 18:54:33 INFO  [Server SR - 881162561]: org.jivesoftware.openfire.net.SocketReadingMode - STARTTLS negotiation (with: org.jivesoftware.openfire.net.SocketConnection@1248cf94 socket: Socket[addr=/78.46.93.108,port=57984,localport=5269] session: org.jivesoftware.openfire.session.LocalIncomingServerSession@2843cab status: 1 address: <xyz>.com/5c3gn5yu6p id: 5c3gn5yu6p) failed.

javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints

        at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431)

        at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)

        at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)

        at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)

        at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)

        at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:241)

        at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:178)

        at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:1 95)

        at org.jivesoftware.openfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode. java:87)

        at org.jivesoftware.openfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:138)

        at org.jivesoftware.openfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 76)

        at org.jivesoftware.openfire.net.SocketReader.run(SocketReader.java:145)

        at java.lang.Thread.run(Thread.java:745)

Caused by: javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints

        at sun.security.ssl.DHCrypt.checkConstraints(DHCrypt.java:237)

        at sun.security.ssl.ServerHandshaker.clientKeyExchange(ServerHandshaker.java:1599)

        at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:269)

        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)

        at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)

        at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)

        at java.security.AccessController.doPrivileged(Native Method)

        at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)

        at org.jivesoftware.openfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:34 4)

        at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:254)

        ... 7 more

2017.07.25 18:54:36 INFO  [Server SR - 1692736043]: org.jivesoftware.openfire.net.SocketReadingMode - STARTTLS negotiation (with: org.jivesoftware.openfire.net.SocketConnection@7b80ac6e socket: Socket[addr=/136.243.42.223,port=47704,localport=5269] session: org.jivesoftware.openfire.session.LocalIncomingServerSession@330ab9e3 status: 1 address: <xyz>.com/5rljrbkums id: 5rljrbkums) failed.

javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints

        at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431)

        at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)

        at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)

        at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)

        at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)

        at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:241)

        at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:178)

        at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:1 95)

        at org.jivesoftware.openfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode. java:87)

        at org.jivesoftware.openfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:138)

        at org.jivesoftware.openfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 76)

        at org.jivesoftware.openfire.net.SocketReader.run(SocketReader.java:145)

        at java.lang.Thread.run(Thread.java:745)

Caused by: javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints

        at sun.security.ssl.DHCrypt.checkConstraints(DHCrypt.java:237)

        at sun.security.ssl.ServerHandshaker.clientKeyExchange(ServerHandshaker.java:1599)

        at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:269)

        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)

        at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)

        at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)

        at java.security.AccessController.doPrivileged(Native Method)

        at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)

        at org.jivesoftware.openfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:34 4)

        at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:254)

        ... 7 more

2017.07.25 19:03:00 ERROR [Jetty-QTP-AdminConsole-56]: org.jivesoftware.openfire.ldap.LdapAuthProvider - Error connecting to LDAP server

javax.naming.CommunicationException: <myLDAP>:636 [Root exception is javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints]

        at com.sun.jndi.ldap.Connection.<init>(Connection.java:226)

        at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)

        at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.ja va:64)

        at com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:115)

        at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:132)

        at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:329)

        at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1606)

        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)

        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)

        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)

        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)

        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)

        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)

        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)

        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)

        at javax.naming.InitialContext.init(InitialContext.java:244)

        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)

        at org.jivesoftware.util.JiveInitialLdapContext.<init>(JiveInitialLdapContext.java :43)

        at org.jivesoftware.openfire.ldap.LdapManager.getContext(LdapManager.java:568)

        at org.jivesoftware.openfire.ldap.LdapManager.findUserDN(LdapManager.java:975)

        at org.jivesoftware.openfire.ldap.LdapManager.findUserDN(LdapManager.java:928)

        at org.jivesoftware.openfire.ldap.LdapAuthProvider.authenticate(LdapAuthProvider.j ava:126)

        at org.jivesoftware.openfire.auth.AuthFactory.authenticate(AuthFactory.java:217)

        at org.jivesoftware.openfire.admin.login_jsp._jspService(login_jsp.java:175)

        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)

        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1669)

        at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:39)

        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)

        at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:76)

        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)

        at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:53)

        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)

        at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:80)

        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)

        at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:162)

        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)

        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)

        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)

        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)

        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:22 3)

        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:11 27)

        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)

        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185 )

        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:106 1)

        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)

        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandler Collection.java:215)

        at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.jav a:110)

        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)

        at org.eclipse.jetty.server.Server.handle(Server.java:499)

        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)

        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)

        at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)

        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635 )

        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)

        at java.lang.Thread.run(Thread.java:745)

Caused by: javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints

        at sun.security.ssl.DHCrypt.checkConstraints(DHCrypt.java:237)

        at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:712)

        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:268)

        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)

        at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)

        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)

        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)

        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)

        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)

        at com.sun.jndi.ldap.Connection.createSocket(Connection.java:376)

        at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)

        ... 56 more

Thanks for any help!

sg

I have server to server communication enabled, unsurprisingly I see many connections to our Openfire (4.0.3) server from unfamiliar servers. I'm unsure what they're actually doing?

They seem to be facilitating conversations, with users in our domain who have never logged in to our Openfire instance. The conversations ( ~ 100+) all say < 1 min with 1 message and occasionally the domain user in our domain in the conversation doesn't follow our JID format, e.g. is first.last@domain.com instead of uid@domain.com.

Is this peering? What is it?

Another piece of info I don't think is relevant,  our org is a Google apps user, anyone in that ecosystem, using Gmail for example, is referred to the Google apps XMPP endpoints for our domain, even though our actual DNS XMPP entries point to our Openfire instance. E.g. Other users in Google land are told to talk to our Google users via Google's infrastructure and not use actual DNS.

Thanks for any info!

sg

Does Openfire client certificate login check CRLs by default? I am looking at certificate login using Swift XMPP Client and Openfire server. I have imported the CA certs for the trust chain for the users client certificate. Does Openfire support OCSP to be able to point to something like a local Axway Desktop Validation Authority Responder - Server? Or is my only option to build a local file and define xmpp.client.certificate.crl?

Just tried to install and configure Openfire 4.1.5 on a MacOS 10.9.5 system. FWIW, I don't have networking/server training or experience, but want to set up a simple chat server to handle basic chat service for the 25 or so people in my office. It was my understanding that Openfire, with its defaults right out of the box, should be very easy to get up and running. So I figured I'd try it and see what happens.

The installation went just fine, but when I first tried to work with it, everything came to a screeching halt. I clicked on the prefpane, and it went through its expected relaunch of System Preferences due to the 32 bit/64 bit thing.  But when the launch window opens, the "Open Admin Console" button is greyed out and unresponsive--and under "Status", Openfire is showing as "Stopped" (see attached screenshot).  I clicked the unlock icon and authenticated, so that's not the problem. When I click on "Start Openfire", it appears to be launching something (the Apple gearwheel spinner appears), but then it stops with no apparent change, in anything. So obviously I'm stuck at this point. To troubleshoot, thinking of old vs. new OS issues, I also tried this with a different Mac running the latest Sierra 10.12.6.  Same exact thing.

Am I missing something obvious?   One thing I've thought of is that this could be related to the presence or absence of the right Java software on my system. But I've always found the Java runtime/"machine" stuff to be mysterious and have never paid it any attention (why wouldn't my current Mac, running Sierra have the "right" Java software on it?). And wouldn't Openfire complain with an error message or something, if it detected that no Java was available (or the *wrong* one)?

Any help would be MOST appreciated.

Mark

Hi

can any one help me on the following

i have 2 windows server with 2 different domain. 1. Windows Server 2008 R2 DC is  abc.com  and 2nd one windows Server 2012 DC is xyz.com

i have successfully installed open fire server 4.1.5  and AD users are able to login through Spark 2.8.3 spark client.

can any one guide me how abc.com domain users can chat with xyz.com domain?

step by step instruction will help me to do it..

Thanks

Dibakar

Offline messages are not delivering to the user when the person avails.

Code:

DelayInformation   info = (DelayInformation)message.getExtension("x","jabber:x:delay");

returns null.

when i iterate the collection of message.getExtensions() , i get  delay urn:xmpp:delay.

can anyone explain on this.

I'm using smack and smackx.jar. Though the smackx.jar has smack.providers it's not taken into account.

Is there any way to let all user(even who are not Roster) see each other name and avatar ?

I haven't been able to set up this program properly. After setting it up, it asks for the login and password. I paste in the ones I have saved to a text file, that I chose earlier, but they don't work. I've reinstalled fully twice with different logins and passwords but they never work.

OS: Windows 7

OpenFire Version: 4.1.5

Hello.

How can I understand who is chatting with who?

Thank you.

Hello. Tell me, please, where is written, how do OpenFire clients send files between them? Configured the OpenFire server on Windows. Messages are sent without problems. When transferring files between Pidgin clients, everything passes without problems. When using QIP and Pidgin, files are not send. Install Spark. With Spark on QIP are send, there is no back.
Perhaps someone already set up send files using the QIP client and there is a description? I did not find a detailed description of how to do this.

I apologize for the bad english.

People, help please deal with errors.

There are:

Windows Server2012x64 R2

Openfire 4.1.5 --> SQL Server 2014

Real server and domain names have been changed for security reasons.

1. After changing the name of the groups in the Active Dircetory, openfire can not read them correctly or it seems to me that the old names in some tables are preserved in the database and it tries to read them and naturally does not find it and error.log is clogged with similar messages:

2017.07.31 16:24:47 org.jivesoftware.openfire.ldap.LdapGroupProvider - Groupname Отдел взаимодействия not found
org.jivesoftware.openfire.group.GroupNotFoundException: Groupname Отдел взаимодействия not found
    at org.jivesoftware.openfire.ldap.LdapManager.findGroupDN(LdapManager.java:1149)
    at org.jivesoftware.openfire.ldap.LdapManager.findGroupDN(LdapManager.java:1076)
    at org.jivesoftware.openfire.ldap.LdapGroupProvider.getGroup(LdapGroupProvider.jav a:83)
    at org.jivesoftware.openfire.group.GroupManager.getGroup(GroupManager.java:357)
    at org.jivesoftware.openfire.group.GroupManager.getGroup(GroupManager.java:334)
    at org.jivesoftware.openfire.group.GroupCollection$GroupIterator.getNextElement(Gr oupCollection.java:116)
    at org.jivesoftware.openfire.group.GroupCollection$GroupIterator.hasNext(GroupColl ection.java:77)
    at org.jivesoftware.openfire.roster.RosterManager.getSharedGroups(RosterManager.ja va:192)
    at org.jivesoftware.openfire.handler.IQSharedGroupHandler.handleIQ(IQSharedGroupHa ndler.java:61)
    at org.jivesoftware.openfire.handler.IQHandler.process(IQHandler.java:66)
    at org.jivesoftware.openfire.IQRouter.handle(IQRouter.java:372)
    at org.jivesoftware.openfire.IQRouter.route(IQRouter.java:115)
    at org.jivesoftware.openfire.spi.PacketRouterImpl.route(PacketRouterImpl.java:78)
    at org.jivesoftware.openfire.net.StanzaHandler.processIQ(StanzaHandler.java:341)
    at org.jivesoftware.openfire.net.ClientStanzaHandler.processIQ(ClientStanzaHandler .java:99)
    at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:306)
    at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:198)
    at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandl er.java:181)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceive d(DefaultIoFilterChain.java:690)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(D efaultIoFilterChain.java:417)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilt erChain.java:47)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceiv ed(DefaultIoFilterChain.java:765)
    at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapte r.java:109)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(D efaultIoFilterChain.java:417)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilt erChain.java:47)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceiv ed(DefaultIoFilterChain.java:765)
    at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flus h(ProtocolCodecFilter.java:407)
    at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecF ilter.java:236)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(D efaultIoFilterChain.java:417)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilt erChain.java:47)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceiv ed(DefaultIoFilterChain.java:765)
    at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
    at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
    at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTask(Ordere dThreadPoolExecutor.java:769)
    at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTasks(Order edThreadPoolExecutor.java:761)
    at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.run(OrderedThr eadPoolExecutor.java:703)
    at java.lang.Thread.run(Unknown Source)

2. In the info.log, errors like:

It's not entirely clear what he's doing at all, jud.qip.ru, users.qip.ru ...

Something about the blacklist and routing and that it will not work, although with these addresses and so things do not seem to have, i.e. Connection from outside and third-party resources is not implied ...

2017.07.31 10:43:04 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: server.нашдомен .ru to server-pc] - Unable to create new session: Cannot create a plain socket connection with any applicable remote host.
2017.07.31 11:52:03 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: server2.нашдомен .ru to proxy.eu.jabber.org] - Unable to create new session: Cannot create a plain socket connection with any applicable remote host.

2017.07.30 20:44:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: server.нашдомен .ru to vjud.qip.ru] - Unable to create new session: Cannot create a plain socket connection with any applicable remote host.
2017.07.30 20:44:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: server.нашдомен .ru to jud.qip.ru] - Unable to create new session: Cannot create a plain socket connection with any applicable remote host.
2017.07.30 20:44:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: server2.нашдомен .ru to users.qip.ru] - Unable to create new session: Cannot create a plain socket connection with any applicable remote host.
2017.07.30 20:44:56 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: server.нашдомен .ru to qip.ru] - STARTTLS negotiation failed. Closing connection (without sending any data such as <failure/> or </stream>).

2017.07.27 09:41:48 org.jivesoftware.openfire.spi.RoutingTableImpl - Will not route: Remote domain vjud.server is not accessible according to our configuration (typical causes: server federation is disabled, or domain is blacklisted).
2017.07.27 09:41:55 org.jivesoftware.openfire.spi.RoutingTableImpl - Will not route: Remote domain jud.server is not accessible according to our configuration (typical causes: server federation is disabled, or domain is blacklisted).
2017.07.27 09:41:55 org.jivesoftware.openfire.spi.RoutingTableImpl - Will not route: Remote domain users.server is not accessible according to our configuration (typical causes: server federation is disabled, or domain is blacklisted).
2017.07.27 09:43:36 org.jivesoftware.openfire.spi.RoutingTableImpl - Will not route: Remote domain proxy.eu.jabber.org is not accessible according to our configuration (typical causes: server federation is disabled, or domain is blacklisted).

3. Periodically fall off / disappear customers in the roster.

Warn.log is clogged with errors like:

2017.07.31 16:02:40 org.jivesoftware.openfire.nio.ConnectionHandler - Closing connection due to exception in session: (0x00001269: nio socket, server, null => 0.0.0.0/0.0.0.0:5222)
org.apache.mina.core.write.WriteToClosedSessionException
    at org.apache.mina.core.polling.AbstractPollingIoProcessor.clearWriteRequestQueue( AbstractPollingIoProcessor.java:638)
    at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeNow(AbstractPolli ngIoProcessor.java:599)
    at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeSessions(Abstract PollingIoProcessor.java:560)
    at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$800(AbstractPoll ingIoProcessor.java:67)
    at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1132)
    at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
2017.07.31 16:04:04 org.jivesoftware.openfire.net.SocketReader - Closing session due to incorrect hostname in stream header. Host: server. Connection: org.jivesoftware.openfire.net.SocketConnection@728f01 socket: Socket[addr=/172.16.1.94,port=53746,localport=5269] session: null
2017.07.31 16:04:04 org.jivesoftware.openfire.net.SocketReader - Closing session due to incorrect hostname in stream header. Host: server. Connection: org.jivesoftware.openfire.net.SocketConnection@1cd8eef socket: Socket[addr=/172.16.1.94,port=53747,localport=5269] session: null
2017.07.31 16:04:04 org.jivesoftware.openfire.server.ServerDialback[Acting as Originating Server: Create Outgoing Session from: server.нашдомен.ru to RS at: server (port: 5269)] - Unable to create a new outgoing session
2017.07.31 16:04:04 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Create outgoing session for: server.нашдомен.ru to server] - Unable to create a new session: Dialback (as a fallback) failed.
2017.07.31 16:04:04 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: 'server.нашдомен.ru' to remote domain: 'server'] - Unable to authenticate: Fail to create new session.
2017.07.31 16:05:01 org.jivesoftware.openfire.net.SocketUtil - Unable to create a socket connection to XMPP domain 'proxy.eu.jabber.org' using remote host: proxy.eu.jabber.org:5269. Cause: proxy.eu.jabber.org (a full stacktrace is logged on debug level)
2017.07.31 16:05:01 org.jivesoftware.openfire.net.SocketUtil - Unable to create a socket connection to XMPP domain 'proxy.eu.jabber.org': Unable to connect to any of its remote hosts.
2017.07.31 16:05:01 org.jivesoftware.openfire.session.LocalOutgoingServerSession[Authenticate local domain: 'server.нашдомен.ru' to remote domain: 'proxy.eu.jabber.org'] - Unable to authenticate: Fail to create new session.
2017.07.31 16:10:40 org.jivesoftware.openfire.nio.ConnectionHandler - Closing connection due to exception in session: (0x00001A9A: nio socket, server, /172.16.1.57:60599 => 0.0.0.0/0.0.0.0:5222)


2017.07.31 16:38:35 org.jivesoftware.openfire.nio.ConnectionHandler - Closing connection due to exception in session: (0x00001709: nio socket, server, /172.16.1.159:1182 => 0.0.0.0/0.0.0.0:5222)
java.io.IOException: Удаленный хост принудительно разорвал существующее подключение
    at sun.nio.ch.SocketDispatcher.read0(Native Method)
    at sun.nio.ch.SocketDispatcher.read(Unknown Source)
    at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
    at sun.nio.ch.IOUtil.read(Unknown Source)
    at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
    at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:273)
    at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:44)
    at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoP rocessor.java:690)
    at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPolling IoProcessor.java:664)
    at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPolling IoProcessor.java:653)
    at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPoll ingIoProcessor.java:67)
    at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1124)
    at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

4. The search for people on the roster does not work.

I upgraded to Openfire from 4.1.4 to 4.1.5. It seems to work fine for me however, now that employees are attempting to use it, spark (v 2.77) will not show any contacts. Just a blank space. You can add someone but that doesn't show up either. My install will show users but it shows them as away even though I verified they are using their computer. So I attempted to downgrade back to 4.1.4 but it removed the openfire service. So how can I add the service feature on this version? I cannot find anything on the website.

How to enable contact list sharing in Windows Active directory integrated openfire chat implementation as it is only read only and is not allowing contact list sharing.

Thanks.

All:

I am in desperate need of getting an Openfire/Spark installation working with SSO.  Despite carefully trying to follow all of the various guides I could locate, I can't quite get it to go.  I was wondering if any one might be willing to help - I would pay you for your time.

I'm running Openfire 4.1.3 and Spark 2.8.3.  Everything works without SSO.  When I change the SASL.Mechs property to GSSAPI, I can no longer login in with or without SSO.  Error from the Spark log is "org.jivesoftware.smack.sasl.SASLErrorException: SASLError using GSSAPI: not-authorized".  I'm guessing it's something very simple with the keytab file, gss.conf file, or similar but this is really not my area of expertise and I need this working just as fast as humanly possible.

Please contact me if you would be willing to help - I would greatly appreciate it.

Cameron