24 Replies Latest reply on Jun 14, 2017 11:34 PM by Johnny

    Unable to logon clients with Openfire 4.1

    Guillaume

      I updated Openfire this morning from 4.0.4 to 4.1 on Windows 2008 R2 server with Active Directory.

      Since the upgrade, no user can logon anymore (using Spark or another client, whatever client version or OS we are using).

      We all got the error "Invalid username or password".

      With my credentials (i am an admin), i can log on Openfire admin interface and see all the user accounts from active directory.

       

      Restarting openfire service or the windows server didn't help.

       

      On Openfire side, i got these entries in the logs :

      * error.log

      java.sql.SQLSyntaxErrorException: object name already exists: OFMUCCONVLOG_MSG_ID in statement [ CREATE INDEX ofMucConvLog_msg_id ON ofMucConversationLog (messageID)]

      at org.hsqldb.jdbc.JDBCUtil.sqlException(Unknown Source)

      at org.hsqldb.jdbc.JDBCUtil.sqlException(Unknown Source)

      at org.hsqldb.jdbc.JDBCPreparedStatement.fetchResult(Unknown Source)

      at org.hsqldb.jdbc.JDBCPreparedStatement.execute(Unknown Source)

      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

      at java.lang.reflect.Method.invoke(Unknown Source)

      at org.logicalcobwebs.proxool.ProxyStatement.invoke(ProxyStatement.java:100)

      at org.logicalcobwebs.proxool.ProxyStatement.intercept(ProxyStatement.java:57)

      at $java.sql.PreparedStatement$$EnhancerByProxool$$d81d3b4d.execute(<generated>)

      at org.jivesoftware.database.SchemaManager.executeSQLScript(SchemaManager.java:380 )

      at org.jivesoftware.database.SchemaManager.checkSchema(SchemaManager.java:282)

      at org.jivesoftware.database.SchemaManager.checkOpenfireSchema(SchemaManager.java: 85)

      at org.jivesoftware.database.DbConnectionManager.setConnectionProvider(DbConnectio nManager.java:606)

      at org.jivesoftware.database.DbConnectionManager.ensureConnectionProvider(DbConnec tionManager.java:99)

      at org.jivesoftware.database.DbConnectionManager.getConnection(DbConnectionManager .java:121)

      at org.jivesoftware.util.JiveProperties.loadProperties(JiveProperties.java:357)

      at org.jivesoftware.util.JiveProperties.init(JiveProperties.java:88)

      at org.jivesoftware.util.JiveProperties.getInstance(JiveProperties.java:66)

      at org.jivesoftware.util.JiveGlobals.getProperty(JiveGlobals.java:548)

      at org.jivesoftware.util.cache.CacheFactory.<clinit>(CacheFactory.java:94)

      at org.jivesoftware.openfire.XMPPServer.initialize(XMPPServer.java:311)

      at org.jivesoftware.openfire.XMPPServer.start(XMPPServer.java:414)

      at org.jivesoftware.openfire.XMPPServer.<init>(XMPPServer.java:163)

      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

      at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)

      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)

      at java.lang.reflect.Constructor.newInstance(Unknown Source)

      at java.lang.Class.newInstance(Unknown Source)

      at org.jivesoftware.openfire.starter.ServerStarter.start(ServerStarter.java:105)

      at org.jivesoftware.openfire.starter.ServerStarter.main(ServerStarter.java:56)

      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

      at java.lang.reflect.Method.invoke(Unknown Source)

      at com.exe4j.runtime.LauncherEngine.launch(LauncherEngine.java:65)

      at com.exe4j.runtime.WinLauncher$2.run(WinLauncher.java:96)

      Caused by: org.hsqldb.HsqlException: object name already exists: OFMUCCONVLOG_MSG_ID

      at org.hsqldb.error.Error.error(Unknown Source)

      at org.hsqldb.error.Error.error(Unknown Source)

      at org.hsqldb.SchemaObjectSet.checkAdd(Unknown Source)

      at org.hsqldb.SchemaManager.checkSchemaObjectNotExists(Unknown Source)

      at org.hsqldb.StatementSchema.setOrCheckObjectName(Unknown Source)

      at org.hsqldb.StatementSchema.getResult(Unknown Source)

      at org.hsqldb.StatementSchema.execute(Unknown Source)

      at org.hsqldb.Session.executeCompiledStatement(Unknown Source)

      at org.hsqldb.Session.execute(Unknown Source)

      ... 36 more

       

       

       

       

      * warning.log

      at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)

      at sun.nio.ch.IOUtil.read(Unknown Source)

      at sun.nio.ch.SocketChannelImpl.read(Unknown Source)

      at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:273)

      at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:44)

      at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoP rocessor.java:690)

      at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPolling IoProcessor.java:664)

      at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPolling IoProcessor.java:653)

      at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPoll ingIoProcessor.java:67)

      at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1124)

      at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

      at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

      at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

      at java.lang.Thread.run(Unknown Source)

      2016.12.28 10:08:35 org.jivesoftware.openfire.nio.ConnectionHandler - Closing connection due to exception in session: (0x0000000A: nio socket, server, /90.65.144.68:51987 => 0.0.0.0/0.0.0.0:5222)

      java.io.IOException: Une connexion existante a dû être fermée par l'hôte distant

      at sun.nio.ch.SocketDispatcher.read0(Native Method)

      at sun.nio.ch.SocketDispatcher.read(Unknown Source)

      at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)

      at sun.nio.ch.IOUtil.read(Unknown Source)

      at sun.nio.ch.SocketChannelImpl.read(Unknown Source)

      at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:273)

      at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:44)

      at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoP rocessor.java:690)

      at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPolling IoProcessor.java:664)

      at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPolling IoProcessor.java:653)

      at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPoll ingIoProcessor.java:67)

      at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1124)

      at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

      at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

      at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

      at java.lang.Thread.run(Unknown Source)

      2016.12.28 10:08:35 org.jivesoftware.openfire.nio.ConnectionHandler - Closing connection due to exception in session: (0x00000010: nio socket, server, /90.65.144.68:52024 => 0.0.0.0/0.0.0.0:5222)

      java.io.IOException: Une connexion existante a dû être fermée par l'hôte distant

      at sun.nio.ch.SocketDispatcher.read0(Native Method)

      at sun.nio.ch.SocketDispatcher.read(Unknown Source)

      at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)

      at sun.nio.ch.IOUtil.read(Unknown Source)

      at sun.nio.ch.SocketChannelImpl.read(Unknown Source)

      at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:273)

      at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:44)

      at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoP rocessor.java:690)

      at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPolling IoProcessor.java:664)

      at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPolling IoProcessor.java:653)

      at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPoll ingIoProcessor.java:67)

      at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1124)

      at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

      at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

      at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

      at java.lang.Thread.run(Unknown Source)

       

       

       

       

      * debug.log

      Queue : [MESSAGE_RECEIVED, ]

       

      2016.12.28 10:13:03 org.apache.mina.filter.codec.ProtocolCodecFilter - Processing a MESSAGE_RECEIVED for session 2

      2016.12.28 10:13:03 org.apache.mina.filter.ssl.SslFilter - Session Server[2](SSL): Writing Message : WriteRequest: HeapBuffer[pos=0 lim=198 cap=4096: 3C 69 71 20 74 79 70 65 3D 22 65 72 72 6F 72 22...]

      2016.12.28 10:13:03 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_SENT to session 2

      Queue : [MESSAGE_SENT, ]

       

      2016.12.28 10:13:33 org.apache.mina.filter.ssl.SslFilter - Session Server[2](SSL): Message received : HeapBuffer[pos=0 lim=133 cap=256: 17 03 03 00 80 85 12 E8 04 2C 0D 4C BD CC B4 82...]

      2016.12.28 10:13:33 org.apache.mina.filter.ssl.SslHandler - Session Server[2](SSL) Processing the received message

      2016.12.28 10:13:33 org.apache.mina.filter.ssl.SslFilter - Session Server[2](SSL): Processing the SSL Data

      2016.12.28 10:13:33 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_RECEIVED to session 2

      Queue : [MESSAGE_RECEIVED, ]

       

      2016.12.28 10:13:33 org.apache.mina.filter.codec.ProtocolCodecFilter - Processing a MESSAGE_RECEIVED for session 2

      2016.12.28 10:13:33 org.apache.mina.filter.ssl.SslFilter - Session Server[2](SSL): Writing Message : WriteRequest: HeapBuffer[pos=0 lim=198 cap=4096: 3C 69 71 20 74 79 70 65 3D 22 65 72 72 6F 72 22...]

      2016.12.28 10:13:33 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_SENT to session 2

      Queue : [MESSAGE_SENT, ]

       

      2016.12.28 10:13:57 org.jivesoftware.openfire.reporting.stats.StatsEngine - Stat: sessions. Last sample: 1482916320. New sample: 1482916380

      2016.12.28 10:13:57 org.jivesoftware.openfire.reporting.stats.StatsEngine - Stat: server_bytes. Last sample: 1482916320. New sample: 1482916380

      2016.12.28 10:13:57 org.jivesoftware.openfire.reporting.stats.StatsEngine - Stat: muc_occupants. Last sample: 1482916320. New sample: 1482916380

      2016.12.28 10:13:57 org.jivesoftware.openfire.reporting.stats.StatsEngine - Stat: proxyTransferRate. Last sample: 1482916320. New sample: 1482916380

      2016.12.28 10:13:57 org.jivesoftware.openfire.reporting.stats.StatsEngine - Stat: conversations. Last sample: 1482916320. New sample: 1482916380

      2016.12.28 10:13:57 org.jivesoftware.openfire.reporting.stats.StatsEngine - Stat: muc_traffic. Last sample: 1482916320. New sample: 1482916380

      2016.12.28 10:13:57 org.jivesoftware.openfire.reporting.stats.StatsEngine - Stat: packet_count. Last sample: 1482916320. New sample: 1482916380

      2016.12.28 10:13:57 org.jivesoftware.openfire.reporting.stats.StatsEngine - Stat: muc_rooms. Last sample: 1482916320. New sample: 1482916380

      2016.12.28 10:13:57 org.jivesoftware.openfire.reporting.stats.StatsEngine - Stat: server_sessions. Last sample: 1482916320. New sample: 1482916380

      2016.12.28 10:13:57 org.jivesoftware.openfire.reporting.stats.StatsEngine - Stat: muc_users. Last sample: 1482916320. New sample: 1482916380

      2016.12.28 10:14:03 org.apache.mina.filter.ssl.SslFilter - Session Server[2](SSL): Message received : HeapBuffer[pos=0 lim=133 cap=256: 17 03 03 00 80 29 98 6F 1B 92 30 3A B5 C1 42 51...]

      2016.12.28 10:14:03 org.apache.mina.filter.ssl.SslHandler - Session Server[2](SSL) Processing the received message

      2016.12.28 10:14:03 org.apache.mina.filter.ssl.SslFilter - Session Server[2](SSL): Processing the SSL Data

      2016.12.28 10:14:03 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_RECEIVED to session 2

      Queue : [MESSAGE_RECEIVED, ]

       

      2016.12.28 10:14:03 org.apache.mina.filter.codec.ProtocolCodecFilter - Processing a MESSAGE_RECEIVED for session 2

      2016.12.28 10:14:03 org.apache.mina.filter.ssl.SslFilter - Session Server[2](SSL): Writing Message : WriteRequest: HeapBuffer[pos=0 lim=198 cap=4096: 3C 69 71 20 74 79 70 65 3D 22 65 72 72 6F 72 22...]

      2016.12.28 10:14:03 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_SENT to session 2

      Queue : [MESSAGE_SENT, ]

       

      2016.12.28 10:14:33 org.apache.mina.filter.ssl.SslFilter - Session Server[2](SSL): Message received : HeapBuffer[pos=0 lim=133 cap=256: 17 03 03 00 80 5F 08 D4 D1 F3 29 BF 43 00 69 EC...]

      2016.12.28 10:14:33 org.apache.mina.filter.ssl.SslHandler - Session Server[2](SSL) Processing the received message

      2016.12.28 10:14:33 org.apache.mina.filter.ssl.SslFilter - Session Server[2](SSL): Processing the SSL Data

      2016.12.28 10:14:33 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_RECEIVED to session 2

      Queue : [MESSAGE_RECEIVED, ]

       

      2016.12.28 10:14:33 org.apache.mina.filter.codec.ProtocolCodecFilter - Processing a MESSAGE_RECEIVED for session 2

      2016.12.28 10:14:33 org.apache.mina.filter.ssl.SslFilter - Session Server[2](SSL): Writing Message : WriteRequest: HeapBuffer[pos=0 lim=198 cap=4096: 3C 69 71 20 74 79 70 65 3D 22 65 72 72 6F 72 22...]

      2016.12.28 10:14:33 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_SENT to session 2

      Queue : [MESSAGE_SENT, ]

       

      And on my Spark 2.8.2 debug window :

      * Raw sent packets

      <stream:stream xmlns='jabber:client' to='lan.domain.com' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' from='myuser@lan.domain.com' xml:lang='en'>

      <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'></starttls>

      <stream:stream xmlns='jabber:client' to='lan.domain.com' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' from='myuser@lan.domain.com' xml:lang='en'>

      <iq to='lan.domain.com' id='385-14' type='result'></iq>

      <iq to='lan.domain.com' id='399-16' type='result'></iq>

       

       

       

       

      * Raw received packets

      <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="lan.domain.com" id="6ef5185w5b" xml:lang="en" version="1.0">

      <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>GSSAPI</mechanism></mechani sms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression></stream:features>

      <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>

      <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="lan.domain.com" id="6ef5185w5b" xml:lang="en" version="1.0"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>GSSAPI</mechanism></mechani sms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression></stream:features>

      <iq type="get" id="385-14" from="lan.domain.com" to="lan.domain.com/6ef5185w5b"><ping xmlns="urn:xmpp:ping"/></iq>

      <iq type="get" id="399-16" from="lan.domain.com" to="lan.domain.com/6ef5185w5b"><ping xmlns="urn:xmpp:ping"/></iq>

      Any idea ?

        • Re: Unable to logon clients with Openfire 4.1
          Guillaume

          I restored a backup from Openfire 4.0.4, everything works fine.

          • Re: Unable to logon clients with Openfire 4.1
            dhaycurrie

            Spark 2.8.2 has disabled to accept all certificates, so if you don't have a 3rd party certificate you have to go to advance and put a check mark

            [SPARK-1789] Change Accept all certificates option to disabled by default - IgniteRealtime JIRA

            It might not be your issue, but it was mine. It took me a little bit until I thought to check the change log

            • Re: Unable to logon clients with Openfire 4.1
              Guillaume

              I tried with Openfire 4.1.1 and the issue still occurs.

               

              2017.01.02 15:58:11 org.jivesoftware.openfire.spi.LegacyConnectionAcceptor - Configuration allows for up to 16 threads, although implementation is limited to exactly one.
              2017.01.02 15:58:11 org.jivesoftware.util.cert.SANCertificateIdentityMapping - Unable to parse a byte array (of length 33) as a subjectAltName 'otherName'. It is ignored.
              java.lang.ClassCastException: org.bouncycastle.asn1.DERTaggedObject cannot be cast to org.bouncycastle.asn1.ASN1String
                  at org.jivesoftware.util.cert.SANCertificateIdentityMapping.parseOtherNameXmppAddr(SANCertificateIdentityMapping.java:213)
                  at org.jivesoftware.util.cert.SANCertificateIdentityMapping.parseOtherName(SANCertificateIdentityMapping.java:160)
                  at org.jivesoftware.util.cert.SANCertificateIdentityMapping.mapIdentity(SANCertificateIdentityMapping.java:75)
                  at org.jivesoftware.util.CertificateManager.getServerIdentities(CertificateManager.java:325)
                  at org.jivesoftware.openfire.keystore.IdentityStore.containsDomainCertificate(IdentityStore.java:364)
                  at org.jivesoftware.openfire.http.HttpBindManager.createSSLConnector(HttpBindManager.java:242)
                  at org.jivesoftware.openfire.http.HttpBindManager.configureHttpBindServer(HttpBindManager.java:513)
                  at org.jivesoftware.openfire.http.HttpBindManager.start(HttpBindManager.java:188)
                  at org.jivesoftware.openfire.spi.ConnectionManagerImpl.startListeners(ConnectionManagerImpl.java:315)
                  at org.jivesoftware.openfire.spi.ConnectionManagerImpl.access$100(ConnectionManagerImpl.java:51)
                  at org.jivesoftware.openfire.spi.ConnectionManagerImpl$1.pluginsMonitored(ConnectionManagerImpl.java:292)
                  at org.jivesoftware.openfire.container.PluginManager.firePluginsMonitored(PluginManager.java:1042)
                  at org.jivesoftware.openfire.container.PluginMonitor$MonitorTask.run(PluginMonitor.java:323)
                  at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
                  at java.util.concurrent.FutureTask.runAndReset(Unknown Source)
                  at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(Unknown Source)
                  at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
                  at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
                  at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
                  at java.lang.Thread.run(Unknown Source)
              2017.01.02 15:58:51 org.jivesoftware.util.cert.SANCertificateIdentityMapping - Unable to parse a byte array (of length 33) as a subjectAltName 'otherName'. It is ignored.
              java.lang.ClassCastException: org.bouncycastle.asn1.DERTaggedObject cannot be cast to org.bouncycastle.asn1.ASN1String
                  at org.jivesoftware.util.cert.SANCertificateIdentityMapping.parseOtherNameXmppAddr(SANCertificateIdentityMapping.java:213)
                  at org.jivesoftware.util.cert.SANCertificateIdentityMapping.parseOtherName(SANCertificateIdentityMapping.java:160)
                  at org.jivesoftware.util.cert.SANCertificateIdentityMapping.mapIdentity(SANCertificateIdentityMapping.java:75)
                  at org.jivesoftware.util.CertificateManager.getServerIdentities(CertificateManager.java:325)
                  at org.jivesoftware.openfire.keystore.IdentityStore.containsDomainCertificate(IdentityStore.java:364)
                  at org.jivesoftware.openfire.admin.index_jsp._jspService(index_jsp.java:226)
                  at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
                  at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
                  at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
                  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
                  at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
                  at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
                  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
                  at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:76)
                  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
                  at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:53)
                  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
                  at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:226)
                  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
                  at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:165)
                  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
                  at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
                  at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
                  at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
                  at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
                  at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
                  at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
                  at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
                  at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
                  at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
                  at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
                  at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
                  at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
                  at org.eclipse.jetty.server.Server.handle(Server.java:499)
                  at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
                  at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
                  at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
                  at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
                  at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
                  at java.lang.Thread.run(Unknown Source)
              
                • Re: Unable to logon clients with Openfire 4.1
                  Guus der Kinderen

                  Guillaume - I believe that this last stacktrace is happening, because you're using TLS certificates that are self-signed, generated by Openfire in a version prior to 4.1.0. Those certificates had a problem, which is tracked as [OF-1245] Openfire fails to parse the subject alternate name of certs it generated itself. - IgniteRealtime JIRA

                   

                  If you re-generate your self-signed certiicates, you should see that stacktrace disappear. The impact of the stacktrace itself is minimal, though.

                  1 of 1 people found this helpful
                    • Re: Unable to logon clients with Openfire 4.1
                      Guillaume

                      Yes, but since none of my users can login their Spark client starting from Openfire 4.1, i can't upgrade it and re-generate the certificate

                        • Re: Unable to logon clients with Openfire 4.1
                          Guus der Kinderen

                          Regenerating certificates is done in the Openfire admin console - you do not need a working Spark for that. That being said, regenerating those certificates will not fix the problem of Spark not being able to log in.

                           

                          Your Openfire appears to advertise the GSSAPI SASL mechanism as the only supported mechanism. This mechanism is used for Kerberos-backed Single-Sign On, which is probably what you want, but what's failing. By configuring Openfire in such a way that it will _only_ accept the GSSAPI SASL mechanism, none of the other authentication mechanisms will be tried at all.

                           

                          Most likely, the sasl.mechs property has been set to "GSSAPI" I advise you to add other mechanisms (the value is a comma-separated list). The default set of mechanisms is:

                          "ANONYMOUS,PLAIN,DIGEST-MD5,CRAM-MD5,SCRAM-SHA-1,JIVE-SHAREDSECRET,GSSAPI,EXTERN AL"

                           

                          You probably want to add GSSAPI to that list, or remove the entire property to have the default setting kick in (but that won't get you the GSSAPI mechanism).

                           

                          This all will not fix your single-sign on problem, but it should allow clients to authenticate again.

                            • Re: Unable to logon clients with Openfire 4.1
                              Guillaume

                              sasl.mechs was indeed set to GSSAPI and is now set to GSSAPI,PLAIN,DIGEST-MD5,CRAM-MD5,SCRAM-SHA-1,JIVE-SHAREDSECRET,GSSAPI,EXTERNAL.

                              I do not use SSO but only ldap for users identification.

                               

                              Openfire and certificates have been updated.

                              And i still can't connect any ldap users (wrong user or password).

                               

                               

                               

                                • Re: Unable to logon clients with Openfire 4.1
                                  Guus der Kinderen

                                  Can you once more provide the data that the Spark debug log gives you, now that you've applied these changes?

                                    • Re: Unable to logon clients with Openfire 4.1
                                      Guillaume

                                      I rolled back, but i will try again tomorrow.

                                      • Re: Unable to logon clients with Openfire 4.1
                                        Guillaume

                                        Openfire 4.1.1 with Spark 2.7.7 and Active Directory on 2008 R2

                                         

                                        Domain : lan.domain.tld

                                        User : myuser

                                         

                                        Raw sent packets

                                        <stream:stream to="lan.mydomain.tld" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0">
                                        <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
                                        <stream:stream to="lan.mydomain.tld" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0">
                                        <iq id="kODYJ-0" type="get"><query xmlns="jabber:iq:auth"><username>myuser</username></query></iq>
                                        </stream:stream>
                                        

                                         

                                         

                                        Raw received packets

                                        <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="lan.mydomain.tld" id="50p39vu849" xml:lang="en" version="1.0">
                                        <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>GSSAPI</mechanism><mechanism>EXTERNAL</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression></stream:features>
                                        <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
                                        <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="lan.mydomain.tld" id="50p39vu849" xml:lang="en" version="1.0"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>GSSAPI</mechanism><mechanism>EXTERNAL</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression></stream:features>
                                        <stream:error><system-shutdown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error>
                                        <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="lan.mydomain.tld" id="4a1rzpbnv9" xml:lang="en" version="1.0">
                                        <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>GSSAPI</mechanism><mechanism>EXTERNAL</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/></stream:features>
                                        <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
                                        <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="lan.mydomain.tld" id="4a1rzpbnv9" xml:lang="en" version="1.0"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>GSSAPI</mechanism><mechanism>EXTERNAL</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/></stream:features>
                                        

                                         

                                        I got the error invalid username or password.

                                         

                                        * all.log

                                        all.log - Pastebin.com

                                         

                                        * debug.log.

                                        debug.log - Pastebin.com

                                         

                                        New certificates have been generated at 09:42:31.

                            • Re: Unable to logon clients with Openfire 4.1
                              Guus der Kinderen

                              You now appear to be using non-SASL authentication, for which support has been removed from the default installation. It is still available via a new plugin though. Try adding the 'nonSaslAuthentication' plugin, and see what that does for you.

                              1 of 1 people found this helpful
                              • Re: Unable to logon clients with Openfire 4.1
                                Lee Zimbelman

                                Getting ready to update to 4.1.1 in my environment. Our Openfire is deployed on an Ubuntu server with LDAP authentication against Windows Server 2012 R2 active directory. We currently use Spark 2.7.7 (2.8.x exhibits avatar refresh issue so thats we are still on 2.7.7) and my certificate is signed with our internal CA.

                                 

                                I was wondering given the info above will I run into the same issue as OP? I could restore from backup if it fails but would rather wait until issues have been resolved.

                                 

                                Thanks.

                                  • Re: Unable to logon clients with Openfire 4.1
                                    Lee Zimbelman

                                    It seems similar to mine but I'm on 2.8.2 and still exhibit the same issue. Title and telephone extension will not display when hovering over the user in Spark. If I manually refresh the user's properties it populates and seems to stick going forward. In 2.7.7 it automatically gets all the user's property info without me having to manually refresh each one.

                                  • Re: Unable to logon clients with Openfire 4.1
                                    Johnny

                                    Hi,

                                     

                                    Probably not of much help because you upgraded your chat client. I tried setting sasl.mechs to PLAIN only and managed to get the old client working.

                                     

                                    Somehow setting sasl.mechs to ANONYMOUS,PLAIN,DIGEST-MD5 .... doesn't work.

                                     

                                    Regards,