Hi folks,
This question may be better suited for the Openfire forum, but I thought I would post it here as I don’‘t know where the culprit is. Here’‘s the situation; I’‘m running Openfire 3.3.1 on a Windows 2003 SP2 server. I have a mix of Spark 2.5.2 and 2.5.3 clients. Most of my clients reside on the corporate LAN and connect via the Openfire server’‘s private IP, with no problems whatsoever. I also have some telecommuters that run Spark clients on their home machines. These folks connect to our corporate PPTP VPN server, and once they are connected, they connect their Spark clients to the Openfire server’'s private IP just as the corporate LAN users do.
Here’‘s where it gets tricky. I have an old Windows 2000 Server, running RRAS, which has been acting as my VPN server for a few years now. When my telecommuters VPN in to this server, their Spark clients authenticate just fine and they can use Spark all day without problems. However, I’‘m in the process of replacing my old Windows 2000 servers with new Windows 2003 servers, which I’‘ve already done for Openfire. I’'ve setup RRAS on a new Windows 2003 SP2 server and have configured PPTP VPN as identical to the Windows 2000 config as possible. When I point my telecommuters to the new VPN server, they can authenticate with the VPN server just fine. They also can access any host on the network, including the server running Openfire, via ICMP, RDP, FTP, HTTP, SMB, etc. However, their Spark clients will no longer authenticate with the Openfire server. The Spark client will sit on the “authenticating” status for about 2 minutes, and then state, “Invalid username or password”.
Now I know that the Spark clients are finding the Openfire server, because if I point them to an invalid server IP, the client immediately states that it cannot find the server. I should note that in Openfire I have “Client Connection Security” set to custom with Old SSL method set to “not available” and TLS method set to “Optional”. I’‘ve checked everything that I can think of on my VPN server, and I do not have any input or output filters setup, as well as no firewall between it and the Openfire server. I’'ve also enabled debugging on the Spark client, to capture the authentication process, but it did not provide any useful info. My next step will be to use a network sniffer to capture a network trace of the authentication process, but I wanted to post this first in case someone had some suggestions.
Thanks much.
-Ryan