Every few days our openfire server will stop accepting new connections from Spark. If I restart the openfire server users can reconnect.
We’re running Centos 7 and the latest version of java/openfire
I can login through the admin console with my ldap username and password.
Can you log into the admin console at a time when users can not connect using spark? If so, ldap is working, so the issue is likely something else.
This may be the same issue I posted here 5 minutes ago. does your error.log have the same error:
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:224)
My issue seems the same, and I can login to the admin console while new connections cannot be made from IM clients, also existing connections are all cut.
yeah…thats not an ldap issue…sounds like openfire isn’t accepting connections. you can also try to see if you can connect to port 5222 by using telnet the next tiem it happens.
what version of openfire are you using?
Yes, I can still login to the admin console with my ldap username and password.
I’m using 3.10.2, it just happened and while I didn’t try and telnet to the port, I did netstat and had 158 connections at port 5222. Right now I’m running smoothly with 128 connections.
See my grep output below. 224
“org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection” error.log
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:275)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:224)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:246)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:224)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:275)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:224)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:246)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:224)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:275)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:224)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:246)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:224)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:275)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:224)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:246)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:224)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:275)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:224)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:246)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:224)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:275)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:224)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:246)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:224)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:275)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:224)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:246)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:224)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:275)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:224)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:246)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:224)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:275)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:224)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:246)
at org.jivesoftware.openfire.nio.NIOConnection.close(NIOConnection.java:224)
I would double check to see if all the jar in the openfire\lib folder have all the same date. if you did an upgrade, its possible something didn’t go well.
I will try to telnet the port next time, this happens daily since upgrading to 3.10.2 - our LDAP server is Server 2012 R2 using port 389.
Java Version:
1.7.0_76 Oracle Corporation – Java HotSpot™ Server VM
All files have the same date…
[root@ip-10-152-44-220 lib]# ls -l
total 17596
-rw-r–r--. 1 daemon daemon 255692 Jun 22 17:36 bcpg-jdk15on.jar
-rw-r–r--. 1 daemon daemon 605519 Jun 22 17:36 bcpkix-jdk15on.jar
-rw-r–r--. 1 daemon daemon 2842667 Jun 22 17:36 bcprov-jdk15on.jar
-rw-r–r--. 1 daemon daemon 112341 Jun 22 17:36 commons-el.jar
-rw-r–r--. 1 daemon daemon 641570 Jun 22 17:36 hsqldb.jar
-rw-r–r--. 1 daemon daemon 407502 Jun 22 17:36 jasper-compiler.jar
-rw-r–r--. 1 daemon daemon 77056 Jun 22 17:36 jasper-runtime.jar
-rw-r–r--. 1 daemon daemon 36611 Jun 22 17:36 javax.websocket-api.jar
-rw-r–r--. 1 daemon daemon 74639 Jun 22 17:36 jdic.jar
-rw-r–r--. 1 daemon daemon 188164 Jun 22 17:36 jetty-schemas.jar
-rw-r–r--. 1 daemon daemon 294726 Jun 22 17:36 jtds.jar
-rw-r–r--. 1 daemon daemon 2848 Jun 22 17:36 log4j.xml
-rw-r–r--. 1 daemon daemon 362975 Jun 22 17:36 mail.jar
-rw-r–r--. 1 daemon daemon 954041 Jun 22 17:36 mysql.jar
-rw-r–r--. 1 daemon daemon 87543 Jun 22 17:36 npn-boot.jar
-rw-r–r--. 1 daemon daemon 10222083 Jun 22 17:36 openfire.jar
-rw-r–r--. 1 daemon daemon 642809 Jun 22 17:36 postgres.jar
-rw-r–r--. 1 daemon daemon 95806 Jun 22 17:36 servlet-api.jar
-rw-r–r--. 1 daemon daemon 8870 Jun 22 17:36 slf4j-log4j12.jar
-rw-r–r--. 1 daemon daemon 71510 Jun 22 17:36 startup.jar
are you running any plugins? can you verify all the jars in openfire\lib have the same date?
I verified earlier in this post Re: Openfire not authorizing AD/LDAP users that my openfire/lib dir has all of the same dates.
My plugins is as follows:
Broadcast
Client Control
DB Access
Debugger Plugin
Load Statistic
Monitoring Service
Packet Filter
Search
So as expected, this morning I was unable login to the Spark client. It took me 4 attempts. I can login through the admin web console. Stats show there is currently 71 connected users. Roster is taking forever to populate. (5 minutes) ?
I can telnet into 5222
Trying 127.0.0.1 …
Connected to im.domain.net.
Escape character is ‘^]’.
can you telnet from a remote host, and not from the local machine?
I just masked the IP with localhost for internet reasons. The serve runs in our data center off site. I can change the ip to 123.123.123.123
We have same issue here. New clients (using Spark or other IM) could not connect. Sometimes, users already connected can chat normally, but if they logout they can’t login again. We need to restart openfire when this issue occurs. NOTE: We can login at administrative console with LDAP accounts and we can list “Users/Groups”.
Our setup:
#######
SO: Ubuntu 14.04 LTS
Openfire: 3.10.0
JVM: 1.7.0_79 Oracle Corporation – OpenJDK 64-Bit Server VM
Spark: 2.7.0.671
Database: MySQL 5.5.37
JDBC Driver: mysql-connector-java-5.1.30
LDAP with Active Directory:
Polling conection = yes
SSL = yes
Deference Aliases = yes
setup.ldap.server.enclose_dns = yes
Others LDAP options = no
#######
Capturing with Wireshark we see the image below (spark client trying to connect to server). NOTE: At server side we didn’t see openfire trying to connect with our AD.
We will upgrade openfire (3.10.2) today.
I had to do my daily reboot about 15 minutes ago. Its nice to know others are experiencing the same issue.
To confirm what @Thiago Cruz, once users are connected they can chat as there is no issue. Its if they disconnect and new connections can not connect / reconnect.
Hi, Just to give our feedback. We update our Openfire 3.10.0 to 3.10.2 on 12/08/2015. We had to change our LDAP configuration (from LDAPS to LDAP) because it didn’t work with 3.10.2. The error was:
@ stderror.log
** javax.naming.CommunicationException: simple bind failed: xx.our.domain.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building fa iled: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]**
Now, using LDAP, system is no longer with this issue. QUESTION: New version solved or it’s a problem with LDAPS ?
