I am recently working on Openfire client. I've got this strange issue that I couldn't figure out so far (i've got some clues, but still no solid solution).
We've got 2 openfire servers:
first that we were using for testing it was hosted on normal pc conected to the internet through adsl, server was behind NAT, everything configured smoothly, working perfect. Our client was connecting without any issues.
second (let's call it production) professional dedicated server located somewhere in germany with OF instaled, same OS as on the testing one, OF set up in exactly the same way
Now when connecting to production from our client we experianced following issue when trying to authenticate:
javax.net.ssl.SSLException: Received fatal alert: internal_error
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:806)
at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:267)
at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:43)
at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
java.lang.IllegalStateException: Not connected to server.
at org.jivesoftware.smack.XMPPConnection.sendPacket(XMPPConnection.java:445)
at org.jivesoftware.smack.NonSASLAuthentication.authenticate(NonSASLAuthentication.java:69)
at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:352)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:203)
at Main.connectToJabber(Main.java:31)
at Main.main(Main.java:16)
Exception in thread "main" java.lang.IllegalStateException: Not connected to server.
at org.jivesoftware.smack.XMPPConnection.sendPacket(XMPPConnection.java:445)
at org.jivesoftware.smack.NonSASLAuthentication.authenticate(NonSASLAuthentication.java:69)
at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:362)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:203)
at Main.connectToJabber(Main.java:31)
at Main.main(Main.java:16)
Now the funniest part: when I connect to the production server using our client from my flat i don't see that error, when we are connecting to the production from other developer flat we've got this error, we've got different internet providers (i don't know if that may have something to do with that).
We've spent all night looking at it and so far no clue.
We wrote basic code just to check the connection:
public static void connect() {
ConnectionConfiguration cc = new ConnectionConfiguration("prod ip",
5222);
cc.setCompressionEnabled(true);
cc.setSASLAuthenticationEnabled(true);
Connection connection = new XMPPConnection(cc);
try {
connection.connect();
connection.login(login, pass, "resource");
System.out.println(connection.isSecureConnection() + " " + connection.isUsingCompression());
} catch (XMPPException e1) {
e1.getStackTrace();
}
}
Some observations:
When line connection.login(...) commented, there is no error, so whatever is causing the error is there
When connecting the testing server System.out... writes true false,
When connecting the production server System.out... writes false false
Tried with all combinations of: cc.setCompressionEnabled() cc.setSASLAuthenticationEnabled(); (true, true, false true, true false, false false)
despite the error, user is logged in
To sum up:
Connection with testing environment works always, with production: from my location - no problem, other location - mentioned error,
we use SMACK API 3.2.1
One of the ideas was that it has to do something with the certificates.
Any hints or ideas highly appriciated
Bad bad solution! because u don't know connection speed and also u stop your app from continuing to login if connection established at early moments.
A solution that I can offer for now is to addConnectionListener and call login() in 'reconnectionSuccessful()' function, and I hope this function will call for the first time not just after connection dropped and connected again! if not, It shows the bad architecture of smack library.
Maybe a sleep(x) between the connect() and the login() call could fix this. A few seconds for the sleep() should be enough.
Source
I also use a sleep after connect() also... it's not ideal sure, but it's a reliable workaround.
Related
I’ve been receiving the following error:
com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:be8d9e1d-fff7-4310-ae77-03394c83f86b".
(More of the error at bottom of post)
When trying to connect to a MSSQL database.
I’m using the following connection string:
jdbc:sqlserver://192.168.100.190:1433;databaseName=myDatabase;user=validUser;password=validPassword;encrypt=false;trustServerCertificate=false;sslProtocol=TLSv1;
I’ve tried variations of the connection string, essentially changing and omitting:
encrypt=false;trustServerCertificate=false;sslProtocol=TLSv1;
I’ve tried different versions of the driver from:
https://learn.microsoft.com/en-us/sql/connect/jdbc/download-microsoft-jdbc-driver-for-sql-server?view=sql-server-2017
all with the same results.
It is important to note that on some PC’s the application connects
and works as expected but I have so far found no real differences
between the PC’s or user accounts, no pattern really.
I’ve tried different versions of the JDK and different JRE’s, all
give the same results.
UPDATE: I have since found JRE 1.8.0_152 works in all my test cases
I’ve tried looking at logs on the servers and there are no entries in
the SQL logs.
If I try a connection string with the wrong credentials, the error is
exactly the same.
I’ve setup a test server and database, this works fine, as does one I
setup in a Virtual Machine.
I can connect to said database using Navicat for example and have
another application, writing in Visual Basic.Net that connects fine,
so it would see that it is just something with this driver or java,
but as I say, it does work on some PC’s and not others and of course
works as expected in my test environment.
Any thoughts or suggestions would be greatly appreciated.
I’ve not provided any code, as I can replicate the exact same results using the example code provided here:
https://learn.microsoft.com/en-us/sql/connect/jdbc/step-3-proof-of-concept-connecting-to-sql-using-java?view=sql-server-2017
More detail on error:
com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:be8d9e1d-fff7-4310-ae77-03394c83f86b".
at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:2670)
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1837)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:2257)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:1921)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:1762)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:1077)
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:623)
at java.sql.DriverManager.getConnection(Unknown Source)
at java.sql.DriverManager.getConnection(Unknown Source)
at database.DataBase.openConnection(DataBase.java:122)
at jambuddylite.jblCoord.readSimex(jblCoord.java:387)
at jambuddylite.jblCoord$2.run(jblCoord.java:314)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:be8d9e1d-fff7-4310-ae77-03394c83f86b
at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.ensureSSLPayload(IOBuffer.java:780)
at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.readInternal(IOBuffer.java:836)
at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.read(IOBuffer.java:827)
at com.microsoft.sqlserver.jdbc.TDSChannel$ProxyInputStream.readInternal(IOBuffer.java:1009)
at com.microsoft.sqlserver.jdbc.TDSChannel$ProxyInputStream.read(IOBuffer.java:997)
at sun.security.ssl.InputRecord.readFully(Unknown Source)
at sun.security.ssl.InputRecord.read(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1767)
... 11 more
check the port is open or not using on cmd or terminal
telnet 192.168.100.190 1433
and check the database name and credentials
and firewall there is some thing in firewall i think
and take a look here may help you
The company I work for creates software that crawls and indexes various sources for use in search, in this case we're completely stuck on attempting to connect to Lotus Notes over SSL. This is a classic case of "it worked in dev, but failed in prod".
The problem is further compounded by the fact that we're devs and techies, not Lotus Notes experts.
Basically we have a piece of Java software that connects to Lotus to grab the DIIOP IOR text file using this command:
String ior = NotesFactory.getIOR(host, userIOR, pwdIOR);
Now, this is a non-SSL connection and requires username and password to connect. This works perfectly every time.
Then we attempt to create a session using this:
session = NotesFactory.createSessionWithIOR(ior, args, this.user, this.pwd);
where:
args[0] = "-ORBEnableSSLSecurity";
When connecting we consistently receive this stack trace:
NotesException: Session closed due to communications failure
at lotus.domino.cso.ORBCallback.make_error(Unknown Source)
at lotus.priv.CORBA.iiop.Generic.make_error(Unknown Source)
at lotus.priv.CORBA.portable.ObjectImpl._invoke(Unknown Source)
at lotus.domino.corba._IObjectServerStub.createSession(Unknown Source)
at lotus.domino.cso.Session.initSession(Unknown Source)
at lotus.domino.cso.Session.<init>(Unknown Source)
at lotus.domino.cso.Session.createSession(Unknown Source)
at lotus.domino.NotesFactory.createSessionUP(Unknown Source)
at lotus.domino.NotesFactory.createSessionWithIOR(Unknown Source)
[ ... ]
Caused by: org.omg.CORBA.COMM_FAILURE: java.net.SocketException: Connection reset: Connection closed: Host: <redacted> Port: 63149 vmcid: 0x0 minor code: 1 completed: Maybe
at lotus.priv.CORBA.iiop.IIOPConnection.purge_calls(Unknown Source)
at lotus.priv.CORBA.iiop.ReaderThread.run(Unknown Source)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:154)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at lotus.priv.CORBA.iiop.Message.readFully(Unknown Source)
at lotus.priv.CORBA.iiop.Message.createFromStream(Unknown Source)
at lotus.priv.CORBA.iiop.IIOPInputStream.prefill(Unknown Source)
at lotus.priv.CORBA.iiop.IIOPConnection.createInputStream(Unknown Source)
... 1 more
I understand the most common reason for this is because we're not correctly importing the TrustedCerts.class file, however after double and triple checking it's in the class path just fine (and the fact it works in dev environment) we're confident that it's being loaded in.
We know if we disable SSL (aka remove the aforementioned arg) our code will connect to the non-SSL DIIOP port 63148 and work just fine however it is a project requirement that all data must be passed through SSL.
Which finally brings me to my actual question: How do we get Lotus to report why this connection is failing?
I've tried upping the DIIOP log level to 4 which apparently should show all transmissions but the logs show nothing when I attempt to connect. Also it's worth noting the DIIOP service is definitely running and on the correct ports as well.
I've also checked that we're making it through the firewall to the remote box and TCPDUMP on our RedHat machine clearly shows that we establish a connection with the remote Lotus Notes host before it responds closing the connection.
[Pertinent Information]
Application: Java
Library: NCSO.jar
Lotus Version: Domino 8.5.3 FP6
Lotus Server: Windows Server 2008 Standard
Ports: 63148 (non-SSL), and 63149 (SSL)
Alright, the answer was clear as crystal but not something I was actively looking for.
The reason this doesn't work is that the third party certificate is not a SHA-1 certificate and Lotus Notes 8.5.x only supports SHA-1 (as per this documentation).
So basically that certificate of theirs can never be used for SSL authentication programatically or otherwise.
You mentioned DIIOP logging, but if the connection is failing in the SSL handshake, then the guts of the diiop task probably don't know what's wrong since that's occurring at a lower level in the stack. There are, however, additional debug variables that can be set on the server.
DEBUG_SSL_HANDSHAKE=1
DEBUG_SSL_CIPHERS=1
DEBUG_SSL_ALL=1
The last setting can be pushed up to 2 or 3 for more detailed information.
Restart of the server (or possibly of the server's diiop task) may be required to get the settings to take effect.
A client application has been built using Jdeveloper 10.1.3.2 and it is running on OC4J server. This application is sending data to external server application. It is working for quite long time without any issue. Lately a connection issue occurred and the following stack trace is generated:
com.sun.xml.ws.client.ClientTransportException: HTTP transport error: java.net.SocketException: Connection reset
at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:133)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:153)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:93)
at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:105)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
at com.sun.xml.ws.client.Stub.process(Stub.java:319)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
at $Proxy44.sendRem(Unknown Source)
After goggling I found out a good discussion about the error sockets - What's causing my java.net.SocketException: Connection reset? .One answer in this link says that the issue mostly from the client side because if it is from the server side the exception will be (SocketException reset by peer).
What I did:
I tried out to increase the socket time out for the OC4J with the help of this form How to change OC4J HTTP Timeout. What I did is I changed the propriety oracle.j2ee.http.socket.timeout to be 5000 instead of 500 (10 times longer)
But the error still there. So, any suggestion to over come this issue?
Note: I able to use telnet command for external server IP and Port and it is working fine.
-------------------------------------------------------- Update 1 --------------------------------------------------------
I increase the server clock skew where the client application is running using the following command on server start up:
-Dweblogic.wsee.security.clock.skew=72000000
-Dweblogic.wsee.security.delay.max=72000000
But no luck, problem is not resolved.
-------------------------------------------------------- Update 2 --------------------------------------------------------
I realized that the problem is not from application at all; I test the external URL using SoapUI and I got the same error Connection rest. I think this new update clreay shows that there is nothing wrong with program code. But I need to know where to go or check now. Where is the starting point now to overcome the issue. Any clue will be helpful.
As you can see from Update 2 in the question, the problem was not from the client application because same error occurred from SoapUI.
The problem was that the machine where the client application was running have low bandwidth which was not enough for APIs communication. Using simple speed test , I found out that the upload bandwidth was low comparing to minimum requirements given by server application team.
I concluded this fact by monitoring the network resource using Resource Monitor in Windows while the client application was running and by using online speed check
To solve the issue, the machine bandwidth has to be increased where the client application is running.
After significant searching and trial and error, I still can not determine if a Security Manager is necessary and if so, how to make it work.
Code to start server:
Registry registry;
try {
System.setProperty("java.security.policyfile", "\\\\...\\security.policy");
if (System.getSecurityManager() == null) {
RMISecurityManager securityManager = new RMISecurityManager();
System.setSecurityManager(securityManager);
}
registry = LocateRegistry.createRegistry(port);
registry.bind(serviceName, remote);
System.out.println("RMI registry created.");
} catch (RemoteException e) {
//error means registry already exists
System.out.println("RMI registry already exists.");
}
System.setProperty("java.rmi.server.hostname", hostURL);
Naming.rebind(hostURL, remote);
Error Message on Server:
D:\>java -jar Server.jar
RMI server starting up
RMI registry created.
Exception in thread "main" ...Exception: Unable to start the Remote Server Server[UnicastServerRef [liveRef: [...]]
at ServiceProvider.start(ServiceProvider.java:64)
at Server.main(Server.java:76)
Caused by: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "java.rmi.server.hostname" "write")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.System.setProperty(Unknown Source)
at ServiceProvider.start(ServiceProvider.java:61)
... 1 more
Policy file:
grant {
permission java.security.AllPermission;
};
Thank you to anyone who can help.
I'll admit I'm not even sure I need the Security Manager, but when I didn't use it, I got the below. At least here the server started and I was able to connect to it from the client (the IP address provided was not used to get the connection, this was figured out internally). However, I get the below error message when I try to use one of the methods from the server, even just "printTime", which is supposed to just display the time on the server side.
Exception in thread "main" java.rmi.ConnectException: Connection refused to host: ...IP...; nested exception is:
java.net.ConnectException: Connection timed out: connect
Thanks again.
Edit:
OK, I have removed the security manager, because all classes needed are inside my interface which is included in both my client and my server projects.
#EJP, you are clearly extremely knowledgeable when it comes tom Java and RMI. I value your comments.
I continue to get the Connection timed out error. I realize this is common, but I have tried everything I can think of.
I added the property: java.rmi.server.codebase with all of the jar files in my lib folder.
A friend indicated to me that my problem is I have included POJOs (Plain Old Java Objects) which are too complicated for RMI to transmit. But all of my POJOs are serializable. Also, I was able to run the server on my localhost and access it using a client app without issue. This tells me that RMI can do the work I'm asking.
I don't get this Connection error until I run the server on a remote machine and then start my client. My client is able to connect, but then gets hung up at the printTime method.
Code to run client:
final Registry registry = LocateRegistry.getRegistry(hostURL, port);
final HXTTDBFInterface serverIX = (HXTTDBFInterface) registry.lookup(serviceName);
//Start with simple Server Connection Test
serverIX.printTime(); //CONNECTION TIMED OUT ERROR HERE
String time = serverIX.getTime();
System.out.println("Time From Server: " + time);
If anyone has any suggestions for things to try, I am all ears.
Thanks in advance.
Further Clarification:
I used the command netstat -a and it showed:
LocalAddress ForeignAddress State
0.0.0.0:1099 SERVERNAME:0 LISTENING
[::]:1099 SERVERNAME:0 LISTENING
XX.XX.XX.XX:53373 SERVERNAME:1099 ESTABLISHED
(Among many other lines)
Does this mean that it's actually listening?
You only need to install a security manager for RMI if the peer is using the codebase facility to supply classes to you dynamically. Otherwise it is strictly up to you whether you use one or not. I would avoid it unless you know it's required.
I have a Java app, which works with Apple Push Notification Server (APNS). I use lib: JavaPNS.jar for sendings push messages to iDevices.
But, sometimes Push Notification doesn't work, I've found such error:
[16:35:40] Andrew Balakhanov: 2012-10-27 04:00:00,616 WARN
[com.notnoop.apns.internal.ApnsConnectionImpl] Failed to send message
com.notnoop.apns.EnhancedApnsNotification#af310b99... trying again
java.net.SocketException: Connection closed by remote host at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1339)
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:44)
at java.io.OutputStream.write(OutputStream.java:58) at
com.notnoop.apns.internal.ApnsConnectionImpl.sendMessage(ApnsConnectionImpl.java:161)
at
com.notnoop.apns.internal.ApnsServiceImpl.push(ApnsServiceImpl.java:46)
at
com.notnoop.apns.internal.AbstractApnsService.push(AbstractApnsService.java:52)
at
com.notnoop.apns.internal.ApnsServiceImpl.push(ApnsServiceImpl.java:36)
at com.clinics.core.api.util.APN.sendReminderAlert(APN.java:55) at
com.clinics.core.api.services.schedule.reminder.impl.ReminderSenderMobile.prepareAndSend(ReminderSenderMobile.java:190)
at
com.clinics.core.api.services.schedule.reminder.impl.ReminderSenderMobile.send(ReminderSenderMobile.java:132)
at
com.clinics.core.api.services.schedule.reminder.AbstractReminderFacade.generateAndSendReports(AbstractReminderFacade.java:53)
at
com.clinics.core.api.services.schedule.reminder.ReminderJob.doIt(ReminderJob.java:64)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597) at
org.springframework.util.MethodInvoker.invoke(MethodInvoker.java:273)
at
org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean$MethodInvokingJob.executeInternal(MethodInvokingJobDetailFactoryBean.java:264)
at
org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202) at
org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:525)
Could you please tell me, what the error means? Is it mean, that Apple server banned me, is it mean that I send too many requests to it?
The most likely cause of this error is that you are sending production tokens to the sandbox server or sandbox tokens to the production server.
I got this exact behavior today until I figured out I had signed my app with an Ad Hoc profile, which makes the app use the production push server for generating the token, while my server was talking to the sandbox push server.
This error could also appear when the payload is too long.
You can check by calling PayloadBuilder's isTooLong() function.
PayloadBuilder payload = APNS.newPayload();
// build your payload
if (payload.isTooLong())
{
// your payload is too long, a push() will result in the above exception
}
The problem I was facing was that the instructions I was using to generate my .p12 certificate file were incorrect. I ended up following the instructions from NWPusher and those worked for me.